vulnerability

Tue
24
Feb
John Lister's picture

Lenovo, Superfish Spyware Prompts Class Action Suit

PC manufacturer Lenovo may have to defend a class action lawsuit after it reportedly sold notebook computers that contained unwanted adware. The lawsuit follows the revelation that the adware had the potential to spy on users. The case involves a ... piece of software called Superfish. It was designed to look at images users were viewing online, identify items, find websites selling the item at a cheap price, and display an offer in a pop-up window. The software came pre-installed on some Lenovo notebook PCs and integrated with multiple browsers. Superfish came under several different categories ... (view more)

Wed
11
Dec
Dennis Faas's picture

Microsoft Issues Five 'Critical' Security Fixes

Microsoft has issued eleven security bulletins as part of its final Patch Tuesday of 2013. One of those bulletins addresses a zero-day flaw found in Windows XP, while another fixes a remote code execution vulnerability in the firm's web browser, ... Internet Explorer. In total, Microsoft's December Patch Tuesday includes five patches rated "critical", Microsoft's most alarming security classification. Windows XP TIFF Vulnerability Finally Addressed The first critical fix, MS13-096, addresses a TIFF image file vulnerability exploited via Word, Microsoft's word processing application. The good news ... (view more)

Thu
19
Sep
Dennis Faas's picture

Microsoft Releases Emergency Internet Explorer Fix

Microsoft has issued an emergency software fix for a critical flaw in its Internet Explorer web browser. According to reports, hackers have already exploited the vulnerability. Microsoft released the "Fix It" software in an attempt to prevent what ... it calls "targeted attacks" on a vulnerability in its Internet Explorer browser. Microsoft is calling this a "zero day" vulnerability, meaning software developers were unaware of the issue before it was exploited by hackers. Hackers Launch Remote Code Execution Attacks Reports indicate that hackers have used the flaw to carry out remote code ... (view more)

Fri
12
Jul
Dennis Faas's picture

Google, Mozilla Save Cash with Bug Bounty Programs

Outsourcing has become a popular way for big companies to save money. One example: offering 'bug bounties' that encourage independent researchers to help prevent security nightmares. According to a new study completed by University of California ... Berkeley researchers, it's far cheaper for technology firms to use these freelance security experts than expand an existing in-house security team. The study examined the bug bounty programs (otherwise known as vulnerability reward programs, or VRPs) used by two of the Internet's biggest firms: Google and Mozilla, makers of the Chrome ... (view more)

Fri
11
Jan
Dennis Faas's picture

Java Flaw: Web Users Vulnerable to Attack

Internet users are now being warned about a new zero-day security vulnerability in Java software that could allow a hacker to gain unauthorized access to their computers. The vulnerability is related to a recently-discovered flaw in the popular Java ... software system, which is used all over the web to create a great many applications and associated plug-ins. Security experts say even fully-updated installations of Java are vulnerable to this new round of attacks. Only by completely disabling the Java browser plug-in can Internet users be sure their computers are safe from hackers attempting to ... (view more)

Tue
01
Jan
Dennis Faas's picture

Major Internet Explorer Security Flaw Discovered

A newly-discovered flaw in Microsoft's popular Internet Explorer (IE) web browser could allow hackers to take control of a Windows-based computer. The Redmond, Washington-based firm has acknowledged that the problem exists and that it affects older ... versions of IE. The firm has also released a temporary fix for the problem. Microsoft Advises: Avoid Suspicious Links "Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8," Microsoft said in a security advisory issued on Sunday, December 30, 2012. Microsoft says the remote code ... (view more)

Wed
14
Mar
Dennis Faas's picture

Microsoft Fixes Major PC Flaw with Security Update

Microsoft says it has fixed only one 'critical' security flaw this Patch Tuesday. However, it appears to be a highly significant vulnerability. For those not familiar with the terminology, 'critical' vulnerabilities are those rated to be most in ... need of addressing. Flaw Could Allow Remote Code Execution The 'critical' security flaw is a remote code execution vulnerability in Microsoft's Remote Desktop Protocol (RDP). Every version of Windows is reportedly left vulnerable by the problem. So long as the vulnerability remains unpatched, Microsoft says, a hacker who is able to convince a computer ... (view more)

Wed
05
Jan
Dennis Faas's picture

New Windows Exploit Opens Door to Total System Takeover

Microsoft has confirmed that a zero-day vulnerability exists in Windows XP, Vista, as well as Server 2003 and Server 2008. The bug, which first emerged in mid-December 2010, has evolved since the exploit was posted publicly. The bug was first ... discussed on December 15 at a security conference in South Korea. Since no one had yet exploited the vulnerability, there was not significant cause for concern. That's changed now that researcher Joshua Drake has released an exploit module via open-source penetration testing project, Metasploit. Exploit Opens Door to Total System Takeover Metasploit has ... (view more)

Thu
23
Dec
Dennis Faas's picture

New Internet Explorer Vulnerability Found

A new Internet Explorer (IE) security vulnerability has been found. The flaw, which is related to Internet Explorer's HTML engine, allows hackers to infiltrate systems running Windows XP, Vista and Windows 7. The issue was first discovered early in ... December by French security company Vupen . The company says this flaw could be exploited with the processing of a CSS (or Cascading Style Sheets) file intended for use by web designers. Rigged Website Key to Attack Those running Internet Explorer could find themselves under attack if they're (knowingly or unknowingly) directed to a specially- ... (view more)

Tue
15
Jun
Dennis Faas's picture

Microsoft Outraged over XP Flaw Disclosure

Microsoft recent criticized Google for publicly disclosing a remote code execution vulnerability affecting Windows XP and Server 2003. The problem was first reported to Microsoft on June 5th, but most of the world knew about it only four days later. ... This did not sit well with Microsoft, as the company believes that they were ousted before any meaningful repairs could be made to combat the issue. Worse yet, the company believes that revealing the situation to the public could have put users in danger. Windows XP, 2003 Consumers At Risk In an emotionally-charged rebuttal, Microsoft spokesperson ... (view more)

Pages

Subscribe to RSS - vulnerability