The recently discovered critical Windows vulnerability that necessitated an out-of-cycle patch is extremely similar to one that first appeared two years ago. The MS08-067 vulnerability, which was originally spotted by analyzing in-the-wild captures, is remarkably similar to the MS06-040 vulnerability that enabled the spread of a variant of the Mocbot trojan, leading security researchers [...]

Microsoft has released an out-of-band patch to fix an extremely critical worm hole that exposes Windows users to remote code execution attacks. The emergency update comes just one week after the regularly scheduled Patch Tuesday and follows the discovery of a targeted zero-day attack, Microsoft said in an advisory.   The vulnerability is rated “critical” on [...]

To share phishing URLs, or not to share? That’s the rhetorical question, since sharing ultimately serves the final customer and ensures a lower average time for a phishing site to remain online. In a recently published research (The consequence of non-cooperation in the fight against phishing) Tyler Moore and Richard Clayton analyze the current state [...]

On the same day Opera shipped a browser update with patches for three separate security vulnerabilities, hackers are openly discussion a new zero-day flaw that exposes Windows users to remote code execution attacks. With Opera 9.61, the Norwegian browser maker corrects an issue where History Search could be used to reveal browser history (rated extremely severe);  [...]

Last week, Google’s Patrick Chapman and Matt Cutts announced that they’re experimenting with a new security feature aiming to alert webmasters on the potential for having their sites hacked due to the outdated version of their web applications, starting with Wordpress only : “Recently we’ve seen more websites get hacked because of various security holes. In [...]

Bargaining with your health doesn’t just mean you’re heading for a shorter life expectancy, but also, increases the chances that you will either get scammed in the process, or have to pay more in the long-term while dealing with the health issues arising from using expired pharmaceutical with unverifiable origins, you bargained for at the [...]

A team of Swiss researchers say there are several ways to recover keystrokes from wired keyboards by simply measuring the electromagnetic radiations emitted when keys are pressed. In all, the team of researchers from the Security and Cryptography Laboratory in Lausanne, Switzerland, found four  different ways to fully or partially recover keystrokes from wired keyboards at [...]

Just hours after the release of the Google Chrome browser last month, researcher Aviv Raff discovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug — to trick users into launching executables direct from the new browser. (Here’s a demo showing how a Google Chrome users can [...]

As many of you already know, the anti-Midas touch of the financial crisis is spreading to the technology sector. Sequoia Capital, one of the largest VC funds in Silicon Valley, gave a presentation that pretty much said become profitable now or pack up and go home. Security seemed to be counter-cyclical during the [...]

According to SophosLabs Adobe’s owned seriousmagic.com has been automatically SQL injected by the Asprox botnet, becoming the very latest high profile legitimate web sites injected with links to exploits and malware serving sites : “The infection, which resides at hxxp://www.seriousmagic.com/help/tuts/tutorials.cfm?p=1, instructs users browsers to silently install a malicious file from a series of domains known to [...]