Ryan Naraine

Security researchers at Sunbelt Software have discovered an active malware attack against fully patched versions of Microsofts Internet Explorer browser. The exploit has been seeded at several porn sites hosted in Russia and is being used to launching drive-by malware downloads that appear to be hijacking Windows machines for use in botnets. eWEEK has confirmed […]

The Department of Homeland Security has picked a new cyber-security czar. After a yearlong search, the federal government named former ITAA (Information Technology Association of America) vice president Gregory Garcia to be its overseer for cyber-security in the United States. According to a statement released Sept. 18 by DHS secretary Michael Chertoff, Garcia will brings […]

Microsofts Internet Explorer isnt the only Web browser with serious security issues. Mozilla on Sept. 15 shipped a “highly critical” Firefox update to correct a range of security flaws that could lead to security bypass, cross-site scripting, spoofing, denial-of-service and system access attacks. The open-source group patched a total of seven vulnerabilities in its flagship […]

A British security researcher has figured out a way to manipulate legitimate features in Adobe PDF files to open back doors for computer attacks. David Kierznowski, a penetration testing expert specializing in Web application testing, has released proof-of-concept code and rigged PDF files to demonstrate how the Adobe Reader program could be used to launch […]

Security researchers in China have published detailed exploit code for a new zero-day vulnerability in Microsofts dominant Internet Explorer browser. The exploit, which was posted to XSec.org and Milw0rm.com Web sites, could be easily modified to launch code execution attacks without any user action on fully patched Windows machines. A spokesman for the MSRC (Microsoft […]

Two Moroccan hackers have been jailed for creating and distributing the Zotob worm that squirmed through Windows 2000 networks in August 2005. According to reports out of Morocco, Farid Essebar, the 19-year-old hacker who wrote the worm code and used it to hijack computers globally for use in for-profit botnets, was sentenced to two years […]

Multiple security flaws in Apples QuickTime media player could put Mac and PC users at risk of malicious hacker attacks, according to a warning from the Cupertino, Calif. company. Apple released QuickTime 7.1.3 as a high-priority update alongside warnings that maliciously crafted movie and image files could be used to execute harmful code on vulnerable […]

Microsofts Patch Tuesday on Sep. 12 brought three bulletins covering a three software flaws, but the day will be remembered most for an Internet Explorer mega-patch that is being re-rereleased to address a 10th vulnerability that was missed by the software maker. Just weeks after re-issuing the cumulative browser update amidst a round of verbal […]

When Microsoft announced in March 2006 that it would add code-scrambling diversity to make Windows Vista more resilient to virus and worm attacks, you could almost visualize a wry smile from Dan Geer. Geer, a computer security guru with a doctorate in biostatistics from Harvard University, lost his job as chief technology officer of consulting […]

Botnet hunters tracking the latest MS06-040 worm attack estimate that one malicious hacker earned about $430 in a single day by installing spyware programs on thousands of commandeered Windows machines. Security researchers are the German Honeynet Project discovered a direct link between the botnet-building attack and DollarRevenue, a company that pays between a penny and […]