Online Security, Safety, Tips, Compliance, Standard
Security News
Adobe Security Updates
Dec 14th
Adobe has shipped a critical Flash Player update to fix at least seven documented security vulnerabilities that expose nearly every computer user to dangerous hacker attacks. The Flash Player 10.0.42.34 update is available for all platforms (Windows, Linux and Mac OS X). A new version off Adobe AIR is also available. Here are the raw
78% of most popular HTTPS are still vulnerable
Dec 4th
According to Netcraft, 76% of most popular HTTPS websites in the world are vulnerable to TLS renegotiation flaw. See the full report below 24 of the 100 most popular HTTPS websites appear to be safe from the recently documented TLS renegotiation flaws. Meanwhile, the other 76 sites are still vulnerable to renegotiation attacks, which allow
FreeBSD local r00t zeroday
Dec 3rd
If you are a FreeBSD user then it’s patch time as a new exploit is published which gives attackers root access to machines. The flaw affects versions 8.0 and 7.1 of FreeBSD. The researcher, Kingcope, has posted an explanation of the flaw on the Full Disclosure mailing list: The bug resides in the Run-Time Link-Editor
Critical IE 7 Vulnerability
Dec 2nd
The vulnerability could be used in malware attacks to take complete control of a Windows machine running IE 6 or IE 7, according to an advisory issued over the weekend. Here’s the gist of the problem: A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by attackers to compromise a vulnerable
Google Chrome OS – New security standard in Operating System?
Nov 23rd
Here’s how Google plans to harden the OS to reduce the likelihood of successful attack and reduces the usefulness of successful user-level exploits. 1) Process sandboxing o Mandatory access control implementation that limits resource, process, and kernel interactions o Control group device filtering and resource abuse constraint o Chrooting and process namespacing for reducing resource
Scareware – a new gadget for pawning
Nov 19th
Security researchers have detected a massive blackhat SEO (search engine optimization) campaign consisting of over 200,000 compromised web sites, all redirecting to fake security software (Inst_58s6.exe), commonly referred to as scareware. More details on the campaign: The compromised sites are using legitimately looking templates using automatically generated bogus content, with a tiny css.js (Trojan-Downloader.JS.FraudLoad) uploaded
Exploit comfirmed after 21 days released of Windows 7
Nov 17th
Windows 7 was officially lunch on 22 Oct 2009 with a tag line “Most SECURE OS EVER“, only after 21 day of it’s released date exploit code for the vulnerability was published by researcher Laurent Gaffié after failed attempts to get Microsoft’s security response center to acknowledge that this was an issue that needs to
INSECURE Windows 7 is prone to Malware Attack
Nov 10th
A recently conducted test by malware researchers reveals that eight out of ten malware samples used in the test, successfully bypassed Windows 7’s default UAC (user access control) settings. The findings were also confirmed by a separate test done by another company, with an emphasis on how one of the most popular scareware variants bypassed
Clickjacking
Nov 6th
Clickjacking refers to stealing a user click on a web site to do something that the user wouldn’t intentionally do. Javascript anyone? Every good programmer knows how to use a click that triggers a Javascript Event. Almost everything can be done with that triggered event. This is the reason people deactivate the Javascript function in
£850,000 a year, new technique – SCAREWARE
Nov 5th
Cybercriminals are earning as much as £858,000 a year out of scareware, said Symantec. Scareware, which is also known as fake antivirus, is a ploy by cybercriminals to get web users to download dodgy programs using realistic messages and pop-ups warning of fake malware infections. Web users are scared into purchasing the bogus security software