Information about vulnerabilities that may effect your computing

Microsoft Security Bulletin MS10-046 – Critical

/
Microsoft Security Bulletin MS10-046 - Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)

Electric Grid Vulnerabilities Exposed

/
Computer networks controlling the electric grid are plagued with security holes says a new Energy Department report based on the findings of 24 assessments of computer-control systems performed between 2003 and 2009. Many are VERY basic.

Microsoft Plans Emergency Windows Patch for Monday August 2nd

/
Microsoft stated they will issue an emergency patch for the critical Windows shortcut bug on Monday, Aug. 2. The patch is set to be released on Monday at around 10 a.m. California time. The news of this vulnerability surfaced 2 weeks ago and with an of attackers trying to exploit this vulnerability, Microsoft has taken an out-of-band approach to fix the problem. To date SecurityOrb.com has learned a few companies were comprimised by this bug.

Researcher Intercepts GSM Cell Phones During Defcon Demo

/
DEFCON18 -- Las Vegas -- A hardware hacking expert here at Defcon18 successfully faked several attendees' cell phones into connecting to his phony GSM base station during a live demonstration that had initially raised concerns at the Federal Communications Commission (FCC).

iPhone Jailbreaking: Security Concern or Not?

/
For those who are not familiar with the term jailbreak, it is freeing a device from the constraints imposed by the vendor. It normally requires the installation of software on a computer that will allow it to be installed on the device thus breaking it wide open for access and full modification as well as access to third party non-approved software.

Crimeware Defined and Explained

/
Crimeware is malicious software used to initiate a crime that is typically Internet-based. During the past two years, crimeware attacks have increased at a far greater rate than the normal virus. International gangs of virus writers, hackers and spammers are joining forces to steal information and collect huge profits illegally.

NSA Developing Program to Detect Cyber-attacks: Report (eWeek)

/
The National Security Agency is reportedly launching a new program to protect against cyber-attacks targeting the country's critical infrastructure and government. However the program is also raising concerns, the Wall Street Journal reported.

Spyware: The New Annoying Threat

/
So what is this spyware? Spyware is software that collects personal information from your computer without your knowledge of the occurring event. Information gathered from spyware ranges from the collection of all web-browsing activities to collecting sensitive information like usernames, passwords, address and even your social security number. Spyware has the ability, when installed, to modify system settings, which perform undesirable tasks on your computer system. Furthermore, spyware has been known to redirect user’s web browsers, cause computers to dial services for which they are billed and install DLLs and other executables files to send your personal data to another computer. This is done by using the computer's memory resources and also by utilizing bandwidth, as it sends information back to the spyware's home server via the user's Internet connection. Because the spyware program is using memory and system resources, the applications running in the background can lead to system crashes or general system instability.

Microsoft Security Bulletin Summary for July 2010

/
This security update resolves a publicly disclosed vulnerability in the Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must click a link listed within an e-mail message.

Adobe Systems Patches 17 Critical Security Holes

/
On June 29, Adobe Systems plugged 17 critical security holes affecting Adobe Reader and Acrobat including a patch for a zero-day vulnerability that impacted many of their other products, on multiple operating systems such as Windows, Mac and Linux. The new versions of Acrobat and Reader are 8.2.3 and 9.3.3, but Adobe strongly recommends using the version 9.x products.