Hot on the heels of this month’s security bulletin , a new vulnerability exploit surfaces with a malware in tow. The new zero-day vulnerability, as described in a previous post, prompted Microsoft to release Security Advisory (981374) while investigations are still underway

See the original post:
New IE Zero-Day Exploit (CVE-2010-0806)

Internet Explorer 6 may have taken its path to retirement but it still remains a good target for exploits, as we can see from JS.Sykipot .

See more here:
Zero-Day attack on IE6 – JS.Sykipot Doesn’t Spare Retired Software

The number of serious zero-day vulnerabilities and potential exploits discovered in recent days is higher than normal.

Link:
Multiple Vendors Affected By New Vulnerabilities

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Verizon Incident Metrics Framework Released Wiseguys net $25m in ticket scalping racket State of Software Security Report Internet Explorer 8 and the Security Development Lifecycle (SDL) Top 10 Hacks of 2009 and WAF Mitigations FTC alleges that ControlScan offered ‘little or no verification’ of site security or privacy I’m in ur 4sq, snarfin ur password — Part I Fifteen Common Activities from BSIMM2 Even if You Don’t Invent Your Own Crypto….It’s Still Hard Facebook founder Mark Zuckerberg ‘hacked into emails of rivals and journalists’ WhiteHat Security is a leading provider of website security services.

Link:
Best of Application Security (Friday, Mar. 5)

Another Proof-of-Concept (POC) Revealed The changing threat landscape has brought about more sophisticated Web threats, and left the online population clamoring for better security features in the systems and applications that they use. This has pushed Microsoft to develop security mechanisms within its applications like Windows’ Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR) . Both DEP and ASLR are security mechanisms that Microsoft included in its latest Windows releases starting with XP SP2 and Vista, respectively, which should ideally protect systems from being attacked by exploit codes.

Excerpt from:
New Exploit Bypasses DEP

The recent attacks on Google and other large organizations (currently being referred to by others as Aurora, Google Attacks, Hydraq) were a set of carefully orchestrated, sophisticated and highly complex attacks. They comprised malicious threats to all three communication vectors – email, web and files, plus most notably, a zero-day vulnerability in Internet Explorer.

Originally posted here:
Trend Micro To Help Proactively Protect Against Zero-Day Attacks like the recent IE Explorer Exploit

Microsoft is releasing an out-of-band update for their IE vulnerability. Internet Explorer 6 is affected and is being actively exploited in the wild. The patch will be released on the 21st, today, see Microsoft’s Security Bulletin for additional details.

Read the original post:
Microsoft Vulnerabilities

Trend Micro has identified new malware samples that exploit the still-unpatched Internet Explorer (IE) vulnerability .   These samples have been detected as JS_ELECOM.C and HTML_COMLE.CXC Further analysis by TrendLabs threat experts found that the new scripts are versions of JS_DLOADER.FIS (the only difference being the encryption techniques used), which was widely used in the recent and still ongoing attacks targeting major organizations like Google and Adobe. In line with this, Microsoft announced that it will release an out-of-band security update to fix the issue.

More here:
New IE Zero-Day Exploit Attacks Continue

Internet Explorer’s latest vulnerability is causing Germany and France to advise against its use .

More here:
To IE or Not to IE : That is the Question

Recent cyber attacks on Google and other organisations have been covered greatly by the media, much owing to the size and notability of the Companies affected. However, what this incident really does is bring to view the true complexity and sophistication of computer threats, and that any user or organization -  large or small, could potentially be at risk. Although these attacks were orchestrated to target certain groups or organisations, any computer can actually fall prey to them

Go here to read the rest:
Cyber Attacks on Google and Others – Who is Really at Risk?