Patch Management

Security expert wants feds to recruit volunteer pen testers

Dan Kaplan June 18, 2009

One respected security researcher wants to legalize the hacking of federal government and military websites -- and he wants everyone to hear him out.
 

"Nine-Ball" mass injection attack compromised 40,000 sites

Angela Moscaritolo June 17, 2009

A new threat dubbed "Nine-Ball" has compromised up to 40,000 legitimate websites that are now infecting users with an information-stealing trojan, according to security vendor Websense.
 

Researcher plans to unveil a month of Twitter bugs in July

Dan Kaplan June 16, 2009

A security researcher plans to raise awareness about how third-party developer sites can be exploited to abuse social networking sites, namely Twitter.
 

Apple releases Java fixes

Dan Kaplan June 16, 2009

Apple on Monday shipped fixes for multiple vulnerabilities in Java for Mac OS X 10.4 and 10.5. Included was a patch for a gaping hole for which security researcher Landon Fuller recently published a proof-of-concept. Fuller was trying to push Apple to release the updates after Sun, the maker of Java, already plugged the holes months ago. The most serious of the vulnerabilities patched Monday could enable an attacker to infect users who simply visit a website hosting a malicious Java applet. — DK
 

Mozilla releases security fixes for Firefox

Chuck Miller June 12, 2009

The Firefox web browser has been patched for security flaws, four of which were identified as "critical" by Mozilla.
 

Adobe patches Reader and Acrobat for "critical" vulnerabilities

Chuck Miller June 09, 2009

In the first of its regular security updates, Adobe on Tuesday patched several "critical" vulnerabilities it has identified in Adobe Reader 9.1.1 and Acrobat 9.1.1, and earlier.
 

Microsoft serves up 10 patches, including IIS and IE fixes

Dan Kaplan June 09, 2009

Microsoft on Tuesday pushed out 10 patches to correct an array of issues, many of which could result in malicious code to be executed.
 

New Safari 4.0 fixes more than 50 vulnerabilities

Angela Moscaritolo June 09, 2009

Apple on Monday released web browser Safari 4.0, which contains fixes for more than 50 vulnerabilities.
 

Adobe fixes come Tuesday

Dan Kaplan June 05, 2009

Adobe's first-ever quarterly patch update is planned for Tuesday. The company announced Thursday that it expects to issue patches then for its Reader and Acrobat versions 7, 8 and 9. The move to scheduled updates comes in response to criticism Adobe received earlier this year when it took several months to fix a major zero-day PDF vulnerability in its software. Tuesday's release — and each one after — will coincide with Microsoft's monthly security update. — DK
 

Microsoft readies 10 patches for next week

Dan Kaplan June 04, 2009

Microsoft next week plans to push out 10 patches, six graded "critical" by the software giant.
 

Apple patches QuickTime for 10 security holes

Dan Kaplan June 01, 2009

Apple on Monday released an updated version of its popular QuickTime software.
 

"Beladen" website compromises cropping up

Angela Moscaritolo June 01, 2009

A mass injection attack similar but unrelated to Gumblar has infected more than 40,000 websites, according to new research from Websense.
 

VMware fixes security bugs

Chuck Miller May 29, 2009

VMware has released fixes for multiple vulnerabilities in several of its products, including VMware Workstation, Player, ACE, Server, Fusion, ESX and ESXi. One of the vulnerabilities was caused by an error in the VMware Descheduled Time Accounting driver, which could open a way for hackers to launch a denial-of-service attack in Windows-based virtual machines. Another vulnerability identified by VMware could have enabled an attacker to execute arbitrary code. — CAM
 

New Windows zero-day

Chuck Miller May 28, 2009

Microsoft on Thursday issued a security advisory for a new vulnerability in DirectX, used on Windows to enable graphics and sound, that could enable a remote hacker to execute arbitrary code if users open specially crafted QuickTime files. Microsoft said that it was aware of active attacks using exploit code for the vulnerability. Windows 2000 (SP4), Windows XP, and Windows Server 2003 are vulnerable; all versions of Windows Vista and Windows Server 2008 are not. — CAM
 

BlackBerry patches PDF flaws

Angela Moscaritolo May 27, 2009

Research In Motion on Tuesday issued a security software update to address multiple vulnerabilities that exist in the PDF Distiller of the BlackBerry Attachment Service component in BlackBerry Enterprise Server. Because of these vulnerabilities, an attacker could create a malicious PDF file, which when opened on a BlackBerry smartphone, could corrupt memory or execute arbitrary code on the computer that hosts the BlackBerry Attachment Service, RIM said in its advisory. — AM
 

Microsoft releases Vista SP2 to the public

Chuck Miller May 26, 2009

The latest service packs (SP2) for Windows Vista and Windows Server 2008 have been released to manufacturing and are now publically available as standalone installers.
 

