flaw

Fri
23
Jul
Dennis Faas's picture

Experts Fear Windows Shortcut Flaw to be Widespread

A serious security flaw affecting Windows shortcuts could pose a significant risk to critical global infrastructure, says a new report from security research firm Sophos. Power grids and manufacturing plants could soon be targeted by a flaw that ... researchers say has already been exploited by hackers. "Early versions of the malware have been programmed to seek out SCADA software (Supervisory Control And Data Acquisition) by Siemens Corporation, which is used in managing industrial infrastructures, such as power grids and manufacturing plants," said Sophos. Security Firms Fear Growing Threat ... (view more)

Wed
21
Jul
Dennis Faas's picture

New 'Windows Shortcut Flaw' High Risk, Affects All Users

A new Windows zero-day flaw has gone public. Known as the "Windows Shortcut flaw", the exploit affects all versions of Microsoft Windows. What's important to note is that merely opening or viewing an infected USB stick can infect a computer -- even ... on systems where Windows Autoplay is disabled. The flaw affects files which have the file extension .LNK, otherwise known as a "Windows Shortcut" file. Shortcut files are essentially copies of program icons and tell Windows where the original program is located. For example, normally one would have to click Start -> Programs ... (view more)

Tue
13
Jul
Dennis Faas's picture

Patch Tuesday to Address XP Help Bug, Plus Vital Win7 Fixes

Microsoft will next week unveil a series of security bulletins meant to address five security flaws. The fixes are part of the company's monthly Patch Tuesday release, and will most importantly fix a critical Windows XP Help Bug flaw in Windows' ... Help and Support Center. The series of fixes include four patches for the five vulnerabilities, three of which have been dubbed "critical" by Microsoft -- the company's highest level of alert. Each of these critical issues involve holes that, if exploited, could allow a hacker to launch a remote code execution attack upon an unsuspecting user's PC. ... (view more)

Wed
19
May
Dennis Faas's picture

Microsoft Warns of 'Unlikely' Windows 7 Aero Flaw

A new security flaw in Microsoft's very popular Windows 7 operating system (OS) could open users up to a remote code execution and denial-of-service attack, Microsoft said in a security advisory on Tuesday evening. The vulnerability affects only ... 64-bit versions of Windows Server 2008 R2 and Windows 7. The flaw affects the Canonical Display Driver, or CDD.DLL, used in the Windows Graphics Device Interface (GDI) and DirectX drawing. The vulnerability is tied to the graphics system's desktop composition process. (Source: zdnet.com ) Microsoft: Remote Code Attack "Unlikely" Luckily, it ... (view more)

Fri
14
May
Dennis Faas's picture

Researcher Reveals Critical Flaw in Safari Web Browser

A zero-day flaw has recently been discovered in the latest version of Apple's Safari browser. The flaw is considered to be "highly critical," the second-highest rating in the five-step threat-assessment system. It also has the potential to infect ... Windows PCs with malicious code. In actuality, the bug is the result of an error in the handling of the browser's parent windows. It can result in a "function call using an invalid pointer". Different Flaw, Same Tactics Malware peddlers might also attempt to exploit the vulnerability by creating a malicious site and coaxing users into coming to the ... (view more)

Wed
10
Mar
Dennis Faas's picture

Light Patch Tuesday Release Brings Heavy Warning from Microsoft

Microsoft yesterday unveiled its March Patch Tuesday offering, and by comparison to recent months it was a relatively calm affair. Only two security bulletins addressing eight vulnerabilities were announced, but they were joined by a warning related ... to a new zero-day Internet Explorer flaw which does not yet have a fix. Both of the bulletins Microsoft released in accordance with its March Patch Tuesday have been designated "important". That's a big step down from this past February's Patch Tuesday , where about one-fifth of the 26 vulnerabilities were considered "critical," Microsoft's ... (view more)

Wed
10
Feb
Dennis Faas's picture

MS Warns: Critical DirectShow Flaw Could Poison Windows

It's still a few days till Valentine's, but already Microsoft has provided its February security gift for Windows users. In yesterday's Patch Tuesday release, the Redmond-based software firm has unveiled fixes for 26 vulnerabilities, almost ... one-fifth of which are marked "critical". Critical Fixes for Windows, MS Office Suite The recent patches address flaws in Microsoft's Windows operating system and its Office software suite. Five of the vulnerabilities have been ear-marked "critical," Microsoft's highest threat rating, and another seven "important". One is considered "moderate". Across the ... (view more)

Fri
05
Feb
Dennis Faas's picture

Black Hat Hackers Conference Confirms New IE Flaw

Microsoft has confirmed a flaw in Internet Explorer could be used by hackers to access the files on a user's computer. The flaw was demonstrated at a security conference this week. The man who discovered the flaw, Jorge Luis Alvarez Medina of Core ... Security Technologies, says that so far as he can tell, it's not something which can be easily patched. The good news is that Windows Vista and Windows 7 both have default options for Internet Explorer which can block the problem. Medina first noted the existence of the flaw last week, but held back details until this week's Black Hat Conference. ... (view more)

Mon
18
Jan
Dennis Faas's picture

Avoid Internet Explorer, Says German Government

The German government has issued an official warning that citizens should avoid using Internet Explorer. It's a response to a recently discovered flaw in the browser that is believed to have been exploited by hackers attacking Google in China. ... Germans Expect Flaw to be Widely Exposed Soon The warning comes from the Federal Office for Information Security, known locally as the Bundesamt für Sicherheit in der Informationstechnik (BSI). The warning, which was translated via Google Translate, read: "The BSI expects that [the Internet Explorer] vulnerability will be used [very soon] for attacks on ...<a href="/news/5401/avoid-internet-explorer-says-german-government" class="more-link">view more

Tue
12
Aug
Dennis Faas's picture

Internet Security Flaw 'Worse Than Realised'

A recently-discovered security flaw in fundamental operation of the Internet could be much more serious than first believed. Every form of network, including email services, could be vulnerable. Dan Kaminsky, the security expert heading efforts to ... solve the problem, told a Las Vegas convention that the central problem can be exploited in at least 15 different ways. As we recently reported , the heart of the problem is the Domain Name System (DNS), which translates website addresses into the identifying number of the particular computer where the content of site is physically stored. A key ... (view more)

Pages

Subscribe to RSS - flaw