Mobile Security a hot topic at CTIA

Patches from Microsoft, Adobe, Debian, others Kraken, Not New But Still Newsworthy? 10 security threats to watch for, and other interesting reading

Microsoft patches critical bugs in Windows graphics system
Microsoft issued a critical patch for two vulnerabilities in the core graphics subsystem of Windows, one of eight fixes released Tuesday as part of its monthly security updates. IDG News Service, 04/08/08.

Microsoft advisories:

Vulnerability in Microsoft Project Could Allow Remote Code Execution

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Microsoft patches critical bugs in Windows graphics system
Microsoft issued a critical patch for two vulnerabilities in the core graphics subsystem of Windows, one of eight fixes released Tuesday as part of its monthly security updates. IDG News Service, 04/08/08.

Microsoft advisories:

Vulnerability in Microsoft Project Could Allow Remote Code Execution

Vulnerabilities in GDI Could Allow Remote Code Execution

Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution

Security Update of ActiveX Kill Bits

Cumulative Security Update for Internet Explorer

Vulnerability in DNS Client Could Allow Spoofing

Vulnerability in Windows Kernel Could Allow Elevation of Privilege

Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution

Related:

US-CERT: Microsoft Updates for Multiple Vulnerabilities
**********

Adobe fixes seven flaws in Flash Player
Adobe has upgraded its Flash Player to fix seven vulnerabilities in the graphics and video software widely used for interactive Web pages and banner advertisements. Adobe classifies the patches as "critical" and advises people upgrade to the latest version, 9.0.124.0. All of the vulnerabilities could allow a hacker to execute code on a machine. IDG News Service, 04/09/08.

Adobe advisory

US-CERT Advisory: Adobe Flash Updates for Multiple Vulnerabilities
**********

Five new updates from Debian:

pdns-recursor (cache poisoning attack)

vlc (multiple flaws)

libcairo (integer overflow, code execution)

openldap2.3 (multiple flaws)

lighttpd (denial of service)
**********

Four new patches from Gentoo:

PECL APC (buffer overflow, code execution)

UnZip (double free flaw, code execution)

NX (multiple flaws)

MySQL (multiple flaws)
**********

Today's malware news:

Kraken, Not New But Still Newsworthy?
There's recently been quite much fuss about a botnet of spam trojans dubbed Kraken. There've been some claims that the botnet is the biggest currently out there, massing over 400,000 infected computers. Most vendors in the industry have been wondering about the numbers, which seem to be a bit bloated when taking a look at received samples. F-Secure blog, 04/09/08.

Symantec: Kraken to Surpass Storm

New attack kit targets bag of ActiveX bugs
Hackers are using a new multiple-attack package composed of seven ActiveX exploits, many of them never seen in the wild before, said a security company on Friday. Fewer than half of the flawed ActiveX controls have been patched. Computerworld, 04/07/08.
**********

From the interesting reading department:

Video: Bluefire protects mobile devices against attack
In a rather chilling demo with Bluefire Security Technologies, Keith finds out how easy it is for someone to attack a mobile device. Network World, 04/09/08.

Podcast: How the FCC's 700mhz auction could open the door for mobile malware
Threats to mobile devices today mostly take the form of a lost or stolen device containing sensitive information. But the recent 700mhz spectrum auction, which requires open access in some blocks, could pave the way for more malware on your smartphone. Jeff Ailiber and Tom Bowers of Kaspersky Lab talk about the potential threat and what can be done to protect your mobile device. (11:00)