malicious code

malicious code

Windows driveby attack on aeronautical website may be state sponsored

arstechnica.com
The website of a European aeronautical parts supplier was infected with an exploit that uses an unpatched Windows vulnerability to execute malicious code on end users' computers, researchers from antivirus provider Sophos said. The active exploit of an XML Core Services package in all supported versions of Windows, which Ars...
Windows driveby attack on aeronautical website may be state sponsored
App developer calls critic "f*cken little know it all"; site goes down

Can Ubuntu Save Online Banking?

linux.slashdot.org
CWmike writes with a pointer to this ComputerWorld mention of an interesting application of Live CDs, courtesy of Florida-based regional bank CNL: "Recognizing that most consumers don't want to buy a separate computer for online banking, CNL is seriously considering making available free Ubuntu bootable 'live CD' discs in its...
Can Ubuntu Save Online Banking?

Shamoon Malware Threatens to Wipe Your Drive

www.pcworld.com
The malicious code -- also called Disttrack -- may be part of a directed attack at energy companies, but could take down other systems in its wake....
Shamoon Malware Threatens to Wipe Your Drive

Samsung and HTC Android phones vulnerable to 'remote wipe' hack

www.guardian.co.uk
Code embedded as innocent link could run factory reset on Samsung Galaxy S3 and S2, as well as HTC One X and DesireMillions of Android handsets including the Samsung Galaxy S3, Galaxy S2, HTC One X and HTC Desire can be wiped just by visiting a malicious website that embeds...
Samsung and HTC Android phones vulnerable to 'remote wipe' hack
Adventures in rooting: Running Jelly Bean on last year's Kindle Fire

Important vulnerability fix rolled out in Microsoft Office update

www.appleinsider.com
Microsoft on Tuesday rolled out updates for both the 2008 and 2011 versions of its Office for Mac software suite, most importantly bringing a fix for vulnerabilities that allowed an attacker to overwrite a computer's memory with malicious code....
Important vulnerability fix rolled out in Microsoft Office update

Adobe patches six critical vulnerabilities in Shockwave Player

www.pcworld.com
Adobe has fixed six critical vulnerabilities in Shockwave Player that could potentially be exploited by attackers to execute malicious code, via the release of version 11.6.8.638 of the software. Five of the patched flaws are buffer overflow vulnerabilities and one is an out-of-bounds array bug. Adobe credits Will Dormann...
Adobe patches six critical vulnerabilities in Shockwave Player
Firewalls on AT&T and 47 other carriers make phones vulnerable to hijacking, researchers find

Security Service Automatically Removes Malicious Code From Web Pages

www.pcworld.com
Startup vendor StopTheHacker has added a feature to its subscription security service that automatically removes malicious code placed on Web pages by hackers....
Security Service Automatically Removes Malicious Code From Web Pages

Facebook targeted by hackers, says no user data compromised

www.pcworld.com
Facebook said Friday it had been the target of a sophisticated hacking attack but that it had no evidence any user data had been compromised. The attack comes two weeks after Twitter asked 250,000 of its users to reset their passwords after it too was hacked. In the same...
Facebook targeted by hackers, says no user data compromised

Links to Pirate Bay temporarily fall foul of Live Messenger's malware blocking

arstechnica.com
Over the weekend, users of Microsoft's Windows Live Messenger instant-messaging service found themselves unable to send and receive links to torrent site the Pirate Bay, as reported by TorrentFreak, leading to speculation that Microsoft had singled out the Pirate Bay as a target for censorship. Though the block now...
Links to Pirate Bay temporarily fall foul of Live Messenger's malware blocking

iPhone hacked at Pwn2Own contest

www.tuaw.com
Filed under: Security An iPhone got hacked in just 20 seconds at this week's Pwn2Own hacking contest at CanSecWest 2010, reports Ryan Naraine for ZDnet. Hackers Vincenzo Iozzo and Ralf Philipp Weinmann demoed an exploit that allowed them to send a target iPhone to a web site that they'd set...
iPhone hacked at Pwn2Own contest
Google's Android malware scanner detects only 15 percent of malicious code in test

Gee, We Wonder Who Might Want to Cyber Attack South Korea

betabeat.com
Hackin’ Even as Guccifer goes on a tear, releasing Hova’s credit reports and Hillary Clinton’s emails, our friends in South Korea are having some computer problems of their own. Earlier today (in the middle of the afternoon, Seoul-time), computer networks at two of the country’s banks and three TV stations...
Gee, We Wonder Who Might Want to Cyber Attack South Korea
Malicious code added to open-source Piwik following website compromise

