-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Microsoft issues emergency patch for 10 IE holes
,----[ Quote ]
| Microsoft issued an emergency security
| update on Tuesday to plug 10 holes in
| Internet Explorer, including a critical
| vulnerability that has been exploited in
| attacks in the wild.
|
| The cumulative update, which Microsoft
| announced on Monday, resolves nine
| privately reported flaws and one that was
| publicly disclosed. The most severe
| vulnerabilities could lead to remote code
| execution and a complete takeover of the
| computer if a user were to view a malicious
| Web site using IE, Microsoft said in the
| bulletin summary.
`----
http://news.cnet.com/8301-27080_3-20001428-245.html
Microsoft patches a gaping security hole
,----[ Quote ]
| SOFTWARE INSECURITY SISYPHUS Microsoft has
| released an out-of-cycle patch for users
| lazy or ignorant enough to still be using
| an old version of Internet Explorer.
|
| It's generally rare that threats are deemed
| serious enough for Microsoft to not wait
| until its next Patch Tuesday, which would
| be April 13th now, but a vulnerability hit
| Internet Explorer 6 and 7 that left them
| open to potential remote code execution.
`----
http://www.theinquirer.net/inquirer/news/1598921/microsoft-patches-gaping-security-hole
Botnet pierces Microsoft Live through audio captchas
,----[ Quote ]
| The prolific Pushdo spam botnet has found a
| new way to penetrate Microsoft's Live.com
| by exploiting weaknesses in the audio
| captchas designed to prevent automated
| scripts from accessing the popular email
| service.
|
| A new version of the bot causes infected
| PCs to pull down Live.com audio captchas
| and return the correct response within 10
| seconds, according to a researcher at anti-
| virus firm Webroot. The attack allows the
| zombie machines to send email through
| accounts with a Live.com address, which are
| whitelisted by many spam filters. The
| technique offers spammers an alternative to
| sending spam through open mail relays,
| which are often blacklisted.
`----
http://www.theregister.co.uk/2010/03/22/microsoft_live_captcha_bypass/
MS coughs to Hotmail block
,----[ Quote ]
| Microsoft has apologised to its UK Hotmail
| users after some of the software vendor's
| IP addresses were embarrassingly blocked
| due to spamming.
|
| "Microsoft is dedicated to providing the
| most trusted and protected consumer
| experience on the web," said a Redmond
| spokesman.
`----
http://www.theregister.co.uk/2010/03/29/microsoft_hotmail_spamming_ip_addresses/
Beware Botnet's Return, Security Firms Warn
,----[ Quote ]
| Why Rustock has adopted this technique is
| open to debate. Adding TLS to outbound spam
| slows the rate at which spam can be
| delivered, which would seem to hurt the
| spammer's intention to spread non-
| legitimate email as far and fast as
| possible. It is also the case that TLS-
| encrypted email is no longer automatically
| trusted by receiving servers, so it is
| unlikely to be a simple evasion technique.
`----
http://www.pcworld.com/article/192668/beware_botnets_return_security_firms_warn.html
Unfashionable DDoS attacks still menace websites
,----[ Quote ]
| Internet security research firm Team Cymru
| has begun publishing a four part series
| explaining the hows and whys of denial of
| service attacks.
`----
http://www.theregister.co.uk/2010/03/23/ddos_essentials/
Trojan poses as Adobe update utility
,----[ Quote ]
| Duc explains: "From analysis, we found that
| malware is written in Visual Basic, faking
| such popular programs as Adobe, DeepFreeze,
| Java, Windows, etc. In addition, on being
| executed, they immediately turn on the
| following services: DHCP client, DNS
| client, Network share and open port to
| receive hackerâs commands."
`----
http://www.theregister.co.uk/2010/03/29/software_update_trojan/
New Malware Overwrites Software Updaters
,----[ Quote ]
| For the first time security researchers
| have spotted a type of malicious software
| that overwrites update functions for other
| applications, which could pose additional
| long-term risks for users.
|
| The malware, which infects Windows
| computers, masks itself as an updater for
| Adobe Systems' products and other software
| such as Java, wrote Nguyen Cong Cuong, an
| analyst with Bach Khoa Internetwork
| Security (BKIS), a Vietnamese security
| company, on its blog.
`----
http://www.pcworld.com/article/192422/new_malware_overwrites_software_updaters.html?tk=rss_news
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAku0gr4ACgkQU4xAY3RXLo6a1gCgsRnudq0VC0i954uIgA+3Ycil
e+cAn3BdilB5ebPHBrF00Vpao3iN31NI
=6mgS
-----END PGP SIGNATURE-----
|
|
