Monday, May 18th, 2009 US-CERT is aware of public reports of a malware exploit circulating. This is a drive-by-download exploit with multiple stages and is being referred to as Gumblar. The first stage of this exploit attempts to compromise legitimate websites by injecting malicious code into them. Reports indicate that these website infections occur ...
Posted in Internet, Security | No Comments
Monday, May 18th, 2009 A highly dangerous SSH flaw discovered a few months ago could still cause your organisation headaches, according to security experts.The vulnerability was first made public when it emerged last November that researchers at Royal Holloway's Information Security Group had found the flaw, which could allow hackers access to sensntive data.SSH, ...
Posted in Internet, Privacy, Security | No Comments
Friday, April 24th, 2009 Mark Larson, the Google Chrome Project Manager, has posted an advisory on the Google Chrome Releases blog advising of a high risk vulnerability in the Chrome web browser. The cross-site scripting (XSS) vulnerability is caused by an error in handling URLs in the ChromeHTML URI handler, allowing an attacker to ...
Posted in Internet, Security, Software | No Comments
Wednesday, April 15th, 2009 Kernel rootkits are tough enough to detect, but now a researcher has demonstrated an even sneakier method of hacking Linux.The attack attack exploits an oft-forgotten function in Linux versions 2.4 and above in order to quietly insert a rootkit into the operating system kernel as a way to hide malware ...
Posted in Coding, Linux, Privacy, Security | No Comments
Thursday, April 9th, 2009 Recently, our APAC threat intelligence team discovered a couple of Windows kernel zero-day vulnerabilities in the field, which could be potentially used for malicious purposes. These were discovered in some discussion forums in China.One of these issues exists in Windows NT/2000/XP according to the description provided. The issue arises ...
Posted in Security, Windows | No Comments
