Ryan Naraine

On the eve of Microsoft’s plans to fix a 2-month-old vulnerability affecting Microsoft Excel, security experts warn that booby-trapped Excel documents are circulating with malicious executables.According to an alert issued by the United States Computer Emergency Readiness Team, a malicious Trojan has been rigged into .xls files that are being distributed via e-mail.“Known file names […]

Cisco Systems is moving to a predictable patch release cycle for security advisories affecting its Internetwork Operating System.The routing and switching giant is planning to release bundles of IOS Security Advisories on the fourth Wednesday of the month in March and September of each calendar year.The new policy begins March 26 and only affects IOS […]

The widely deployed RealPlayer software is vulnerable to a heap corruption vulnerability that could put Windows users at risk of code execution attacks, according to a warning from a security researcher.Elazar Broad, a hacker who has led an all-out assault on buggy ActiveX controls in popular software products, has issued an alert for the latest […]

Less than a year after an executive reshuffle prompted questions about its direction and viability, Core Security Technologies has hired a new chief executive to pilot its push beyond the niche penetration-testing market.Core Security, which employs about 130 people in offices in Boston, Mass., and Buenos Aires, Argentina, has tapped former Sophos executive Mark Hatton […]

Microsoft plans to release four security bulletins March 11 to cover a number of remote code execution vulnerabilities affecting the Microsoft Office productivity suite.All four bulletins will be rated “critical,” Microsoft’s highest severity rating.According to the software vendor’s advance notice mechanism, three of the high-priority bulletins will cover holes in Microsoft Office while the fourth […]

The first beta of Microsoft’s new Internet Explorer 8 browser looks surprisingly sparse on security-related features and improvements.The browser makeover, expected to be unveiled at the MIX08 conference in Las Vegas this week, will feature several nifty productivity features but there’s a conspicuous absence of information about whether IE8 will include anti-malware blockers, anti-virus integration […]

As I mentioned in this eWEEK story on the conspicuous absence of information on security-themed goodies in Internet Explorer 8, it looks like the browser refresh will have some form of malware protection. This screenshot from Microsoft showing the new Safety Filter suggests there’s a drive-by malware-blocking component: From Microsoft’s explanation: “The Safety Filter continues […]

Google’s Android software development kit is using several outdated and vulnerable open-source image processing libraries, according to an alert from Core Security, a company that specializes in penetration-testing software.In an advisory released Mar. 4, Core Security identified several exploitable heap overflows and integer overflows haunting Android, Google’s software stack for mobile devices that includes an […]

Researchers at Indiana University have raised an alert for a difficult-to-fix vulnerability affecting certain Canon Multifunction printers.The flaw, which affects about 20 different Canon MFP models, could allow remote attackers to redirect traffic to other sites via the PORT command.This issue is known as FTP bounce and is related to an old issue in FTP […]

A slew of software companies new and old are shipping tools aimed at slowing the botnet epidemic, but the emergence of this new market is seen by some analysts as an indictment of the existing anti-malware industry.With reliable statistics showing a dramatic rise in botnet-related computer infections, venture capitalists are now pouring money into startups […]