ZDNet Must Read:
Which AV is best at removing malware?
Detecting the presence of malicious code is one thing, successfully eradicating it is entirely another.... Continued »
November 6th, 2009
High-risk flaw dings Google Chrome
Google has pushed out a Chrome browser update to fix a pair of security vulnerabilities that expose uses to malicious hacker attacks.
One of the flaws carry a “high-risk” rating because of the threat of arbitrary code execution. Read the rest of this entry »
November 6th, 2009
Code execution hole in BlackBerry Desktop Manager
Research in Motion (RIM) has shipped a patch to cover a gaping hole in its BlackBerry Desktop Manager software.
The vulnerability, which exists in a Lotus Notes Intellisync DLL that the BlackBerry Desktop Manager uses, allows a malicious user to perform an attack that leverages social engineering to achieve remote code execution on the computer running the BlackBerry Desktop Manager. Read the rest of this entry »
November 5th, 2009
Windows 7's default UAC bypassed by 8 out of 10 malware samples
A recently conducted test by malware researchers reveals that eight out of ten malware samples used in the test, successfully bypassed Windows 7’s default UAC (user access control) settings. The findings were also confirmed by a separate test done by another company, with an emphasis on how one of the most popular scareware variants bypassed Windows 7’s default UAC’s settings as well.
November 5th, 2009
Patch Tuesday heads-up: Critical MS Office patches coming
Microsoft plans to release six security bulletins next Tuesday November 10 to fix at least 15 serious vulnerabilities that could expose Windows users to malicious hacker attacks.
According to Microsoft’s advance notice for this month’s Patch Tuesday, the updates will address gaping holes in the Windows operating system and the Microsoft Office productivity suite. Read the rest of this entry »
November 5th, 2009
Which antivirus is best at removing malware?
Detecting the presence of malicious code is one thing, successfully eradicating it is entirely another.
According to AV-Comparatives.org’s recently released malware removal test evaluating the effectiveness of sixteen antivirus solutions, only a few were able to meet their criteria of not only removing the FakeAV, Vundo, Rustock and ZBot(Zeus) samples they were tested against, but also getting rid of the potentially dangerous “leftovers” from the infection.
More info on the tested antivirus solutions , and how they scored:
November 3rd, 2009
Adobe Shockwave haunted by critical security holes
Adobe today released a patch to fix several serious security flaws in its Shockwave Player software.
The update, which is rated “critical,” addresses a total of five documented vulnerabilities. The most serious flaw could allow remote code execution attacks against Windows and Mac users. Read the rest of this entry »
November 3rd, 2009
iHacked: jailbroken iPhones compromised, $5 ransom demanded
Yesterday, a “Your iPhone’s been hacked because it’s really insecure! Please visit doiop.com/iHacked and secure your phone right now!” message popped up on the screens of a large number of automatically exploited Dutch iPhone users, demanding $4.95 for instructions on how to secure their iPhones and remove the message from appearing at startup.
Through a combination of port scanning and OS fingerprinting of T-Mobile’s 3G IP range, a Dutch teenager has for the first time automatically exploited a known security vulnerability introduced on jailbroken iPhones - the SSH daemon which unless modified remains running with default users root and mobile, using the same password on each and every device.
Here’s what he demanded, and how he changed his attitude following the suspension of his PayPal and the spamvertised URL:
October 29th, 2009
Phishing experiment sneaks through all anti-spam filters
A recently conducted ethical phishing (New study details the dynamics of successful phishing) experiment impersonating LinkedIn by mailing invitations coming from Bill Gates, has achieved a 100% success rate in bypassing the anti-spam filters it was tested against.
The experiment emphasizes on how small-scale spear phishing campaigns are capable of bypassing anti-spam filters, and once again proves that users continue interacting with phishing emails.
More info on the methodology used:
October 29th, 2009
Spooky Halloween - scareware or crimeware?
With all the “spooky” cybercrime trends taking place on a monthly basis, such as the death of CAPTCHA, the suspicious idleness of the Conficker botnet, the clear presence of government-tolerated and upcoming government-sponsored botnets, the inevitable migration from using malicious infrastructure to entirely relying on legitimate one, followed by the cyber terrorism myopia that cyber terrorists still need years to build advanced cyber warfare capabilities, totally excluding outsourcing as a factor for gaining competitive advantage from the big picture, I’m literally having hard time deciding which one deserves most attention.
Whatever the cybercrime tactics, the main objective for the key ‘market players’ remains the same - monetization. Which prompts this year’s Halloween question - scareware (trick) or crimeware (treat)?
October 28th, 2009
Opera browser dinged by code execution flaw
Mozilla isn’t the only alternative browser maker struggling with serious security problems.
On the same day Mozilla shipped a Firefox update to fix multiple critical vulnerabilities, Opera dropped a major patch to fix three documented flaws, including a memory corruption issue that exposes users to code execution attacks. Read the rest of this entry »
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
SponsoredWhite Papers, Webcasts, and Downloads
- Email Security and Archiving - Clearer in the Cloud Google The time is NOW for businesses and organizations of all sizes to implement ... Download Now
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
- The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
Recent Entries
- High-risk flaw dings Google Chrome
- Code execution hole in BlackBerry Desktop Manager
- Windows 7’s default UAC bypassed by 8 out of 10 malware samples
- Patch Tuesday heads-up: Critical MS Office patches coming
- Which antivirus is best at removing malware?
Most Popular Posts
- Facebook password-reset spam is Bredolab botnet attack
- Firefox hit by multiple drive-by download flaws
- Phishing experiment sneaks through all anti-spam filters
- Gaping security hole in Time Warner cable routers
- iHacked: jailbroken iPhones compromised, $5 ransom demanded
- New LoroBot ransomware encrypts files, demands $100 for decryption
Top Rated
- Microsoft exposes Firefox users to drive-by malware downloads+84 votes
- Facebook password-reset spam is Bredolab botnet attack+45 votes
- Firefox hit by multiple drive-by download flaws+39 votes
- Gaping security hole in Time Warner cable routers+37 votes
- Which antivirus is best at removing malware?+34 votes
- iHacked: jailbroken iPhones compromised, $5 ransom demanded+32 votes
- New LoroBot ransomware encrypts files, demands $100 for decryption+27 votes
- Phishing experiment sneaks through all anti-spam filters+25 votes
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
Archives
Favorite Links
ZDNet Blogs
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- On Sustainability
- Rational Rants
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Technology and the Global Supply Chain
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
White Papers, Webcasts, and Downloads
- Key Strategies for Federal Agencies - Safe and Cost Effective Migration for Legacy Hardware GovConnection The federal government has mandated that federal agencies reduce energy ... Download Now
- Email Security and Archiving - Clearer in the Cloud Google The time is NOW for businesses and organizations of all sizes to implement ... Download Now
- Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
Meet Doc
-
-
Here to help you with your Document Management Needs
- Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
- To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
-
Produced by
ZDNet and -
