Ryan Naraine

In the absence of a patch for a dangerous code execution hole in Microsoft Word, security experts are recommending that Windows users implement software restriction policies to blunt the effects of ongoing zero-day attacks. Just days after anti-virus vendors warned that malicious hackers with links to China and Taiwan were exploiting the vulnerability to launch […]

A zero-day flaw in the ubiquitous Microsoft Word software program is being used in an active exploit by sophisticated hackers in China and Taiwan, according to warnings from anti-virus researchers. Symantecs DeepSight Threat Analyst Team has escalated its ThreatCon level after confirming the unpatched vulnerability is being used “against select targets.” The exploit arrives as […]

A security flaw in the popular Skype peer-to-peer chat client could allow security bypass and system information disclosure attacks, according to an advisory from the company. The vulnerability, which carries a “moderately critical” rating, is caused by an error in the way the application parses the parameters passed by the URL handler. “This can be […]

For online poker players, this was always going to be a losing hand. A Trojan with malicious rootkit features hidden in a legitimate software package distributed by online gaming tools vendor Check Raised has the ability to hijack log-in information for multiple online poker Web sites, according to a warning from Finnish security vendor F-Secure. […]

Apple Computers latest Mac OS X security update misses several dangerous vulnerabilities and is causing system hangs and boot-up problems for some users, according to information reaching eWEEK. Less than a week after Apple shipped a mega-update with fixes for a whopping 43 Mac OS X and QuickTime vulnerabilities, independent researcher Tom Ferris said that […]

A “highly critical” flaw in RealVNCs virtual network computing software could allow malicious hackers to access a remote system without a password, according to a published advisory. RealVNC, the Cambridge, U.K.-based company that invented the open-source software, has acknowledged the flaw and posted patches for all affected versions. The RealVNC software, which competes with Symantecs […]

Fortify Software announced May 15 that it is joining the FindBugs project as a sponsor and is offering its static code analysis technology to help open-source developers find dangerous security vulnerabilities and other software bugs in Java programs. Fortify, based in Palo Alto, Calif., will integrate the FindBugs static analysis tool with its Source Code […]

Apple Computers security update train rumbled into the station late May 11 with fixes for a whopping 43 Mac OS X and QuickTime vulnerabilities. The companys Security Update 2006-003 patches 31 flaws in the Mac OS X, most of them serious enough to cause “arbitrary code execution attacks.” Apple also shipped QuickTime 7.1 as a […]

A new study by McAfees SiteAdvisor Web ratings finds that sponsored results from some of the biggest names in the search engine business contain spyware, spam, scams and other Internet menaces. The study, which was conducted by anti-spyware activist Ben Edelman and SiteAdvisor research analyst Hannah Rosenbaum, found that all the major search engines—Google, Yahoo, […]

Researchers from Microsofts anti-malware engineering team are working on an automated way to sort through the thousands of malware families and variants attacking Windows computers. The company unveiled its plans at the EICAR (European Institute for Computer Anti-Virus Research) conference in Hamburg, Germany, proposing the use of distance measure and machine learning technologies to come […]