Want to be a Member of the Program ???

14
June

While investigating the malware and shellcode that were associated with the recent Adobe Flash Player, Adobe Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability ( BID 40586 ), we came across some interesting similarities to the malware and shellcode that were used in the Microsoft Internet Explorer 'iepeers.dll'

Go here to read the rest:
A Zero-day Connection

Category : Symantec | Blog
12
May

Vulnerabilities found in Internet Explorer (IE) have been well-documented in the past due to the browser’s popularity among users. However, the rise in the use of alternative browsers , particularly Apple Safari and Opera, has now led to the discovery of new vulnerabilities as well. Trend Micro researcher Rajiv Motwani reports that there have been a lot of exploits for all browsers last week.

Continue reading here:
New Vulnerabilities Found in Apple Safari and Opera

Category : infySEC | Blog
15
April

Following Microsoft’s recent Patch Tuesday, Oracle , too, released 47 security fixes for its products. Oracle’s critical patch update for April can be found in Oracle Critical Patch Update Advisory—April 2010 . Oracle’s update is a collection of patches for multiple security vulnerabilities , which also includes patches for Sun products

Read the original post:
Oracle Issues New Patches While a New Java Bug Emerges

Category : infySEC | Blog
13
April

Does this warning message look familiar?

Follow this link:
Rogue Antivirus Leads to an Adult Site

Category : infySEC | Blog
31
March

“2010 Pwn2Own” is an annual contest wherein contestants are invited to hack a variety of Web applications and platforms such as Web browsers and mobile phones for cash prizes and benefits.

More:
Web Browsers Get “Owned” in “2010 Pwn2Own”

Category : infySEC | Blog
24
March

Advanced threats researcher Ivan Macalintal spotted a fresh wave of spammed messages that were used to spread another ZBOT variant of the infamous ZeuS botnet. These messages warned users that a “jerk” posted photos of them and contained a link to the said images

Here is the original post:
Spam with “Pictures” Used to Spread ZBOT

Category : infySEC | Blog
23
March

As alternative browsers battle for the top spot in the market, they also face the challenge of staying secure due to the increased demand for them to provide users a safe computing experience. Several popular browsers were recently found to have significant security flaws

Read the original here:
Keep Systems Safe: Patch Alternative Browsers

Category : infySEC | Blog
19
March

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Internet Explorer 9 “Platform Preview” Now Available From Microsoft Secure Application Development on Facebook OWASP Podcast #63 with Ed Bellis (CSO, Orbitz) PCI-SSC slaps ASVs wrists over marketing claims about 11.2 & 6.6 Researcher Will Expose 20 Hackable Apple Security Flaws alert(‘xss’) – The slow death of XSS Inline vs.

Read the original here:
Best of Application Security (Friday, Mar. 19)

Category : Web App Sec | Blog
11
March

Hot on the heels of this month’s security bulletin , a new vulnerability exploit surfaces with a malware in tow. The new zero-day vulnerability, as described in a previous post, prompted Microsoft to release Security Advisory (981374) while investigations are still underway

See the original post:
New IE Zero-Day Exploit (CVE-2010-0806)

Category : infySEC | Blog
10
March

Internet Explorer 6 may have taken its path to retirement but it still remains a good target for exploits, as we can see from JS.Sykipot .

See more here:
Zero-Day attack on IE6 – JS.Sykipot Doesn’t Spare Retired Software

Category : Symantec | Blog