ZDNet Must Read:
Apple Safari exposes Windows to drive-by attacks
Apple ships a high-priority update with patches for vulnerabilities that allow remote code execution (drive-by downloads) if a user simply surfs to a maliciously rigged Web site. Some of the... Continued »
Category: Browsers
November 19th, 2009
Inside the Google Chrome OS security model
Google plans to use a combination of system hardening, process isolation, verified boot, secure auto-update and encryption to thwart malicious hackers from planting malware on its new Google Chrome OS. Read the rest of this entry »
November 19th, 2009
Microsoft finds security hole in Google Chrome Frame
Back in September, when Google launched the Google Chrome Frame plug-in for Internet Explorer users, Microsoft immediately warned that the move would increase the attack surface and make IE users less secure.
Now comes word that a security researcher in the Microsoft Vulnerability Research (MSVR) has discovered a “high risk” security vulnerability that could allow an attacker to bypass cross-origin protections. Read the rest of this entry »
November 18th, 2009
Mozilla locks out rogue Firefox add-ons
Mozilla has made a significant tweak to this Firefox 3.6 code base to block rogue add-ons from loading in the browser’s application components directory.
This will most certainly block developers and software vendors from silently installing Firefox add-ons without explicit user permission. It will also significantly reduce browser crashes linked to third-party add-ons, Mozilla said. Read the rest of this entry »
November 17th, 2009
Thousands of web sites compromised, redirect to scareware
Updated: Thursday, November 19 - According to eSoft who contacted me, they’ve been monitoring the campaign since September, with another 720,000 affected sites back then.
There are now over a million affected sites serving scareware, with only a small percentage of them currently marked as harmful. Google has been notified. As always, NoScript and your decent situational awareness are your best friends.
Security researchers have detected a massive blackhat SEO (search engine optimization) campaign consisting of over 200,000 compromised web sites, all redirecting to fake security software (Inst_58s6.exe), commonly referred to as scareware.
More details on the campaign:
November 16th, 2009
Microsoft confirms 'detailed' Windows 7 exploit
Microsoft has issued a security advisory to acknowledge a crippling denial-of-service flaw affecting its newest operating systems — Windows 7 and Windows Server 2008 R2.
Exploit code for the vulnerability was released by researcher Read the rest of this entry »
November 13th, 2009
Man-in-the-middle attacks demoed on 4 smartphones
Security researchers from SMobile Systems have released a paper detailing successful man-in-the-middle attacks against several smartphones.
The SSL enabled log in sessions on the tested, Nokia N95, HTC Tilt, Android G1 and iPhone 3GS devices was sniffed using the publicly available SSLstrip tool, with the attack taking place over insecure Wi-Fi network, now prevalent literally everywhere.
Here’s the scenario they used, and possible mitigation approaches:
November 12th, 2009
Microsoft bracing for malware attacks from embedded fonts
Heads up to all Microsoft Windows users: If you’re running Windows 2000, Windows XP or Windows Server 2003, stop what you’re doing and immediately download and apply the MS09-065 update released earlier this week.
Security researchers say it’s only a matter of time — days not weeks — before malicious hackers start exploiting one of the vulnerabilities via booby-trapped Web pages or Office (Word or PowerPoint) documents.
November 11th, 2009
Apple Safari exposes Windows to drive-by download attacks
Apple today shipped Safari 4.0.4 to fix a total of seven security flaws that expose Windows and Mac users to a wide range of malicious hacker attacks.
The high-priority update patches vulnerabilities that allow remote code execution (drive-by downloads) if a user simply surfs to a maliciously rigged Web site. Some of the issues affect Microsoft’s new Windows 7 operating system.
Read the rest of this entry »
November 10th, 2009
Adobe plugs security hole in Photoshop Elements
Adobe has shipped a patch to cover a security vulnerability affecting its Photoshop Elements software product.
The flaw, rated moderate, affects Adobe Photoshop Elements versions 8.0 and 7.0. It could be exploited by a hacker with valid login credentials and/or physical access to execute arbitrary commands with elevated privileges. Read the rest of this entry »
November 10th, 2009
Commercial spying app for Android devices released
A well known commercial provider of spyware applications for numerous mobile platforms, has recently ported its Mobile Spy app to the Android mobile OS.
Just like previous releases of the application, the Android version keeps a detailed log of GPS locations, calls, visited URLs, and incoming/outgoing SMS messages, available at the disposal of the attacker who installed it manually by obtaining physical access to the targeted device.
More details:
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog. See his full profile and disclosure of his industry affiliations.
Subscribe to Zero Day via Email alerts or RSS.
SponsoredWhite Papers, Webcasts, and Downloads
- Unrivaled support from Novell, now available for Red Hat Novell If Linux is going to power your mission-critical applications, you'd ... Download Now
- Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
- The True Costs of Virtual Server Solutions VMware In an economic environment that is repeatedly heralding the message "do ... Download Now
Essential Topics 
Recent Entries
- Inside the Google Chrome OS security model
- Microsoft finds security hole in Google Chrome Frame
- Mozilla locks out rogue Firefox add-ons
- Thousands of web sites compromised, redirect to scareware
- Microsoft confirms ‘detailed’ Windows 7 exploit
Blogs From Our Sponsors
Most Popular Posts
- Which antivirus is best at removing malware?
- Microsoft confirms 'detailed' Windows 7 exploit
- Thousands of web sites compromised, redirect to scareware
- Windows 7's default UAC bypassed by 8 out of 10 malware samples
- Mac OS X mega patch covers 58 security vulnerabilities
- Microsoft patches Windows worm holes, drive-by download flaws
Top Rated
- Facebook password-reset spam is Bredolab botnet attack+46 votes
- Thousands of web sites compromised, redirect to scareware+44 votes
- Microsoft confirms 'detailed' Windows 7 exploit+43 votes
- Firefox hit by multiple drive-by download flaws+41 votes
- Which antivirus is best at removing malware?+39 votes
- iHacked: jailbroken iPhones compromised, $5 ransom demanded+32 votes
- New LoroBot ransomware encrypts files, demands $100 for decryption+28 votes
- Mac OS X mega patch covers 58 security vulnerabilities+26 votes
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- The more you simplify, the more you save
-
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
- Learn more >>
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
Archives
Favorite Links
ZDNet Blogs
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- On Sustainability
- Rational Rants
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Technology and the Global Supply Chain
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
White Papers, Webcasts, and Downloads
- Email Security and Archiving - Clearer in the Cloud Google The time is NOW for businesses and organizations of all sizes to implement ... Download Now
- Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
- Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now
Popular Sanity Saver Videos
