Ryan Naraine

Malware authors are beginning to nibble at Google’s text advertising money pie. According to a warning from anti-virus vendor BitDefender, a new Trojan is making the rounds, hijacking Google text advertisements and replacing them with ads from a different provider. The Trojan.Qhost.WU threat works by modifying the hijacked computer’s Hosts file to redirect the initial […]

Adobe Systems has shipped an extremely critical patch to correct at least nine cross-platform vulnerabilities in its ubiquitous Flash Player software. The APSB07-20 update, available for Adobe Flash Player 9.0.48.0 and earlier, 8.0.35.0 and earlier, and 7.0.70.0 and earlier, could allow complete system takeover attacks on Windows, Mac and Linux machines. “A malicious SWF must […]

A dialog spoofing vulnerability in the popular Google Toolbar could be exploited by malicious hackers to execute malicious files or launch identity theft attacks, according to a warning from security researcher Aviv Raff. Raff, a well-known hacker who regularly finds and reports software vulnerabilities, figured out a way to use a booby-trapped Web page to […]

The Open Source Vulnerability Database has hit the 2.0 milestone with a major rewrite, a new “Watch List” service and several UI enhancements to provide greater details about specific vulnerabilities. The five-year-old project, which is backed by Google, Layered Technologies and GFI Software, has been completely rewritten using Ruby on Rails and fitted with major […]

If you use Internet Explorer to access Google’s Gmail on public terminals, you may be leaving a lot of sensitive information exposed in the browser’s cache, according to a warning from Web application security specialist Cenzic./p> Cenzic issued an alert for what it argues are vulnerabilities in Gmail and IE that could “severely impact e-mail […]

Apple has shipped a major security update to correct at least 41 vulnerabilities affecting users of its flagship Mac operating system. With Security Update 2007-009, the Cupertino, Calif., vendor corrects multiple critical flaws that could allow malicious hackers to take complete control of Mac OS X (Tiger and Leopard) machines. A separate security update was […]

Apple on Jan. 25 shipped an Airport security update to fix a kernel panic issue that could allow attackers to cause system crashes. The Cupertino, Calif., companys fix comes almost two months after the issue was first flagged in the MoKB (Month of Kernel Bugs) project in November 2006. Apple credited the anonymous researcher known […]

Microsofts security response team has launched an investigation into reports of a zero-day attack against a previously unknown vulnerability affecting its ever-present Microsoft Word program. The Redmond, Wash.-based software maker said its aware of “very limited attacks” exploiting the reported Word flaw. If the vulnerability—and attack—is confirmed, the company is likely to issue a pre-patch […]

The recent surge in malware attacks against zero-day flaws in some of the most widely used software packages is confirmation of an IT administrators worst nightmare: Stand-alone, signature-based anti-virus software offers no protection from sophisticated online criminals. During 2006, there was a wave of zero-day attacks against Microsoft Office applications—through vulnerabilities known only to the […]

Apple has shipped a high-priority update for its QuickTime media player to correct a flaw exposed during the controversial MoAB (Month of Apple Bugs) project.