Ryan Naraine

Hackers armed with a Web browser and a rigged SWF (Shockwave) file can fire code execution exploits at most modern Wi-Fi routers, according to a warning from researchers at the GNUCITIZEN think-tank. The researchers, Adrian Pastor and Petko D. Petkov (pictured left), have found an easy way to use Shockwave files embedded on Web pages […]

Anti-virus researchers at McAfee are tracking a nasty new malware attack targeting millions of users on the popular MySpace social networking site. The latest exploit combines a rigged MySpace profile with a fake Microsoft security patch to lure Windows users into downloading malicious executables. Here’s the attack scenario, as explained by a McAfee official: “Attackers […]

Trend Micro is testing a nifty anti-botnet utility capable of listening for botnet-related traffic on infected Windows machines. Trend Micro’s new RUBotted beta, available as a free download (.exe), is a lightweight program that intelligently monitors Windows machines for remote C&C (command and control) commands sent from a bot-herder. These can include commands to turn […]

Oracle database administrators, start your patching engines. According to the Redwood City, Calif., vendor’s Critical Patch Update pre-release announcement, the first quarterly update for 2008 will contain 27 security fixes across hundreds of Oracle products. [ SEE: Oracle Security Alerts Get Overdue Makeover ] The patches are expected to ship on January 15, 2008. Here’s […]

Clearly worried about the insider threat to its corporate assets, search marketing giant Google is looking for an Investigator/Threat Analyst to examine “deviations from company policies or acts against Google.” According to a job listing first sighted by Search Engine Land, the new hire will report to the Director of Corporate Safety & Security and […]

The year-long hacker assault on Apple’s QuickTime media player has unearthed another serious security vulnerability affecting both Mac OS X and Windows users. The latest flaw, released as zero-day (with with proof-of-concept exploit,) is a remote buffer overflow that occurs because QuickTime fails to properly bounds-check user-supplied input before copying it to an insufficiently sized […]

The U.S. Computer Emergency Readiness Team has issued a high-risk warning for a serious security flaw affecting users of America Online’s AOL Radio software. The vulnerability is described as a stack buffer overflow that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The US-CERT warning, written by vulnerability analyst […]

Anti-virus vendors have raised an alarm for a stealthy new MBR (Master Boot Record) rootkit that takes aim squarely at Windows XP and Windows Vista machines. The rootkit, identified by Symantec as Trojan.Mebroot, was spotted in the wild as part of a drive-by malware download attack. Symantec researcher Elia Florio says the rootkit takes control […]

Here’s a frightening statistic taken from Secunia’s PSI (Personal Software Inspector), a free patch-management utility you should already be using: A whopping 95 percent of the last 20,000 newly registered PSI users are running computers that haven’t been fully patched/updated. Secunia, which collects data from computers scanned by the PSI, found that a mere 5 […]

It may be just an innocuous prank, but the confirmed sighting of a malicious Trojan created for unlocked iPhones is a perfect example of the damage that can be done with a clever social engineering attack. According to warnings from two different anti-virus vendors, a malicious iPhone software package circulating on the Web could cause […]