Zero Day

High-risk flaw dings Google Chrome

Ryan Naraine — Fri, 06 Nov 2009 17:18:02 +0000

A "high-risk" flaw in Google Chrome presents a threat of arbitrary code execution.

Code execution hole in BlackBerry Desktop Manager

Ryan Naraine — Fri, 06 Nov 2009 15:33:03 +0000

Research in Motion (RIM) has shipped a patch to cover a gaping hole in its BlackBerry Desktop Manager software.

Windows 7's default UAC bypassed by 8 out of 10 malware samples

Dancho Danchev — Thu, 05 Nov 2009 21:33:23 +0000

8 out of 10 malware samples tested on Windows 7 with default UAC (user access control) settings don't trigger a warning.

Patch Tuesday heads-up: Critical MS Office patches coming

Ryan Naraine — Thu, 05 Nov 2009 21:11:20 +0000

Microsoft plans to release six security bulletins next week to fix at least 15 serious vulnerabilities that could expose Windows users to malicious hacker attacks.

Which antivirus is best at removing malware?

Dancho Danchev — Thu, 05 Nov 2009 20:14:19 +0000

According to a comparative review of sixteen antivirus solutions, only a few were successful at completely removing the malware they were tested against.

Adobe Shockwave haunted by critical security holes

Ryan Naraine — Tue, 03 Nov 2009 20:12:30 +0000

Adobe today released a patch to fix several serious security flaws in its Shockwave Player software. The most serious flaw could allow remote code execution attacks against Windows and Mac users.

iHacked: jailbroken iPhones compromised, $5 ransom demanded

Dancho Danchev — Tue, 03 Nov 2009 14:09:19 +0000

Yesterday, a “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your phone right now!” message popped up on the screens of a large number of automatically exploited Dutch iPhone users, demanding $4.95 for instructions on how to secure their iPhones and remove the message from appearing at startup. Through a combination [...]

Phishing experiment sneaks through all anti-spam filters

Dancho Danchev — Thu, 29 Oct 2009 21:16:57 +0000

A recently conducted ethical phishing (New study details the dynamics of successful phishing) experiment impersonating LinkedIn by mailing invitations coming from Bill Gates, has achieved a 100% success rate in bypassing the anti-spam filters it was tested against. The experiment emphasizes on how small-scale spear phishing campaigns are capable of bypassing anti-spam filters, and once again [...]

Spooky Halloween - scareware or crimeware?

Dancho Danchev — Thu, 29 Oct 2009 18:47:46 +0000

With all the “spooky” cybercrime trends taking place on a monthly basis, such as the death of CAPTCHA, the suspicious idleness of the Conficker botnet, the clear presence of government-tolerated and upcoming government-sponsored botnets, the inevitable migration from using malicious infrastructure to entirely relying on legitimate one, followed by the cyber terrorism myopia that cyber [...]

Opera browser dinged by code execution flaw

Ryan Naraine — Wed, 28 Oct 2009 16:18:59 +0000

Opera releases version 10.01 to fix three documented flaws, including a memory corruption issue that exposes users to code execution attacks.