The United States have accused three men of running an operation that used fraudulent ads to dupe internet users in more than 60 countries into buying more than $100 million worth of rogue anti-virus software. This was done by showing false virus warnings or other fake warnings about critical system issues on the screen and convincing users to buy treatments for those.
The defendants took advantage of online ads that they were able to post on different internet publishers websites. The publishers were not aware of true nature of the ads that rode on well known company names. Some scam products sold were DriveCleaner, ErrorSafe, Malware Alarm, Antivirus 2008 and VirusRemover 2008.
The press release can be read here.
Saturday, May 29, 2010
Wednesday, May 26, 2010
McAfee Buys Trust Digital To Get Foot-hold On Mobile Security
McAfee has announced that it's going to acquire Trust Digital. Trust Digital is a leading provider of enterprise mobility management (EMM®) and security software for Forbes Global 2000 companies. "McAfee expects that Trust Digital’s strong foot-hold in the mobile security market will extend McAfee’s endpoint market, addressing a wide range of mobile operating systems including iPhone OS, Android, Web OS, Windows Mobile, and Symbian."
The acquisition is expected to close by June 30 2010. McAfee press release can be read here.
The acquisition is expected to close by June 30 2010. McAfee press release can be read here.
Sunday, May 23, 2010
McAfee Threats Report of First Quarter 2010
McAfee has released a report taking a look at the first quarter 2010 cyber threats. The report can be downloaded here.
Wednesday, May 19, 2010
Unpatched Vulnerability In Latest Windows Versions
Microsoft is investigating a reported vulnerability in the Windows Canonical Display Driver (cdd.dll). If successfully exploited, the vulnerability could allow code execution.
Affected Windows versions are:
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems (Server Core installation not affected)
Windows Server 2008 R2 for Itanium-based Systems
More information:
MSRC blog post
Related Microsoft Security Advisory
Affected Windows versions are:
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems (Server Core installation not affected)
Windows Server 2008 R2 for Itanium-based Systems
More information:
MSRC blog post
Related Microsoft Security Advisory
Saturday, May 15, 2010
New Shockwave Player Available
Adobe has released a new version of their Shockwave Player. Update contains fixes to several critical vulnerabilities that can be exploited to execute arbitrary code in target system.
Users with Shockwave Player older than 11.5.7.609 should update their players. The latest version can be downloaded here.
More information can be read from the correspondent security bulletin.
Users with Shockwave Player older than 11.5.7.609 should update their players. The latest version can be downloaded here.
More information can be read from the correspondent security bulletin.
Labels:
adobe,
security,
shockwave player,
update,
vulnerability
Friday, May 14, 2010
Mozilla Plugin Checker To Check Other Browsers' Plugins Too
Last fall Mozilla made available a website that Firefox users could use to check if their browser plugins were outdated. Now Mozilla has extended the plugin check to other browsers too. At the moment, supported are Safari 4, Chrome 4 and Opera 10.5. Support for the most popular, but not for all yet, plugins of Internet Explorer 7 and 8 is included too.
More information in Mozilla blog.
More information in Mozilla blog.
Tuesday, May 11, 2010
Microsoft Security Bulletin Summary for May 2010
Microsoft has released security updates for May 2010. This month update contains fixes for two vulnerabilities which both are categorized as critical:
MS10-030: Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542)
MS10-031: Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213)
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
For consumer the easist way to get the update is to use Microsoft Update service.
MS10-030: Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542)
MS10-031: Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213)
A new version of Windows Malicious Software Removal Tool (MSRT) was released too.
More information can be read from the bulletin summary.
For consumer the easist way to get the update is to use Microsoft Update service.
Monday, May 10, 2010
Updated Foxit Reader Blocks "Launch" Issue
Foxit Software has released a new version of their PDF viewer software. Foxit Reader 3.3 contains "Trust Manager" that blocks all external commands that may be tucked into a PDF document. The update is a response to reported malware campaigns abusing unfixed "/Launch" flaw.
Source
Source
Labels:
exploit,
foxit reader,
pdf reader,
security,
update
Monday, May 3, 2010
Update For Opera Available
Opera Software has released an update for their Opera web browser. Version 10.53 contains fix to a vulnerability categorized as "extremely severe".
Extremely severe:
Multiple asynchronous calls to a script that modifies the document contents can cause Opera to reference an uninitialized value, which may lead to a crash. To inject code, additional techniques will have to be employed.
Opera users are strongly recommended to update to 10.53 version. New version can be downloaded here.
Changelog of Windows version
Extremely severe:
Multiple asynchronous calls to a script that modifies the document contents can cause Opera to reference an uninitialized value, which may lead to a crash. To inject code, additional techniques will have to be employed.
Opera users are strongly recommended to update to 10.53 version. New version can be downloaded here.
Changelog of Windows version
Vulnerability In Adobe Photoshop CS4
There has been found a critical vulnerability in Photoshop CS4. Successful exploitation of the vulnerability makes it possible for an attacker to take control of the affected system. This can be done by luring user to open specially crafted .TIFF file.
Users of the affected version are recommended to update their Photoshop CS4 to version 11.0.1. More information can be read from Adobe security bulletin.
Users of the affected version are recommended to update their Photoshop CS4 to version 11.0.1. More information can be read from Adobe security bulletin.
Saturday, May 1, 2010
Unpatched Vulnerability In Microsoft SharePoint
Microsoft is investigating reported cross-site scripting (XSS) vulnerability in SharePoint Services 3.0 and SharePoint Server 2007. "The vulnerability could allow an attacker to run arbitrary script that could result in elevation of privilege within the SharePoint site, as opposed to elevation of privilege within the workstation or server environment."
More information and instructions how to mitigate the issue can be found here.
More information and instructions how to mitigate the issue can be found here.
Subscribe to:
Posts (Atom)