There’s another malware run underway on Twitter. A fairly large pool of fake accounts are sending out messages with popular hashtags and the text “haha this is the funniest video ive ever seen”. People see these messages when they look for trending topics in Twitter.

Visit link:
Twitter attack

“Liking” a fan page or a group on just about every page you stumble on Facebook may backfire someday and you’ll wish you hadn’t “liked” it at all. TrendLabs SM engineers found a dubious Facebook page that uses JavaScript code to spam everyone in a user’s Friends list

Visit link:
Dubious JavaScript Code Found in Facebook Application

Mozilla Firefox has a Plugin Check feature. Today, they’ve gone another step towards securing their browser from unsecure plugins. Firefox is now prompting users to block: A current list of all the plugins blocked can be found at http://www.mozilla.com/en-US/blocklist/ On 20/04/10 At 02:15 PM

More:
Firefox Blocks Unsecure Java Plugin

I wasn’t sure I’d see this Browser Choice update : I set my computer’s Regional Options for the United States even though it’s physically located in Finland (I’m an American after all). Regional settings might trump my IP address, I thought… but it seems not. I manually ran Microsoft Update and was provided access to KB976002

See the article here:
Select Your Web Browser(s)

The number of serious zero-day vulnerabilities and potential exploits discovered in recent days is higher than normal.

Link:
Multiple Vendors Affected By New Vulnerabilities

Google recently announced its latest service Google Buzz , which is considered as the company’s first step in entering the social-networking scene. Naturally, hordes of Internet users became interested in the new application.

The rest is here:
The Buzz on Google Buzz Malware

Why is it that banking trojans are a problem when all online banks are HTTPS secured and many of them employ multi-factor authentication?

Read more here:
Sprechen Sie SSL?

Any penetration tester would agree that pivot attacks, designed to compromise a secondary host to more effectively attack primary targets, are incredibly powerful. Organizations tend to have difficulty protecting all hosts at all times, which is why proper network segmentation is vital should loss of control occur on any one node. Often it’s easier to compromise a host from behind rather than head on

See the original post here:
Web 2.0 Pivot Attacks

There are several security issues affecting all major Web browsers that have remained unaddressed for years (probably because the bad guys haven’t leveraged them aggressively enough, but the potential is there). The problem is that the only known ways to fix these issues (adequately) is to “break the Web” — i.e. negatively impact the usability of a significant and unacceptable percentage of websites

Read more:
The Web won’t be safe, let alone secure, unless we break it

The recent attacks on Google and other large organizations (currently being referred to by others as Aurora, Google Attacks, Hydraq) were a set of carefully orchestrated, sophisticated and highly complex attacks. They comprised malicious threats to all three communication vectors – email, web and files, plus most notably, a zero-day vulnerability in Internet Explorer.

Originally posted here:
Trend Micro To Help Proactively Protect Against Zero-Day Attacks like the recent IE Explorer Exploit