Cybercriminals have once again used a not-so-new but still a seemingly promising medium for their malware campaigns.

Link:
Months-Old Skype Vulnerability Exploited in the Wild

After a relatively quiet May with only two security bulletins, Microsoft comes out with 10 security bulletins in June’s Patch Tuesday release. Three of these were rated “critical,” which means these vulnerabilities could be exploited without the user having to take any action beyond visiting a malicious site. These bulletins cover a total of 34 different vulnerabilities.

Go here to see the original:
Patch Now: 10 Updates for June Patch Tuesday

On Friday, Adobe released a security advisory announcing a zero-day exploit found in specific Adobe Flash Player versions. Tagged as critical, the vulnerability (CVE-2010-1297) causes the application to crash. Potentially, the underlying vulnerability could also be used to run arbitrary code, such as downloading/dropping malicious files onto the affected system.

Excerpt from:
Zero-Day Flash/Acrobat Exploit Seen In The Wild

A new exploit has been found in the Japanese word processor Ichitaro . JP-RTL engineers have received a sample Ichitaro document, which is capable of exploiting the previously unknown vulnerability

Go here to read the rest:
Another Vulnerability Discovered in Ichitaro

On a request by Mr. Karthick VP Selvaraj from the University of Greenwich (www.gre.ac.uk) for creating Public Awareness, please find his findings below.If you have questions or clarifications, please contact Karthick vigneshwar at pk839@gre.ac.uk

Early May 2010, an ethical war driving had been conducted by Karthick V P selvaraj in London and Birmingham (U.K). It had been inferred that almost half of the wireless networks are insecure. Parallel to that, a research had been conducted by surveying the public of London and Birmingham with a sample size of 50 each, the correlation of the war driving and survey shows that the number of insecure network is high because of lack of awareness about the wireless security among the public.

It is important to secure wireless network in order to protect one’s wireless network from hackers, financial fraudsters and the terrorist who exploit the insecure wireless networks.

Legal Issues:

In United Kingdom, Illegal internet usage is illegal according to Computer Misuse Act. In case if you experience free internet apart from hot spots, please be aware that you are using others internet illegally which can cost you up to £5000 fine and an imprisonment of 2 years according to Computer Misuse Act.

Accountability:

If you have either limited or unlimited Internet usage, please be responsible to have a check on the accountability of your internet usage, because somebody else can use your Internet for their own welfare, illegally. When you share your internet with your family and friend please be sure that the internet sharing key is held confidential, else someone outside can peep into your network and then into your computer.

Internet Setup Configuration:

It is must to know about the initial router configuration those are as follows,

1) SSID – Service Set Identifier: In order to identify one’s wireless network, the name of the router manufacturer along with some part of the router serial number is used. For example O2wireless9477xx (here xx are numbers from 0 to 9).

There is a security Myth which states that in order to have a strong security one should hide the SSID from broadcasting. This is false as the SSID act only as an identifier. Instead of hiding the SSID from broadcasting, one can change the default SSID name as the default configuration can be predicted and can be exploited by the hackers if the router manufacture details are known.

2) To be accountable and to have a control over your network, please be advised to configure the router as below,

Open your web browser and type http://192.168.1.1 this will direct you to your router configuration page.

Usually the username will be admin and the password will be admin. If you have issues with logging in contact your ISP or your Router manufacturer to acquire the username and password.

Once you are logged in, you can find tabs to manage your Encryption Either WEP or WPA2 (WPA2 is more secure than WEP), who are all connected (trusted users or illegal users), how to allow/deny them can be easily managed.

If you find your Neighbour connected to your network illegally, you can make a screen shot of their MAC (Media Access Control) Address (computer’s identity) from the connected computer list and can have it as a proof for their illegal act.

So it is must to know about how to configure and manage your router and its password, it is a must to change the password periodically and to know it is illegal to use others internet illegally without their knowledge.

Karthick V P Selvaraj

Microsoft released two critical security advisories as part of its May Patch Tuesday. In addition to the advanced notification it released last Thursday, Microsoft has addressed the vulnerabilities with this batch of patches. MS10-030 deals with a privately reported vulnerability plaguing Outlook Express, Windows Mail, and Windows Live Mail, which can allow remote code execution if a user accesses a malicious email server.

Visit link:
Microsoft and Adobe Release Fixes in May Patch Tuesday

Microsoft released two critical security advisories as part of its May Patch Tuesday.

Visit link:
Microsoft and Adobe Release Fixes in May Patch Tuesday

Vulnerabilities found in Internet Explorer (IE) have been well-documented in the past due to the browser’s popularity among users. However, the rise in the use of alternative browsers , particularly Apple Safari and Opera, has now led to the discovery of new vulnerabilities as well. Trend Micro researcher Rajiv Motwani reports that there have been a lot of exploits for all browsers last week.

Continue reading here:
New Vulnerabilities Found in Apple Safari and Opera

Following Microsoft’s recent Patch Tuesday, Oracle , too, released 47 security fixes for its products. Oracle’s critical patch update for April can be found in Oracle Critical Patch Update Advisory—April 2010 . Oracle’s update is a collection of patches for multiple security vulnerabilities , which also includes patches for Sun products

Read the original post:
Oracle Issues New Patches While a New Java Bug Emerges

The most high-profile vulnerabilities tend to target either commonly used applications such as Adobe Acrobat and Flash Player or Windows itself, but in an attack which demonstrates that criminals are becoming ever more targeted, a vulnerability in   Ichitaro , a popular Japanese language word processing application has been exploited. Like similar vulnerabilities in Microsoft applications, the vulnerability allows random code to be executed on affected systems by opening a specially crafted .JTD file (JTD is the extension Ichitaro uses for its files).

See the rest here:
New Vulnerability Hits Popular Japanese Word Processor “Ichitaro”