Another Proof-of-Concept (POC) Revealed The changing threat landscape has brought about more sophisticated Web threats, and left the online population clamoring for better security features in the systems and applications that they use. This has pushed Microsoft to develop security mechanisms within its applications like Windows’ Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR) . Both DEP and ASLR are security mechanisms that Microsoft included in its latest Windows releases starting with XP SP2 and Vista, respectively, which should ideally protect systems from being attacked by exploit codes.

Excerpt from:
New Exploit Bypasses DEP

Asking for help in Windows could lead to more trouble. A newly discovered vulnerability in Internet Explorer (IE) leverages the ability of a Visual Basic script to invoke a .HLP (Windows Help file format) file, which could give a remote attacker the ability to run arbitrary code on an affected system. Visual Basic uses the following syntax to call the MsgBox function , which is used to display message boxes: MsgBox(prompt[,buttons][,title][,helpfile,context]) However, if a specially crafted .HLP file passes as a variable, remote users would be able to run arbitrary code on an affected system

View original post here:
Calling Windows for Help May Lead to Vulnerability

Charlie Miller, the Pwn2Own contest winner for two years in a row, gives his take on internet security. Guess what—your Mac OS is no less vulnerable than its Microsoft Windows counterpart

Go here to see the original:
Pwn2Own Interview with Charlie Miller

Within days of Adobe’s release of out-of-band security updates for both Acrobat and Reader, word now comes from security researcher Aviv Raff, of another new vulnerability in an Adobe product. The flaw was found in Adobe Download Manager (DLM), an application Adobe uses to deliver common applications (e.g., Flash and Reader ) to users’ systems.

View original post here:
New Adobe Download Manager Bug

Why is it that banking trojans are a problem when all online banks are HTTPS secured and many of them employ multi-factor authentication?

Read more here:
Sprechen Sie SSL?

Updates February 9th will bring numerous Microsoft Updates, 13 bulletins addressing 26 vulnerabilities. All versions of Windows are affected.

Go here to read the rest:
Microsoft Updates and Vulnerabilities

Microsoft is releasing an out-of-band update for their IE vulnerability. Internet Explorer 6 is affected and is being actively exploited in the wild. The patch will be released on the 21st, today, see Microsoft’s Security Bulletin for additional details.

Read the original post:
Microsoft Vulnerabilities

Internet Explorer’s latest vulnerability is causing Germany and France to advise against its use .

More here:
To IE or Not to IE : That is the Question

Recent cyber attacks on Google and other organisations have been covered greatly by the media, much owing to the size and notability of the Companies affected. However, what this incident really does is bring to view the true complexity and sophistication of computer threats, and that any user or organization -  large or small, could potentially be at risk. Although these attacks were orchestrated to target certain groups or organisations, any computer can actually fall prey to them

Go here to read the rest:
Cyber Attacks on Google and Others – Who is Really at Risk?

病毒类型：木马 受影响的操作系统： Windows 95/98/2000/Me/XP/Vista/NT, Windows Server 2003