17 News Story Topics

Remove Filter
Member Avatar for
Member Avatar for happygeek

Earlier this month, security outfit FireEye’s 'FireEye as a Service' researchers out in Singapore [discovered and reported](https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html) on a phishing campaign that was found to be exploiting a zero-day in Adobe Flash Player vulnerability (CVE-2015-3113). That campaign has been well and truly active for a while now, with attacking emails …

Member Avatar for diafol
2
511
Member Avatar for happygeek

A 22 year old vulnerability, yes you read that right, has been discovered which some security experts suggest could be bigger than Heartbleed. The bug, reported as '[CVE-2014-6271:remote code execution through bash](http://seclists.org/oss-sec/2014/q3/649)' relates to how environment variables are processed: with trailing code in function definitions being executed independently of the …

Member Avatar for Djmann1013
6
932
Member Avatar for happygeek

Java vulnerabilities have hardly been out of the news during the last year. Here at DaniWeb we've covered a number of the stories as they surfaced: [Java in the cross-hairs: the security debate rolls on](http://www.daniweb.com/software-development/java/news/445532/java-in-the-cross-hairs-the-security-debate-rolls-on), [Is Java 7 still insecure? Oracle Patch doesn't fix underlying vulnerability](http://www.daniweb.com/software-development/java/threads/432479/is-java-7-still-insecure-oracle-patch-doesnt-fix-underlying-vulnerability), [Update my insecure Java …

Member Avatar for masijade
3
358
Member Avatar for happygeek

Microsoft has published an [advance notification](http://technet.microsoft.com/en-us/security/bulletin/ms13-jan) for vulnerabilities that will be patched in the January 2013 'Patch Tuesday' security bulletin due next week. However, anyone hoping for a permanent fix to deal with the Internet Explorer zero-day exploit that surfaced during the seasonal holiday period is going to be disappointed. …

Member Avatar for LastMitch
0
313
Member Avatar for happygeek

Reports are coming in thick and fast about 'state-sponsored' zero-day exploits hitting business websites in the UK. The latest, disclosed yesterday by [SophosLabs](http://nakedsecurity.sophos.com/2012/06/20/aeronautical-state-sponsored-exploit/), involves an as yet unnamed European aeronautical parts supplier and follows on from another the day before involving a European medical company site. In both cases the …

Member Avatar for jwenting
1
524
Member Avatar for happygeek

Last week saw the discovery of YAJE: Yet Another Java Exploit. Sadly, Java vulnerabilities are neither new nor uncommon and the bad guys are quick to exploit them in the wild. Some claim that Oracle is in too much of a rush to extricate itself from this unholy mess and …

Member Avatar for gyno
3
555
Member Avatar for happygeek

Microsoft Security Advisory notices do not, as a rule, make the media sit up and take much notice. Not least as they have become relatively commonplace over the years, but every now and then one comes along which may grab some press attention. Take [MSA 2718704](http://technet.microsoft.com/en-us/security/advisory/2718704) for example. ![dweb-microsoftflamed](/attachments/large/0/dweb-microsoftflamed.jpg "dweb-microsoftflamed") …

Member Avatar for LastMitch
2
330
Member Avatar for happygeek

If you are a user of Adobe Flash, be sure to apply the latest security update if you want to avoid becoming part of an in-the-wild attack exploiting a vulnerability which currently seems to be exploiting users of Internet Explorer on the Windows platform only. Adobe has, however, issued an …

Member Avatar for happygeek
0
706
Member Avatar for happygeek

[ATTACH=RIGHT]21548[/ATTACH]Earlier this week a hacker group called Dev-Team launched a revamped website service that enables owners of the iPhone 4 and iPad 2 (amongst a myriad other iOS-powered devices) to jailbreak them in next to no time, for free, online. The [URL="http://blog.iphone-dev.org/post/890709355/the-return-of-jailbreakme-com"]JailBreakMe site exploits a vulnerability[/URL] with the way that …

Member Avatar for swebsitedesign
1
436
Member Avatar for EricMack

[ATTACH=right]16305[/ATTACH]No more shortcuts for hackers - that's the word from Microsoft, which plans to release a patch today that the company says will fix a security loophole. The issue is tied to the way the Windows OS handles shortcuts, or .lnk files, or as Microsoft explains it in the [URL="http://www.microsoft.com/technet/security/advisory/2286198.mspx"]official …

1
337
Member Avatar for EddieC

Microsoft on Tuesday is set to release six security updates, three of which it has deemed critical and apply only to versions of Windows other than Windows 7. Microsoft released advance notice of its [url=http://www.microsoft.com/technet/security/Bulletin/MS09-nov.mspx]Security Bulletin for November[/url], on Nov. 5. The bulletin itself will be released on Tuesday along …

0
263
Member Avatar for happygeek

According to a new report, published today by SANS, the overwhelming majority of all cyber-security risks can be laid at the door of just two areas: unpatched client-side software and vulnerable Internet facing web sites. The report was compiled by Rohit Dhamankar, Mike Dausin, Marc Eisenbarth and James King of …

1
503
Member Avatar for EddieC

Microsoft yesterday released a [url=http://support.microsoft.com/kb/954593]security update[/url] intended to fix eight critical vulnerabilities in as many as 42 Windows apps and components, including IE6, Media Player, Office, SQL Server and Visual Studio. The patch was made available before they could be discovered and exploited by malicious hackers, or at least before …

0
193
Member Avatar for newsguy

Apple has rolled no less than 25 patches into the [URL="http://www.apple.com/support/downloads/"]Mac OS X 10.5.4 Leopard update[/URL] that was announced yesterday. These address a number of Ruby vulnerabilities, as reported [URL="http://www.daniweb.com/blogs/entry2657.html"]here on DaniWeb[/URL] last month by fellow blogger Davey Winder. So that's six of the patches accounted for at any rate. …

0
510
Member Avatar for EddieC

Microsoft today gave [URL=http://www.microsoft.com/technet/security/bulletin/ms08-jun.mspx] advance notice [/URL]of a security bulletin it will release on Tuesday to repair seven vulnerabilities in Windows and Internet Explorer, three of them critical. The three critical warnings involve potential remote code execution, and affect Bluetooth, DirectX and IE. According to reports, the latter patch might …

0
142
Member Avatar for happygeek

It should come as no surprise that the upcoming 'Patch Tuesday' from Microsoft should include critical patches covering the likes of VBScript and Jscript implementation in Windows 2000, XP and 2003. However, [URL="http://www.itpro.co.uk/news/184764/not-even-vista-sp1-escapes-next-patch-tuesday.html"]some reporters[/URL] have expressed just a little astonishment that both Windows Server 2008 and Vista SP1 are also …

0
137
Member Avatar for happygeek

A browser with vulnerabilities that could lead to arbitrary code execution and cross-site scripting attacks. An urgent automatic update to patch eight such vulnerabilities, five of which are rated as critical and the complete set as ‘highly critical’ by security exploits tracker Secunia. And even then missing a password management …

Member Avatar for Riv3n
0
191

The End.