from U.S. CERT What are rootkits and botnets? A rootkit is a piece of software that can be installed and hidden on your computer without your knowledge. It may be included in a larger software package or installed by an attacker who has been able to take advantage of a vulnerability on your computer or [...]
The IBM X-Force 2009 Mid-Year Trend and Risk Report revealed many security problems with the world wide web. The report’s findings show an unprecedented state of Web insecurity as Web client, server, and content threats converge posing a huge risk for web surfers. The report finds more than a 500 percent increase in malicious Web [...]
US-Cert — ActiveX controls built with Microsoft ATL fail to properly handle initialization data Overview ActiveX controls that are built using a Microsoft ATL template may fail to properly handle initialization data, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. I. Description Microsoft Active Template Library (ATL) is [...]
Microsoft Releases Advance Notification for May Security Bulletin added May 7, 2009 at 02:58 pm Microsoft has issued a Security Bulletin Advance Notification indicating that the May release cycle will contain one bulletin with a maximum severity rating of Critical. The notification states that the Critical bulletin is for Microsoft PowerPoint. The release is scheduled [...]
Mozilla has released a new version of the Firefox web browser. “Firefox has security, speed and new features that will change the way you use the Web. Don’t settle for anything less.” The Safest Web Browser Mozilla says, “Simply put, your online security is our top priority. Firefox includes strict anti-phishing and anti-malware measures, plus [...]
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, and Forefront Edge Security as part of the Microsoft Security Bulletin Summary for April 2009. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with escalated privileges. Microsoft Windows Malicious Software Removal Tool Microsoft has [...]
Hackers planted malware onto the network of the U.S. electrical grid. It is likely their intent was to cripple the power infrastructure. According to security researcher Roger Thompson the hackers probably gained access like many others by exploiting holes in software, such as, Windows. “Any computer connected to the Internet is potentially vulnerable. Getting to [...]
by CERT Using anti-virus and anti-spyware software is an important part of cyber security. But in an attempt to protect yourself, you may unintentionally cause problems. Isn’t it better to have more protection? Spyware and viruses can interfere with your computer’s ability to process information or can modify or destroy data. You may feel that [...]
US-CERT saw no evidence of nefarious behavior associated with Conficker on April 1, 2009. It is important to understand that it is still unclear what Conficker is intended for and capable of doing. Systems with infections must be cleaned now. An infected system could enable an attacker to remotely take control of that system and [...]
Microsoft has released security advisory 969136 to address reports of a vulnerability in Microsoft Office PowerPoint. By convincing a user to open a specially crafted Office file, a remote attacker may be able to gain access to the affected system with the same rights as the user running PowerPoint. US-CERT encourages users and administrators to [...]
BugTraq Security Tip Of The Day Computer And Internet Security News Current Security Alerts Network Vulnerability Notes Homeland Security