Ryan Naraine

The nonprofit Zeroday Emergency Response Team is offering VML security patches for out-of-support Windows OS versions. The volunteer group, which is made up of well-respected security professionals, has released updates for Windows 98, Windows 98 SE, Windows ME, Windows 2000 and Windows 2000 SP3. The patches can be downloaded from the ZERT Web site. Businesses […]

Microsofts summer-long struggle to lock down gaping holes in its Office software suite has once again escalated with the discovery of a new zero-day attack targeting PowerPoint users. The Redmond, Wash., software maker confirmed reports from anti-virus vendors that another round of “extremely limited attacks” is exploiting a previously unknown PowerPoint vulnerability. The e-mail-borne attack, […]

Microsoft has released an out-of-cycle Internet Explorer update to fix a critical—and widely exploited—vulnerability exploiting the Vector Markup Language, but theres a general feeling among security experts that the company is shutting the stable door after the horse has bolted. Highlighting the risks of releasing security updates on a monthly patching cycle, the software makers […]

The newest zero-day flaw in the Microsoft Windows implementation of Vector Markup Language, or VML, is being used to flood infected machines with a massive collection of bots, Trojan downloaders, spyware and rootkits. Less than 24 hours after researchers at Sunbelt Software discovered an active malware attack against fully patched versions of Windows, virus hunters […]

A high-profile group of computer security professionals scattered around the globe has created a third-party patch for the critical VML vulnerability as part of a broader effort to provide an emergency response system for zero-day malware attacks. The group, known as ZERT (Zero Day Emergency Response Team), was formed in the aftermath of the WMF […]

Apple Computer has shipped a critical AirPort update to correct a trio of security flaws that put Wi-Fi-enabled Mac systems at risk of code execution attacks. The patch comes almost two months after the public disclosure of the threat at the Black Hat Briefings and brings an end to a raging controversy over claims by […]

Using clues obtained from a YouTube video and a simple four-word Google search engine query, a criminal can find step-by-step instructions for how to hack into and take control of thousands of ATMs scattered around the United States. Following up on a CNN report out of Virginia Beach, Va., here as a YouTube video, that […]

The newest zero-day flaw in the Microsoft Windows implementation of the Vector Markup Language is being used to flood infected machines with a massive collection of bots, Trojan downloaders, spyware and rootkits. Less than 24 hours after researchers at Sunbelt Software discovered an active malware attack against fully patched versions of Windows, virus hunters say […]

Botnet hunters tracking the latest MS06-040 worm attack estimate that one malicious hacker earned about $430 in a single day by installing spyware programs on thousands of commandeered Windows machines. Security researchers at the German Honeynet Project discovered a direct link between the botnet-building attack and DollarRevenue, a company that pays between 1 and 30 […]

Microsofts patch on Sept. 12 brought three bulletins covering three software flaws, but the day will be remembered most for an Internet Explorer mega-patch that was re-rereleased to address a 10th vulnerability that was missed by the software maker. Just weeks after reissuing the cumulative browser update amid a round of verbal jousting with a […]