Vulnerabilities

A Bug Found in OpenSSL

A “severe vulnerability” was found in the OpenSSL. Computer researcher's used software encryption package that allows them to rebuild a machine's confidential cryptographic key. The flaw in OpenSSL is important because the open-source package is used to protect sensitive data all over the world. Read more.

Google Engineer Disclosed Window's DEP Flaw

A Google security software engineer Berend-Jan Wever revealed his exploit research - published proof-of-concept code that bypasses data error prevention (DEP). This disclosure can lead to more successful attacks against Microsoft's newer operating systems.DEP intends to prevent an application or service from executing code from a non-executable memory region. Berend-Jan Wever posted at his personal blog on Monday: “The exploit I released would not work if you had DEP turned on for MSIE. Read more.

Be Careful With F1!

Microsoft announced one more IE vulnerability in its advisory . This unpatched vulnerability can affect users of Windows 2000, Windows XP, and Windows Server 2003 that running Internet Explorer. VBScript flaw can be used to run malicious code. Attacker can create a web page that displays an exact dialog box with a suggestion to press F1 key. This accomplishment can terminate malicious code on a victim computer. Read more.

Top 10 TLDs Used by Botnets For CnC

Gunter Ollmann, who is currently works VP of Research at Damballa company, wants to share an information with the rest of the world related to the command and control (CnC) channels used and abused by criminal botnet operators.He is claiming it would be useful to know about all the Top Level Domains (TLDs) used for botnet CnC. Damballa looked through all the domains used and abused by botnets targeting enterprise networks in 2009 (look at the table below).Top10 TLDs used for CnC. Read more.

Mistakes to Avoid on Social Networks

A huge investigation was done by security firm Sophos earlier this month. The research includes reports of cybercrime attacks on social networks like Facebook, Twitter and LinkedIn. Notifications of malware and spam rose 70 percent on social networks in the last 12 months and 57 percent of users report they have been spammed via social networking sites. Chet Wisniewski, Senior Security Advisor with security firm Sophos was asked to comment how to avoid those attacks. Read more.

News categories

• Malware
• Spam and email
• Phishing
• Mobile security
• Vulnerabilities
• Security software
• Online security
• Security basics

Popular news

• Security Companies Report Microsoft IE Flaw to be Known Since 2007
• Researcher’s Speech on ATM Vulnerability Halted by Vendor
• Fraudulent Firefox Update Spreads Via Zango Toolbar
• Microsoft Explores Another IE Flaw After the Google Attack
• Google Announced a New Bug Bounty Program
• Top 10 TLDs Used by Botnets For CnC
• New Windows Security Update Patches Critical Flaws
• Security Makers Use Adobe Avoiding Attacks on Windows PCs
• Trojan “Plays” With Install Files
• Mistakes to Avoid on Social Networks
• A Bug Found in OpenSSL
• Be Careful With F1!
• Google Engineer Disclosed Window's DEP Flaw

Subscribe