Office of U.S. Marshals infected by Neeris virus

Angela Moscaritolo May 22, 2009

The office of U.S. Marshals was infected with a computer virus on Thursday that was able to infiltrate their computer network because the federal law enforcement agency was running an out-of-date anti-malware solution.
 

Conficker attempting to infect 50,000 per day

Angela Moscaritolo May 21, 2009

Publicity around the Conficker worm has been relatively quiet for the past month, but security researchers say it hasn't gone dormant.
 

GAO report finds security lagging at federal agencies

Dan Kaplan May 21, 2009

Federal agencies continue to be lax in their implementation of information security programs, according to a new report from the Government Accountability Office.
 

Adobe to issue scheduled patches, invest more in code review

Dan Kaplan May 20, 2009

Adobe, responding to widespread industry criticism that it was not effectively reacting to issues, unveiled on Wednesday a new approach to securing code and patching flaws.
 

Researcher publishes Java proof-of-concept to urge Apple action

Dan Kaplan May 19, 2009

Calling Apple's patching process "opaque," a security researcher has decided that publishing a proof-of-concept exploit is the best way to force the computing giant to fix a months-old flaw.
 

Microsoft validates web server vulnerability

Dan Kaplan May 19, 2009

Microsoft on Tuesday confirmed the presence of a privilege-escalation vulnerability in its Internet Information Services web server -- but said no exploits are underway.
 

New Microsoft IIS flaw

Angela Moscaritolo May 18, 2009

A vulnerability in Microsoft Internet Information Services (IIS) web server could enable an attacker to access or upload files to protected WebDAV folders. The SANS Internet Storm Center said in a blog post that "adding certain Unicode characters to an URL makes it possible to bypass authentication in IIS." The vulnerability was rated "moderately critical" and affects Microsoft IIS 5.1 and 6.0, according to an advisory from Secunia. Storm Center handlers recommended turning off WebDav until more details about the vulnerability are uncovered. — AM
 

"Gumblar" website compromises increase 188 percent this week

Angela Moscaritolo May 14, 2009

Thousands of legitimate websites have been infected since late March with code that is silently infecting visitors with malware. And as of this week, the number of compromised websites has skyrocketed.
 

Massive security updates released for Apple computers

Chuck Miller May 13, 2009

In one of its largest security updates this year, Apple has announced a series of patches for its Mac OS X to address more than 60 vulnerabilities, some of which could enable malicious hackers to remotely hijack Macintosh computers.
 

Adobe's PDF vulnerability patched

Angela Moscaritolo May 12, 2009

Security researchers say Adobe's PDF vulnerability, which was fixed Tuesday, is more of a pressing issue than Microsoft's PowerPoint vulnerabilities fixed the same day.
 

Fourteen fixes for PowerPoint this Patch Tuesday

Angela Moscaritolo May 12, 2009

Microsoft today issued a fix for a zero-day vulnerability in PowerPoint that is currently being leveraged in ongoing attacks in the wild. In addition, the patch addresses 13 other similar vulnerabilities in the program.
 

Report: Web app hacks can invade air traffic control systems

Dan Kaplan May 07, 2009

The Federal Aviation Administration (FAA) on Thursday shot down a U.S. Department of Transportation report that its air traffic control (ATC) systems have been compromised because of insecure web applications -- but the agency agreed with the report's call for better security.
 

From eight to one: PowerPoint sole fix coming from Microsoft

Dan Kaplan May 07, 2009

A fix for a critical PowerPoint flaw, originally disclosed days before April's Patch Tuesday release, is scheduled to be delivered as part of May's update from Microsoft.
 

Chrome most updated browser

Dan Kaplan May 07, 2009

Users who surf the web with Google Chrome are more likely to be running the latest browser version compared to Mozilla Firefox, Apple Safari and Opera users, according to a new study from researchers at Google Switzerland and the Swiss Federal Institute of Technology. Ninety-seven percent of Chrome users ran the latest version three weeks after its release, found the study, which attributed the high marks to Chrome's silent-update mechanism, which does not allow users to disable automatic updates. Firefox was second best at 85 percent, followed by Safari (53 percent) and Opera (24 percent). Internet Explorer was not analyzed. — DK
 

Latest News

« Previous
Next »
Popular Topics
Analyst Reports & Industry Surveys Anti Spam Anti Spyware Anti Virus Apple Threats Application Security Breaches & Exposures Browser Flaws Browsers And Security CAN-SPAM Act Data Loss Prevention Endpoint Protection Facebook Government Industry Surveys Lawbreakers & Cybercrime Malware Mobile Endpoint Security Privacy Privacy Regulation Social Networks Spam Spam Techniques Trojans Vulnerabilities & Flaws