Threat Center Security News
Security News
Alert raised over threats spread thru social networking sites Print E-mail
Written by Rebecca Mints   
Saturday, 27 June 2009 20:59

Twitter, Facebook, MySpace and other social networking sites may contain links that, when clicked, could trigger a security nightmare for unwitting users.

This was the stern warning issued by security companies on Monday as they raise the alarm over the rapid spread of security threats using these social networking sites.

Security experts from Symantec and Japanese firm Finjan said malicious links found in Twitter and similar sites have affected its user's PC.

“Spammers were using a Twitter-branded e-mail message in an attempt to convince the recipient to open up a .zip file to infect the victim's computer,” said Symantec in its security blog.

In a blog post about cybercrime, Gary Warner said that shortened URLs are particularly attractive to users but will eventually lead them to a chain of redirects that will compromise their system.

Criticisms stir Apple to finally fix Java flaw Print E-mail
Written by Rebecca Mints   
Saturday, 20 June 2009 22:20

Amid growing criticisms from security researchers on the months-long existence of a bug found on Mac OS X’s Java, Apple has finally issued a security patch on Tuesday.

A serious security flaw on Java was discovered by Sun six months ago. The vulnerability has affected several platforms that run on Java although most operating-system vendors, except Apple, have immediately issued patches.

Last month, security expert Julien Tinnes and Security firm Intego together published criticisms on Apple for neglecting to patch the bug and only issuing a security update months after its discovery.

“Apple has been aware of this vulnerability for at least five months since it was made public, but has neglected to issue a security update to protect against this issue,” said Intego in its security advisory.

Grumblar still a threat, says security experts Print E-mail
Written by Rebecca Mints   
Saturday, 13 June 2009 08:06

The vicious virus that spreads malicious code over the Internet remains a pervasive threat, according to security firm Websense in its latest blog.

While updates on the rate of recorded attacks of Grumblar, also named JSRedir-R and Martuz, show a significant decline in the last week of May, this does not mean it has stopped its online mayhem.

Websense tracked the sites compromised because of the attacks and monitored the trend leading to Grumblars near inertness. According to Websense's researchers, the attacks peaked at 82,500 on May 26 and from there slowly declined.

“...the predecessor to the Gumblar attack is still alive, but it is on the decline. The older injection peaked at approx 17,000 sites on April 25, 2009. This peak was in the earlier days of the attack; it has since then stabilized at about 10,000,” according to the Websense blog posted last week.

Attackers use QuickTime to steal user rights Print E-mail
Written by Rebecca Mints   
Wednesday, 03 June 2009 23:50

A vulnerability in DirectX that runs QuickTime files has been recently discovered by Microsoft who immediately warned users not to click on suspicious links.

In its advisory posted last Thursday, Microsoft said attackers use malicious QuickTime files to allow them to compromise the system by stealing user rights.

Microsoft said the attacks are “limited” but still asked users to employ measures to protect their system, including constantly updating their software.

“The vulnerability could allow remote code execution if a user opened a specially crafted QuickTime media file. Microsoft is aware of limited, active attacks that use this exploit code,” said the advisory.

Lower version of OpenSSH vulnerable to attack Print E-mail
Written by Rebecca Mints   
Friday, 29 May 2009 00:11
Users of the network protocol OpenSSH have been warned by security experts to upgrade their software to the latest version so as to protect encrypted data.

Developers of OpenSSH or SecureShell has come up with version 5.2 which implements countermeasures against probable attacks. The lower versions contain a flaw that attackers can exploit to read encrypted data.

Other SSH software may also have the same vulnerability, said security experts belonging to the Information Security Group at the University of London’s Royal Holloway.

The attack can be done during cryptographic processing, when an attacker could have a one in more than 200,000 chance to invade the system and read data from ciphertext.

More Articles...

Page 2 of 33

WTW Threat Level