Tuesday, February 24, 2009

How much Google Knows about you?

COMING SOON!

Fake Facebook Apps May Steal Personal Data


Targeting Facebook users with a hoax application that attempts to steal personal information for ID fraud.

Click on the below link for more info on this:-

http://www.cio.com/article/481919/Fake_Facebook_Apps_May_May_Steal_Personal_Data

New Attacks Target IE7 Flaw

Internet attack trackers and antivirus companies warn that a flaw in Internet Explorer 7 (but not earlier versions) that Microsoft just patched last week is under attack in the wild. The attacks appear to be targeted and small-scale right now, but will likely grow.

More info read:-

http://www.cio.com/article/481234/New_Attacks_Target_IE_Flaw

Adobe Reader, Acrobat Vulnerable To Attack


Adobe Reader and Acrobat are vulnerable to hacker attacks that can compromise a computer. Symantec says the problem is an error in parsing structures within the PDF format that can allow a malicious binary to be executed. Adobe said the vulnerability is critical and recommends updating virus definitions. Adobe updates will arrive in March.

Security companies are warning of a vulnerability in two Adobe programs that could allow hackers to compromise your PC. Attackers are actively exploiting the flaw, although security researchers say the onslaught isn't yet widespread. Versions 9 and 8.x of Adobe Reader and Acrobat are affected. 
According to Adobe, this vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. Adobe categorizes this as a critical issue and recommends that users update their virus definitions and exercise caution when opening files from untrusted sources.

More info on this :-

http://www.enterprise-security-today.com/story.xhtml?story_id=113003WA5OQ9

Wednesday, February 11, 2009

Kaspersky DB Hit by SQL Injection Attack!

Kaspersky Database Hit by SQL Injection Attack (February 9, 2009) Kaspersky Lab has confirmed reports that an intruder was able to access a company database that holds customer information through an SQL injection attack. The information was exposed for a week and a half before the company became aware of the situation. A senior researcher at the company said that no customer data were accessed; the attack accessed only the database's table labels. Upon learning of the vulnerability, Kaspersky "immediately took action to roll back the [affected] subsection of the site to eliminate the risk." The company has hired an expert to investigate the breach
For more info:-
http://www.crn.com/security/213402735

New Microsoft Security Bulletins Released!

Microsoft has released 4 new security bulletins.

1. MS09-002: Cumulative Security Update for Internet Explorer (961260) http://www.microsoft.com/technet/security/bulletin/ms09-002.mspx
Severity: Critical
2. MS09-003: Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx
Severity: Critical
3. MS09-004: Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx
Severity: Important
4. MS09-005: Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634) http://www.microsoft.com/technet/security/bulletin/ms09-005.mspx
Severity: Important

Friday, February 6, 2009

Upcoming February Microsoft Security Bulletins!

looks like 4 bulletins coming out next Tuesday:

Internet Explorer (Critical)

Exchange (Critical)

SQL Server (Important)

Visio (Important)

For more information please visit:-

http://www.microsoft.com/technet/security/bulletin/ms09-feb.mspx