You are previewing premium content. Two new Microsoft bugs in the wild
Patches from Gentoo, Ubuntu, Debian, others Rock Phish gang adds second punch to phishing attacks MySpace hack reveals profile visitors, and other interesting reading
Chinese blogs detail zero-day flaw in Microsoft Works
Chinese-language blogs are detailing a zero-day vulnerability in Microsoft Works, the company's lower-end office productivity
suite, according to security vendor McAfee. The vulnerability is within an ActiveX control for the Works' Image Server, wrote
McAfee analyst Kevin Beets. A PC would need to visit a Web site engineered to exploit the flaw, Beets wrote.
McAfee Avert Labs blog: Potential Microsoft Works ActiveX Zero-Day Surfaces
Microsoft rings alarm on Windows rights bug
Microsoft Corp. yesterday issued a security alert to warn users of a bug in most versions of Windows, but didn't promise to
fix the flaw or -- if it does patch the problem -- say when a fix would be released. Computerworld, 04/18/08.
Microsoft: Vulnerability in Windows Could Allow Elevation of Privilege
**********
Seven new patches from Gentoo:
PowerDNS Recursor (DNS cache poisoning)
Adobe Flash Player (multiple flaws)
PHP Toolkit (data leak, denial of service)
rsync (buffer overflow, code execution)
**********
Two new updates from Ubuntu:
Squid (denial of service)
**********
Six new fixes from Debian:
mplayer (input sanitization, code execution)
ClamAV (buffer overflows, code execution)
openoffice.org (multiple flaws)
**********
Three new patches from Mandriva:
ClamAV (buffer overflows, code execution)
policykit (format string, denial of service)
**********
Today's malware news:
Loads.CC Bot Still Live, Still Targeted
Enough has been written about the Loads.CC team to probably give you enough of a picture that you need to know. Some reports
suggested they went away, but they didn't. They’re still active. See these reports by RBN exploit, CIO magazine, 2-viruses.com,
this PC Week article by Scott B, and Adam T for a good background. The team is still quite active. Security to the Core blog,
04/17/08.
Rock Phish gang adds second punch to phishing attacks
A notorious online gang known for its prolific phishing operations has expanded its means of attack, potentially putting more
PC users at risk of losing personal data. IDG News Service, 04/21/08.
**********
From the interesting reading department:
MySpace hack reveals profile visitors
A security problem with MySpace has the potential to botch up law-enforcement efforts to track bad actors on the social-networking
site. IDG News Service, 04/17/08.
SANS solves mystery of mass Web site infections
The SANS Institute has uncovered what they've termed a "rare gem" as far as computer security investigations go that sheds
new light on how up to 20,000 Web sites have been hacked since January. IDG News Service, 04/17/08.
SANS ISC blog: The 10.000 web sites infection mystery solved
PayPal to block users with old browsers to cut back phishing
PayPal, eBay's electronic payment service, plans to take the dramatic step of locking out people using older versions of Web
browsers in order to stem phishing attacks. IDG News Service, 04/18/08.
Most Read
Videos
Rss FeedLatest News
Rss Feed
-
Network World, Inc
The Connected Enterprise