vulnerability

Microsoft has confirmed that a zero-day vulnerability affecting older versions of Internet Explorer could allow attackers to gain control of Windows-based computers to host malicious Web sites.

The company acknowledged the issue in a security advisory yesterday that included advice on how users can mitigate the threat posed by the flaw.

"Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8," Microsoft said, noting that more recent versions of the Web browser, including IE 9 and IE 10, were unaffected.

The remote code execution vulnerability affects the way the browser accesses memory, … Read more

A suspected security hole affecting a handful of Samsung smartphones could give apps access to user data and leave the handset vulnerable to malicious apps and bricking, according to a developer.

The vulnerability, which was discovered and detailed by an XDA member with the handle "alephzain," lies in Exynos 4, the ARM-based system-on-chip typically found in Samsung smartphones and tablets. Alephzain developed an exploit he said bypasses the system permissions, allowing any app to extract data from the device's RAM or inject malicious code into the kernel.

Alephzain said that he stumbled upon the vulnerability while trying … Read more

An exploit selling for $700 may put millions of Yahoo Mail users at risk of having their e-mail account hijacked and their browsers redirected to malicious sites.

Marketed by an allegedly Egyptian hacker on a cybercrime forum, the exploit targets a cross-site scripting (XSS) vulnerability in Yahoo.com that allows attackers to steal and replace tracking cookies, as well as read and send e-mail from a victim's account. Typically, an attacker will encode a malicious link in e-mails; the script is executed when the unsuspecting recipient clicks on the link, allowing access to the cookies and other sensitive information. … Read more

A laptop, an inexpensive transmitter, and a little technical knowledge is all that's necessary to take down the high-speed wireless data networks that are being embraced as the future of wireless communications, researchers warn.

As wireless consumers are increasingly doing more with their smartphones, demand for faster, persistent connections is also growing. Boasting speeds four times as fast as current 3G networks, long-term evolution (LTE) is being deployed across the country by every wireless carrier in the United States. Verizon, which was the first national carrier to launch LTE, expects to have the networks in 400 markets by the … Read more

Most people know that computers require regular maintenance, even if they're not quite sure what that should consist of. Windows Doctor provides a suite of utilities that can keep your machine running at its best by addressing a wide range of performance and security issues. If you're in the market for something that will take care of problems without asking too much of you in the way of decision-making, Windows Doctor is a good choice.

The program's interface is sleek and intuitive, with its features arranged in tabs labeled System Booster, System Security, Registry Cleaner, Privacy Cleaner, … Read more

Mozilla released a new version of Firefox (Windows, Mac) today, one day after yanking the Web browser to address security flaws.

Firefox 16 was pulled off Mozilla's installer page yesterday, just one day after its release, to fix a vulnerability that could have allowed a malicious site to identify which Web sites a user had visited, said Michael Coates, Mozilla's director of Security Assurance. The flaw was publicly disclosed yesterday by security researcher Gareth Heyes, who published proof-of-concept code to demonstrate the vulnerability.

Though Mozilla said it had no evidence that the vulnerability was being exploited in the … Read more

A new company called ZeroVulnerabilityLabs says that it has solved the Gordian knot of exploits, slicing through the complicated, Hydra-headed problem with a single stroke from a software weapon it calls ExploitShield.

Available exclusively today from Download.com, the first ExploitShield Browser Edition beta (download) appears to stop all manner of exploits, from those affecting browsers directly to browser plug-ins like PDF readers, Flash, and Java, to Microsoft Office components, to a handful of media players. The potential for raising the level of computer security here is huge, as a vast number of threats are actually mutations of malware, sold in kits like BlackHole, … Read more

A researcher showed today that Oracle's databases could be hacked with brute-force attacks using only the database's name and a username, according to Kaspersky Lab Security News.

Esteban Martinez Fayo, who works for AppSec Inc., was demonstrating his discovery at a security conference in Argentina and said that within just five hours on a regular PC using a special tool he could hack through easy passwords and access users' data.

"It's pretty simple," Martinez Fayo told the security blog Dark Reading. "The attacker just needs to know a valid username in the database, and … Read more

A developer is taking Virgin Mobile USA to task, arguing that its username and password handling put users at risk.

Kevin Burke yesterday took to his personal blog to report that Virgin Mobile's authentication process only allows for users to input numbers as their account PIN. What's worse, he says, the password is limited to six numbers, leaving "only one million possible passwords you can choose."

"This is horribly insecure," Burke wrote. "Compare a 6-digit number with a randomly generated 8-letter password containing uppercase letters, lowercase letters, and digits -- the latter has … Read more