vulnerabilities

Flashback the largest Mac malware threat yet, experts say

Unless you've been living under a rock for the past week, you've probably heard about Flashback, a piece of malware targeting users of Apple's Mac OS X that's now estimated to be quietly running on more than 600,000 machines around the world.

That number, which came from Russian antivirus company Dr. Web earlier this week, was confirmed today by security firm Kaspersky. More than 98 percent of the affected computers were running Mac OS X, the firm said.

That's certainly a big number, but how does it stack up to past threats?

"It'… Read more

DHS: Cybersecurity plays into online voting

As the 2012 presidential election revs up, 33 states now permit some form of Internet ballot casting. However, a senior cybersecurity adviser at the U.S. Department of Homeland Security warned today that online voting programs make the country's election process vulnerable to cyberattacks.

"It is premature to deploy Internet voting in real elections at this time," DHS cybersecurity adviser Bruce McConnell said at a meeting of the Election Verification Network, which is a group that works to ensure every vote is counted. He explained that all voting systems are susceptible to attacks and bringing in Internet … Read more

Anti-abortion Anonymous hacker arrested in U.K.

Shortly after hacking into Britain's biggest abortion provider's Web site and stealing 10,000 database records of women registered with the service, self-proclaimed member of Anonymous James Jeffery proudly touted his triumph on Twitter.

It was this misstep that quickly led to his arrest, court hearing, admission of guilt, and impending sentence, according to the Guardian.

It all started on Thursday when the British Pregnancy Advisory Service reported that there were 26,000 attempted break-ins to its Web site over a six-hour period. According to the Guardian, the site was also defaced with the Anonymous logo and a … Read more

Danish firm outlines two unpatched Safari vulnerabilities

The Danish IT security firm Secunia has released an advisory today regarding two unpatched vulnerabilities in Apple's Safari 5 Web browser. These vulnerabilities are so far are not known to be actively exploited; however, if done, they could allow an attacker to run malicious software and conduct spoofing attacks on those using the browser.

The first vulnerability is in Safari's plug-in handling system, where in some instances when interacting with the plug-in (such as by accessing its settings or contextual menus), if you navigate to a new page, the plug-in may be unloaded in a way that allows … Read more

Space station control codes on stolen NASA laptop

A laptop stolen from NASA last year contained command codes used to control the International Space Station, an internal investigation has found.

The laptop, which was not encrypted, was among dozens of mobile devices lost or stolen in recent years that contained sensitive information, the space agency's inspector general told Congress today in testimony highlighting NASA's security challenges.

"The March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of the algorithms used to command and control the International Space Station," NASA Inspector General Paul K. Martin said in written testimony (PDF). Another … Read more

McAfee to plug 'spammer' hole this week

McAfee will release a fix this week for a bug in its SaaS for Total Protection anti-malware service that scammers were using to distribute spam, the company said today.

The problem came to light after McAfee customers reported in blog posts and forum sites that spammers were using a hole in McAfee's RumorServer relay service to secretly send spam from their machines. The customers said they noticed the problem after their e-mails were blocked by e-mail providers and their IP addresses appeared on blacklists.

The problem is isolated to the SaaS Total Protection service, according to David Marcus, director … Read more

Adobe to release zero-day fixes for Reader and Acrobat

In early December, Adobe issued a security bulletin regarding new zero-day PDF-based attacks that took advantage of flaws in its Reader and Acrobat programs, allowing a hacker to crash the program and take control of the system.

The flaw was initially found to be in Reader and Acrobat versions 9.4.6 and X (10.1.1) on all supported platforms, with a similar flaw later being found in Adobe's Flash Player, though in its security bulletin Adobe claims this is not the same issue as those in Reader and Acrobat.

Despite it being present in multiple platforms and … Read more

SMS flaw reportedly found in Windows Phone 7.5

Devices running Microsoft's Window Phone are susceptible to a denial-of-service attack that disables their messaging function, a tipster has told WinRumors.com.

A malicious SMS sent to a Windows Phone 7.5 device will force it to reboot and lock down the messaging hub (see video below). WinRumors said tests revealed that the flaw affected a variety of devices running different builds of the mobile operating system. A Facebook chat message and Windows Live Messenger message will also trigger the bug.

So far, the only solution to the messaging hub bug appears to be a hard reset and wipe … Read more

New zero-day vulnerabilities found in Adobe Flash Player

When it comes to malware exploits, Adobe's Flash and PDF software can't seem to catch a break recently.

Recently a vulnerability was found in both Mac and Windows versions of Adobe's Acrobat and Reader products that could allow an attacker to crash the programs and gain control of the system. So far only attacks on Windows machines have been found, but Mac systems could be affected as well.

Now two similar vulnerabilities have been found in Adobe's Flash Player, which likewise could result in arbitrary code being executed on the system.

Computerworld is reporting that the … Read more