WorldWar-E™

Google engineer Tavis Ormandy, a bug hunter known for finding kernel-level operating system coding errors, has released details about a serious zero-day vulnerability in Windows XP that could leave an open hole for a remote attacker.
The flaw is contained in the Windows Help and Support Center, a Web-based feature providing technical support to end users. [...] Read more »

Posted on June 17th, 2010 under Consumer Cyber Alert, Exploits & Hacks, Security News, Windows. Tags: Attacks, Coding Errors, cross-site scripting attack, Google, Implementation Error, Microsoft, Open Hole, Security, Security Flaw, Vulnerability, Windows, windows help flaw, Windows Xp, Zero Day. Comments: None

Apple’s Safari browser contains a critical, unpatched bug that attackers can use to infect Windows PCs with malicious code, researchers at US-CERT and other security firms said today.
Hackers could compromise PCs with simple “drive-by” attack tactics, researchers added.
The vulnerability, first reported by Danish vulnerability tracker Secunia and confirmed by the United States Computer Emergency Readiness [...] Read more »

Posted on May 18th, 2010 under Browsers, Consumer Cyber Alert. Tags: Computer Emergency Readiness, Gmail, Malicious Code, Safari Browser, United States Computer Emergency Readiness Team, Zero Day. Comments: None

Microsoft is scrambling to fix a bug in its SharePoint 2007 groupware after a Swiss firm abruptly released code that could be used in an attack.
The proof-of-concept code was released Wednesday, just over two weeks after security consultancy High-Tech Bridge says it disclosed the issue to Microsoft on April 12.
Although Microsoft hasn’t said much about [...] Read more »

Posted on May 14th, 2010 under Consumer Cyber Alert, Security News. Tags: Attackers, Microsoft, Security Advisory, Sensitive Data, sharepoint 2007, sharepoint 2007 flaw, sharepoint 2007 vulnerability, Zero Day. Comments: None

Most businesses are defenseless against the types of attacks that recently hit Google and at least 33 other companies, according to a report to be published Monday that estimates the actual number of targeted companies could top 100.
The attackers behind the cyber assault dubbed Aurora patiently stalked their hand-chosen victims over a matter of months [...] Read more »

Posted on May 8th, 2010 under Consumer Cyber Alert, Cyber Crime, Exploits & Hacks, Hacking & Cracking, Security News. Tags: Anti Virus, Attackers, Aurora, Corporate Networks, Cybersecurity, Exploits, Information Security, Virus Programs, Zero Day. Comments: None

The stories about Adobe software keep coming, and the news hasn’t been good. Critical bugs in Reader and Flash have come under real-world, zero-day attacks so many times in the past year that the exploits almost seem routine.
Security researchers such as Mike Bailey, Dan Kaminsky and Jeremiah Grossman and Robert “RSnake” Hansen have been exposing [...] Read more »

Posted on April 10th, 2010 under Adobe, Cyber War Insights, Exploits & Hacks. Tags: Adobe Software, bugged, Critical Bugs, Dangerous Defects, Development Practices, Holes, Safety Net, Security, Security Bugs, Vulnerability, Zero Day. Comments: None

Microsoft announced it will issue an emergency security update for Internet Explorer (IE) to patch a zero-day vulnerability that has been used to launch drive-by attacks for at least several weeks.
Tuesday’s update will be the second out-of-band update — Microsoft’s term for one outside its normal once-each-month Patch Tuesday — in the last three months. [...] Read more »

Posted on March 29th, 2010 under Browsers, Exploits & Hacks. Tags: Emergency Security, Hackers, Holes, IE holes, Ie7, Internet Explorer 7, Security Patch, Vulnerability, Zero Day. Comments: None

A researcher has unearthed a bug in software used to install Adobe’s ubiquitous Reader and Flash applications that can be exploited to remotely install malicious files on end user PCs.
The Adobe Download Manager is an ActiveX script that is invoked when people install or update Reader or Flash using Internet Explorer. Researcher Aviv Raff has [...] Read more »

Posted on March 24th, 2010 under Adobe, Exploits & Hacks. Tags: Activex Script, Adobe Download Manager, Adobe Flash, Adobe Flash Player, Adobe Reader, Anti Malware Programs, Design Flaw, Installing Software, Internet Explorer, Malicious Attackers, Malicious Code, Malicious Files, Using Internet, Zero Day. Comments: None

Description of the attack
 
McAfee Labs identified a zero-day vulnerability in Microsoft Internet Explorer that was used as an entry point for “Operation Aurora” to exploit Google and a rapidly-growing list of other companies. Microsoft has issued a security bulletin and McAfee is working closely with them on this matter. “Operation Aurora” was a coordinated attack [...] Read more »

Posted on February 25th, 2010 under Browsers, Security News, Virus & Malware. Tags: Aurora, Company Intellectual Property, Computer Code, Computer Systems, Google, Internet Explorer, Malicious Web, Malware, Mcafee, Microsoft, Real Time, Remote Server, Security Bulletin, Time Detection, User Accounts, Vulnerability, Web Page, Zero Day. Comments: None

An annual hacking contest that has made mincemeat of security on both Mac and Windows computers will set its sights on smartphones and browsers with as much as $100,000 in awards next month.
Now in its fourth year, the Pwn2Own competition will award $60,000 for exploits that successfully penetrate Apple’s iPhone 3GS, Research in Motion’s Blackberry [...] Read more »

Posted on February 20th, 2010 under Browsers, Consumer Cyber Alert, Cyber Security, Exploits & Hacks, Security News, Smartphones, iPod/iPhone. Tags: Attackers, Code Execution, Exploits, Fourth Year, Google, Hacking & Cracking, Hacks Hacking, Iphone, Mincemeat, Mobile Attack, Motorola Phone, Portnoy, Remuneration, Research In Motion, Security Firm, Security Issues, Smart Phones, Smartphones, Tippingpoint, Windows Computers, Zero Day. Comments: None