Dropbox warns “illegitimate” users against nabbing HTC storage, but will it be able to spot them?

thenextweb.com
File sharing giant Dropbox has warned that users who try to scam its partnership with HTC for 23GB of free mobile storage will be detected and have their accounts closed. Earlier this year, HTC announced a deal which will see Dropbox provide  cloud storage for its upcoming Sense 4.0 devices....
Dropbox warns “illegitimate” users against nabbing HTC storage, but will it be able to spot them?
Anonymous builds its own PasteBin-like site
Amnesty International malware attack: when bad things happen on good sites

Another Security Hole Found On Yelp, Facebook Data Once Again Put At Risk

techcrunch.com
Stop me if this sounds familiar. Last night, we reported on a security exploit discovered by web security consultant George Deglin that would allow a malicious site to quietly harvest a user’s Facebook friend list, email address, and other data. The exploit used a technique called Cross Site Scripting (XSS)...
Another Security Hole Found On Yelp, Facebook Data Once Again Put At Risk

Hacker commandeers GitHub to prove Rails vulnerability

arstechnica.com
A Russian hacker dramatically demonstrated one of the most common security weaknesses in the Ruby on Rails web application language. By doing so, he took full control of the databases GitHub uses to distribute Linux and thousands of other open-source software packages. Egor Homakov exploited what's known as a...
Hacker commandeers GitHub to prove Rails vulnerability

Web exploit figures out what OS victim is using, customizes payload

arstechnica.com
Malicious code inside this Java file loads a different trojan depending on the operating system used by the target. F-Secure Security researchers have found a live Web exploit that detects if the target is running Windows, Mac OS X, or Linux and drops a different trojan for each platform....
Web exploit figures out what OS victim is using, customizes payload

Attention all Windows users: patch your systems now

arstechnica.com
Online attackers are actively exploiting a vulnerability in Internet Explorer that allows them to execute malicious code on computers that visit booby-trapped websites, researchers said in an advisory that underscores the importance of installing a Microsoft patch as soon as possible. The exploit of a critical IE bug, reported by...
Attention all Windows users: patch your systems now

How an iOS developer site led to hacking of Apple and Facebook, without the owner's knowledge

thenextweb.com
Yesterday’s announcement that several computers inside Apple had been hacked made a lot of waves. This followed a breach announced earlier this month at Facebook and it had a common feature: an iOS developer forum called iPhone Dev SDK. The site, owned by Ian Sefferman, was used to host malicious...
How an iOS developer site led to hacking of Apple and Facebook, without the owner's knowledge

Security Experts Push Ukraine to Drop VX Heavens Prosecution

www.pcworld.com
For more than a decade, "Herm1t" -- the online nickname of Andrey Baranovich -- has chronicled the development of malicious code on a website called VX Heavens....
Security Experts Push Ukraine to Drop VX Heavens Prosecution

Google updates Play developer policy, bans non-Play app updates

www.electronista.com
Google has updated its Play store with a small change to its developer program policies, to prevent malicious code appearing on devices. The small change now forbids applications supplied through the Google Play store from receiving updates using another process, in an effort to improve the overall security of apps...
Google updates Play developer policy, bans non-Play app updates

New vulnerability in latest versions of Adobe Reader is being exploited in the wild: Use another PDF reader

thenextweb.com
A new Adobe Reader 0-day vulnerability has been discovered, and is already being exploited in the wild. Currently, disabling Adobe Reader and using another PDF reader is the only way to protect your computer. The finding comes from FireEye, which says the critical vulnerability allows criminals to inject malicious code...
New vulnerability in latest versions of Adobe Reader is being exploited in the wild: Use another PDF reader
Major vulnerability discovered for Galaxy S III and Galaxy Note II

Apple Patents Beef up iDevice Security against Malicious Code

www.patentlyapple.com
Back in January Peter Oppenheimer stated that the iPad was continuing "its unprecedented adoption in business. And as more businesses adopt iPads, Apple needs to ensure corporate IT departments that their security meets higher standards. Last week four new security patents came to light and were captured in our report...
Apple Patents Beef up iDevice Security against Malicious Code

It's About Time Google Did Something About All Those Nasty Android Apps (GOOG)

www.businessinsider.com
Google announced today it has a new system for rooting out malicious apps that creep their way into the Android Market. A lot of these apps disguise themselves as innocuous games in order to trick you into downloading them. Since Google doesn't have a strict review process for apps...
It's About Time Google Did Something About All Those Nasty Android Apps (GOOG)
× Just a test of the new info bar. What do you think?