Skype bug allows capturing of users’ IP address
Skype users that might – for whatever reason – wish to remain anonymous are currently in danger of getting their remote and local IP addresses discovered via a …
Incessant Blackhole spam runs likely made by same group
A seemingly never-ending string of spam email campaigns leading to websites hosting the infamous Blackhole exploit kit are hitting inboxes around the world in waves. The …
Majority of web apps vulnerable to most frequent exploits
84 percent of web applications from public companies were deemed unacceptable when measured against the OWASP Top 10 most frequently exploited web application vulnerabilities, …
Hotmail remote password reset 0-day bug found, patched
A critical security flaw affecting Microsoft’s Hotmail has been detected almost simultaneously by Vulnerability Lab researchers and a Saudi Arabia hacker and, until a …
Trojanized Angry Birds offered for download
The extreme popularity of Rovio’s Angry Birds mobile game has made it and its special editions perfect for luring unsuspecting users into downloading malware. A …
0-day in Backtrack Linux found, patched
A zero-day vulnerability affecting the last version of Backtrack Linux has been spotted by a student during an Ethical Hacking class organized by the InfoSec Institute. The …
Fake US Airways emails lead to Zeus variant
A US Airways-themed spam campaign aiming at infecting users with a variant of the Zeus banking Trojan has been hitting inboxes for the last two weeks, says Kaspersky Lab …
How much does a 0-day vulnerability cost?
The market for exploits for zero-day vulnerabilities has exploded in the last year, says Adriel Desautels, the founder of Netragard, a penetration testing and vulnerability …
Working exploit for MS12-020 RDP flaw found
The vulnerability in Microsoft’s Remote Desktop Protocol (RDP) implementation (MS12-020) – a patch for which has been released by during the last Patch Tuesday …
Teen exploits three 0-days to hack Chrome, earns $60K from Google
The end of this year’s editions of the Pwn2Own and Pwnium contests has been marked by another Chrome hack, executed by a teenage security researcher that goes by the …
Flash vulnerability exploited to deliver malware
Attackers are once again exploiting the public’s tendency for not keeping its software updated and its ongoing interest about Iran and its nuclear program to infect …
Bogus US SEC notification leads to malware
Notifications purportedly sent by the US Securities and Exchange Commission have been hitting inboxes and trying to trick users into following a malicious link, warns GFI. The …