While investigating the malware and shellcode that were associated with the recent Adobe Flash Player, Adobe Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability ( BID 40586 ), we came across some interesting similarities to the malware and shellcode that were used in the Microsoft Internet Explorer 'iepeers.dll'

Go here to read the rest:
A Zero-day Connection

Vulnerabilities found in Internet Explorer (IE) have been well-documented in the past due to the browser’s popularity among users. However, the rise in the use of alternative browsers , particularly Apple Safari and Opera, has now led to the discovery of new vulnerabilities as well. Trend Micro researcher Rajiv Motwani reports that there have been a lot of exploits for all browsers last week.

Continue reading here:
New Vulnerabilities Found in Apple Safari and Opera

Following Microsoft’s recent Patch Tuesday, Oracle , too, released 47 security fixes for its products. Oracle’s critical patch update for April can be found in Oracle Critical Patch Update Advisory—April 2010 . Oracle’s update is a collection of patches for multiple security vulnerabilities , which also includes patches for Sun products

Read the original post:
Oracle Issues New Patches While a New Java Bug Emerges

Does this warning message look familiar?

Follow this link:
Rogue Antivirus Leads to an Adult Site

“2010 Pwn2Own” is an annual contest wherein contestants are invited to hack a variety of Web applications and platforms such as Web browsers and mobile phones for cash prizes and benefits.

More:
Web Browsers Get “Owned” in “2010 Pwn2Own”

Advanced threats researcher Ivan Macalintal spotted a fresh wave of spammed messages that were used to spread another ZBOT variant of the infamous ZeuS botnet. These messages warned users that a “jerk” posted photos of them and contained a link to the said images

Here is the original post:
Spam with “Pictures” Used to Spread ZBOT

As alternative browsers battle for the top spot in the market, they also face the challenge of staying secure due to the increased demand for them to provide users a safe computing experience. Several popular browsers were recently found to have significant security flaws

Read the original here:
Keep Systems Safe: Patch Alternative Browsers

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Internet Explorer 9 “Platform Preview” Now Available From Microsoft Secure Application Development on Facebook OWASP Podcast #63 with Ed Bellis (CSO, Orbitz) PCI-SSC slaps ASVs wrists over marketing claims about 11.2 & 6.6 Researcher Will Expose 20 Hackable Apple Security Flaws alert(‘xss’) – The slow death of XSS Inline vs.

Read the original here:
Best of Application Security (Friday, Mar. 19)

Hot on the heels of this month’s security bulletin , a new vulnerability exploit surfaces with a malware in tow. The new zero-day vulnerability, as described in a previous post, prompted Microsoft to release Security Advisory (981374) while investigations are still underway

See the original post:
New IE Zero-Day Exploit (CVE-2010-0806)

Internet Explorer 6 may have taken its path to retirement but it still remains a good target for exploits, as we can see from JS.Sykipot .

See more here:
Zero-Day attack on IE6 – JS.Sykipot Doesn’t Spare Retired Software