Researchers from Microsoft recently unearthed exploits targeting the CVE-2010-0188 vulnerability. On February 16, Adobe released a security advisory describing a vulnerability in Adobe Reader and Acrobat 8.X and 9.X. Once the vulnerability is exploited, attackers gain the capability to perform denial-of-service (DoS) attacks on affected systems.

See the original post here:
More Adobe Exploits in the Wild

The number of serious zero-day vulnerabilities and potential exploits discovered in recent days is higher than normal.

Link:
Multiple Vendors Affected By New Vulnerabilities

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly quiet month—the vendor is releasing two bulletins covering a total of eight vulnerabilities.

Here is the original post:
Microsoft Patch Tuesday - March 2010

Just when you think old-school network bots are dead, a group of cybercriminals revives them from them grave in the name of Chuck Norris. Dubbed the “Chuck Norris botnet,” based on the Italian comment in its source code, in nome di Chuck Norris (translation: “in the name of Chuck Norris”), this botnet infects vulnerable DSL modems and routers to spread a worm Trend Micro detects as WORM_IRCBOT.ABJ .

View original post here:
Botnet Rises in the Name of Chuck Norris

Microsoft took a stab at Waledac bots last April when they added detection to their Malicious Software Removal Tool (MSRT). The MSRT is part of their monthly Microsoft Updates package

See more here:
R.I.P. Waledac?

News of another plane crash shook Americans on Thursday morning. Reportedly, a begrudged pilot, furious with the Internal Revenue Service (IRS), intentionally crashed a small plane on the building that housed the agency’s office in Austin, Texas. Although the said incident was tagged “an isolated event” and not an act of terrorism, cybercriminals launched their own “terrorist” attack by scaring unknowing users using another FAKEAV variant to gain profit

Read the original here:
FAKEAV Cashes in on Austin, Texas Plane Crash

It seems that a recent Windows “patch” has been the cause of a series of blue screen crashes after users install a so-called Microsoft security update. The said patch, MS10-015 , is said to be linked to this system malfunction, which leaves user systems with blue-screen-of-death (BSoD) errors. According to an entry in the official Microsoft Blog , the distribution of the said Windows Update has since been suspended.  However the company also issued a statement that the cause of the BSoD error may be malware related.

Read more from the original source:
Windows Update Triggers BSoD Errors

A recent study published by 7Safe, UK Security Breach Investigations Report , analyzed 62 cybercrime breach investigation and states that in “86% of all attacks, a weakness in a web interface was exploited ” (vs 14% infrastructure) and the attackers were predominately external (80%). These results are largely consistent with the US-based Verizon Data Breach Incident Report (2008) which tracks over 500 cases

See original here:
Infrastructure vs. Application Security Spending

As previously announced in the Microsoft Security Bulletin Advance Notification released last week, this month’s patch cycle includes 13 bulletins intended to patch 26 vulnerabilities in several versions of Windows OS and Office . The record release is a far cry from last month’s lone patch . The long list includes five bulletins rated “critical,” which specifically patch nine vulnerabilities that could lead to remote code execution

Originally posted here:
February Patch Tuesday—13 Security Bulletins for 26 Vulnerabilities Plus a FAKEAV

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a busy month—the vendor is releasing 13 bulletins covering a total of 26 vulnerabilities.

Here is the original post:
Microsoft Patch Tuesday - February 2010