Microsoft's recent Patch Tuesday addressed a remote code execution vulnerability affecting the Windows Presentation Foundation (WPF) hosting process. Mozilla acted to protect its users by adding the Windows Presentation Foundation plug-in for Firefox to its blocklist, along with the .NET Framework Assistant extension. With Service Pack 1 update for Microsoft .NET Framework 3.5, released back in August 2008, Microsoft also added ClickOnce support for Firefox in the form of a Firefox extension called Microsoft .NET Framework Assistant. A related Windows Presentation Foundation plug-in has also been installed in the browser to support ot... [read more >>] Adobe has released its second quarterly security update, which addresses 29 vulnerabilities in its Reader and Acrobat products. Exploitation of the majority of these flaws could result in arbitrary code execution and one of them is already being actively targeted in Web attacks since last week.On October 8, Adobe announced that an unpatched vulnerability affecting the latest versions of Adobe Reader and Acrobat was being exploited in the wild via maliciously crafted PDF files. This flaw, identified as CVE-2009-3459, has now been patched in the newly released Adobe Reader/Acrobat 9.2.0, 1.8.7 and 7.1.4, respectively.Ten other confirmed arbit... [read more >>] Two weeks after Moxie Marlinspikes and Dan Kaminsky revealed null byte SSL exploits in Mozilla software, the recent security update from the Thunderbird crew comes to completely fix Mozilla's SSL certificate handling problems. Previous security updates patched the Firefox browser (3.5.2 and 3.0.13), and can be found here. With the disclosures made by Kaminsky and Marlinspikes at the Black Hat convention at the end of July, security experts at Mozilla went into high gear to fix the loopholes left in SSL certificate handling. It seemed that, previously, an attacker could have passed a null argument to an SSL certificate to trick Thunder... [read more >>] A recent study has shown that modern antivirus pieces of software successfully protect computers in less that 50% of virus attacks. This concept is what has pushed industry veterans like Oliver Friedrichs (former Director at Symantec) and Alfred Huger (former McAfee and Symantec executive) to form a new company that deals with present-day threats in a new and improved way. The two have founded the Immunet Corporation, which has recently launched its first product, Immunet Protect, a cloud-based antivirus. After the first attempt in community security by Prevx, with a concept that revolved around the collaboration between computers after de... [read more >>] Adobe Inc. published on the 17th of August 2009 several security fixes for the ColdFusion web design and development platform and also for the web servlet engine JRun. The updates were labeled as critical and resolved several cross-site scripting vulnerabilities that could have compromised and exposed account information. Seven fixes were issued to tackle XSS problems for the ColdFusion 8.0.1, ColdFusion 8.0, ColdFusion 7.02 and JRun 4.0 platforms. Exploiting these loopholes, attackers could have created evil links and stolen administrative cookies and other sensitive data using multiple linked XSS and XSRF vulnerabilities. This would have... [read more >>] After the release of the new 2.8.3 security update, WordPress faces a dangerous vulnerability that can lock out blog owners from their admin account. Using the online password reset function, hackers can remotely reset the admin password.This issue was first reported by Laurent Gaffie on August 11 in a mailing list for Grok. WordPress developers have already been informed and a solution was incorporated in a development version of WordPress.In a standard situation, for a user to recuperate their password, they will first need to request it via the “Reset password” link. The user will then receive, on the registered email ac... [read more >>] Three SSL implementation vulnerabilities, some of which were publicly disclosed during the Black Hat security conference, have been addressed in the new Mozilla Firefox 3.5.2 and 3.0.13 versions. Patches for Thunderbird and SeaMonkey, which are also vulnerable, will be released at a later date. The Black Hat Briefings security conference that took place in Las Vegas last week brought together some of the best minds in the security industry, who shared their latest findings. Reputed security researchers Dan Kaminsky and Moxie Marlinspike independently presented an SSL certificate flaw, which could compromise secure SSL-enabled communication... [read more >>] Adobe has shipped the much-awaited updates for its Flash Player and AIR products that fix a considerable number of critical vulnerabilities, some of which are actively being exploited in the wild. Patches for Adobe Reader and Acrobat are also scheduled for release today. This past month has not been an easy one for Adobe's security team. On July 22nd, security researchers reported that a zero-day Flash Player vulnerability was being exploited in the wild to infect computers with malware. It was soon determined that Adobe Reader and Acrobat were also vulnerable, because of their ability to play flash streams embedded into PDF files. A... [read more >>] Thirty seven security researchers, professionals, privacy advocates and academics have sent a letter to Google's CEO, Eric Schmidt, asking him to consider encrypting all connections to Gmail, Google Docs and Google Calendar by default. Google has openly replied that it is considering such an implementation and will start tests on small groups of users. Hypertext Transfer Protocol Secure (HTTPS) refers to HTTP connections that benefit from a form of encryption. This protocol has been supported by all major browsers since as far back as 1994, and Google already enforces it in order to protect sensitive data passing through Google Voice,... [read more >>] Security researchers from the Honeynet Project have developed a simple proof-of-concept network scanner that is able to identify machines infected with the infamous Conficker worm. The tool leverages a weakness in the worm's own patch for the Windows vulnerability it uses to get in. Conficker is one of the most complex and widespread worms in the history of the Internet. It has infected millions of computers worldwide – up to 12 million, according to some accounts – and spreads from computer to computer by copying itself to removable storage devices and network shares or brute-forcing administration passwords. However, t... [read more >>] | 
RSS
