Heads-up for users still running Windows XP : The unpatched Help Center flaw revealed last week is now out in the wild and being used to launch malware attacks against target users. This new zero-day exploit takes advantage of the vulnerability that exists in the Microsoft Windows Help Center , a default Microsoft application that allows users to access online documentation for Windows. This vulnerability could allow remote code execution if a user views a malicious website, either via their Based on the analysis of TrendLabs SM threat analyst Joseph Cepe, there are two ways in which a user can get infected as shown below.

See original here:
Microsoft Help Center Zero-Day Exploits Loose

On Friday, Adobe released a security advisory announcing a zero-day exploit found in specific Adobe Flash Player versions. Tagged as critical, the vulnerability (CVE-2010-1297) causes the application to crash. Potentially, the underlying vulnerability could also be used to run arbitrary code, such as downloading/dropping malicious files onto the affected system.

Excerpt from:
Zero-Day Flash/Acrobat Exploit Seen In The Wild

.PDF files —or its inherent features—have been used by cybercriminals in some of the most noteworthy attacks we have encountered.

Link:
PDF Exploit Becomes a Little Sophisticated

Regular Release for Microsoft This April April 13 is here and for Windows users, this means it is Patch Tuesday. According to the advance notification from Microsoft almost a week ago, the company will be releasing 11 bulletins to address 25 vulnerabilities, 11 of which have been dubbed “critical.” These vulnerabilities were found in Microsoft Office and Windows . Affected users could be exposed to remote code execution attacks if they leave their software unpatched.

Read more from the original source:
Adobe and Microsoft Simultaneously Release Patches

Advanced threats researcher Ivan Macalintal spotted a fresh wave of spammed messages that were used to spread another ZBOT variant of the infamous ZeuS botnet. These messages warned users that a “jerk” posted photos of them and contained a link to the said images

Here is the original post:
Spam with “Pictures” Used to Spread ZBOT

The number of serious zero-day vulnerabilities and potential exploits discovered in recent days is higher than normal.

Link:
Multiple Vendors Affected By New Vulnerabilities

Microsoft schedules its security updates on the second Tuesday of the month. Adobe recently began following this schedule as well, and while there are no Adobe updates today, there was an out-of-cycle security update two weeks ago.

Originally posted here:
PDF Based Targeted Attacks are Increasing

Another Proof-of-Concept (POC) Revealed The changing threat landscape has brought about more sophisticated Web threats, and left the online population clamoring for better security features in the systems and applications that they use. This has pushed Microsoft to develop security mechanisms within its applications like Windows’ Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR) . Both DEP and ASLR are security mechanisms that Microsoft included in its latest Windows releases starting with XP SP2 and Vista, respectively, which should ideally protect systems from being attacked by exploit codes.

Excerpt from:
New Exploit Bypasses DEP

Asking for help in Windows could lead to more trouble. A newly discovered vulnerability in Internet Explorer (IE) leverages the ability of a Visual Basic script to invoke a .HLP (Windows Help file format) file, which could give a remote attacker the ability to run arbitrary code on an affected system. Visual Basic uses the following syntax to call the MsgBox function , which is used to display message boxes: MsgBox(prompt[,buttons][,title][,helpfile,context]) However, if a specially crafted .HLP file passes as a variable, remote users would be able to run arbitrary code on an affected system

View original post here:
Calling Windows for Help May Lead to Vulnerability

It is that time of the year once again for football enthusiasts and sports fanatics alike with the latest season of Super Bowl . The Super Bowl is one of the U.S. television broadcasting industry’s top-rating shows, drawing thousands of live viewers each game .

Read more:
Searches for Super Bowl News and Bill Cosby’s Supposed Death Lead to FAKEAV