ZDNet Must Read:
Microsoft confirms 'detailed' Windows 7 exploit
Microsoft has issued a security advisory to acknowledge a crippling denial-of-service flaw affecting its newest operating systems -- Windows 7 and Windows Server 2008 R2.... Continued »
Category: Data theft
November 23rd, 2009
Opera patches 'extremely severe' security hole
Opera has shipped a new version of its browser to fix three security vulnerabilities, one rated “extremely severe.”
The most serious flaw could allow a malicious attacker to take complete control of a system, Opera said in an advisory. Read the rest of this entry »
November 23rd, 2009
Exploit published for critical IE 7 zero-day flaw
Exploit code for a critical (remotely exploitable) vulnerability in Microsoft’s Internet Explorer 7 browser has been released on the Internet, prompting a new round “upgrade now!” warnings from computer security experts.
The vulnerability could be used in malware attacks to take complete control of a Windows machine running IE 6 or IE 7, according to an advisory issued over the weekend. Read the rest of this entry »
November 19th, 2009
Inside the Google Chrome OS security model
Google plans to use a combination of system hardening, process isolation, verified boot, secure auto-update and encryption to thwart malicious hackers from planting malware on its new Google Chrome OS. Read the rest of this entry »
November 19th, 2009
Microsoft finds security hole in Google Chrome Frame
Back in September, when Google launched the Google Chrome Frame plug-in for Internet Explorer users, Microsoft immediately warned that the move would increase the attack surface and make IE users less secure.
Now comes word that a security researcher in the Microsoft Vulnerability Research (MSVR) has discovered a “high risk” security vulnerability that could allow an attacker to bypass cross-origin protections. Read the rest of this entry »
November 11th, 2009
Apple Safari exposes Windows to drive-by download attacks
Apple today shipped Safari 4.0.4 to fix a total of seven security flaws that expose Windows and Mac users to a wide range of malicious hacker attacks.
The high-priority update patches vulnerabilities that allow remote code execution (drive-by downloads) if a user simply surfs to a maliciously rigged Web site. Some of the issues affect Microsoft’s new Windows 7 operating system.
Read the rest of this entry »
November 10th, 2009
Adobe plugs security hole in Photoshop Elements
Adobe has shipped a patch to cover a security vulnerability affecting its Photoshop Elements software product.
The flaw, rated moderate, affects Adobe Photoshop Elements versions 8.0 and 7.0. It could be exploited by a hacker with valid login credentials and/or physical access to execute arbitrary commands with elevated privileges. Read the rest of this entry »
November 10th, 2009
Microsoft patches Windows worm holes, drive-by download flaws
As part of its scheduled batch of patches for November, Microsoft today issued six security bulletins with fixes for a total of 15 vulnerabilities affecting its Windows and Office product lines.
Three of the six bulletins are rated “critical,” meaning they can be used to launch remote code execution or worm attacks without any user action. One of the Windows vulnerabilities could expose users to drive-by malware attacks via the browser, Microsoft warned.
November 10th, 2009
Major online ad site hacked, serving up exploit cocktail
A high-profile online advertising Web site has been hacked and rigged to serve multiple exploits to Microsoft Windows users surfing the net with unpatched third party desktop software.
According to a warning issued by Websense Security Labs, the malicious code was found on media-servers.net, which is described as a high-profile advertiser on the Internet realm. The site has been firing an assortment of exploits for several months, including exploits for vulnerabilities in Microsoft DirectShow and Adobe PDF Reader. Read the rest of this entry »
November 10th, 2009
Why is Apple meddling with my Windows AutoRun?
Guest editorial by Costin Raiu
In every system designed by man, there is always a balance between features, usability and security. While designing pretty, easy to use and secure systems is possible, quite often this is not what the users get, or worse, this is not what the users want.
The most popular example of this applies to Apple. Focusing on eye-catching designs and easy to use products, Apple is listed in almost every marketing book as a success story.
Interestingly, maybe their second most popular software product, Mac OS X (after iTunes) represents a curious blend between eye-catching, easy to use, flexible, usable and decently secure, modern operating system. Please notice how I avoided saying “secure” and instead, wrote “decently secure”. Read the rest of this entry »
November 9th, 2009
Mac OS X mega patch covers 58 security vulnerabilities
Apple has dropped another mega-patch to cover a total of 58 documented vulnerabilities affecting the Mac OS X ecosystem.
The majority of the flaws could allow a remote attacker to gain complete control of an unpatched system, meaning that this update carries an “extremely critical rating.” Read the rest of this entry »
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
SponsoredWhite Papers, Webcasts, and Downloads
- Email Security and Archiving - Clearer in the Cloud Google The time is NOW for businesses and organizations of all sizes to implement ... Download Now
- The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
- VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the costs of maintain ever larger data centers?or building ... Download Now
Recent Entries
- Opera patches ‘extremely severe’ security hole
- Exploit published for critical IE 7 zero-day flaw
- Inside the Google Chrome OS security model
- Microsoft finds security hole in Google Chrome Frame
- Mozilla locks out rogue Firefox add-ons
Blogs From Our Sponsors
Most Popular Posts
- Microsoft confirms 'detailed' Windows 7 exploit
- Thousands of web sites compromised, redirect to scareware
- Windows 7's default UAC bypassed by 8 out of 10 malware samples
- Which antivirus is best at removing malware?
- Mac OS X mega patch covers 58 security vulnerabilities
- Microsoft patches Windows worm holes, drive-by download flaws
Top Rated
- Facebook password-reset spam is Bredolab botnet attack+46 votes
- Thousands of web sites compromised, redirect to scareware+43 votes
- Microsoft confirms 'detailed' Windows 7 exploit+43 votes
- Firefox hit by multiple drive-by download flaws+41 votes
- Which antivirus is best at removing malware?+39 votes
- iHacked: jailbroken iPhones compromised, $5 ransom demanded+32 votes
- New LoroBot ransomware encrypts files, demands $100 for decryption+28 votes
- Mac OS X mega patch covers 58 security vulnerabilities+26 votes
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Save time with automated shipping solutions
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Visit the UPS Business Essentials Guide
- The more you simplify, the more you save
-
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
- Learn more >>
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
Archives
Favorite Links
ZDNet Blogs
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- On Sustainability
- Rational Rants
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Technology and the Global Supply Chain
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
White Papers, Webcasts, and Downloads
- The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
- Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
- Unrivaled support from Novell, now available for Red Hat Novell If Linux is going to power your mission-critical applications, you'd ... Download Now
Popular Sanity Saver Videos
