"Send more PoCs!"
"Microsoft has been forced to issue emergency patches for its Windows operating system after researchers discovered a way to bypass a critical security mechanism in the Internet Explorer browser.
"During a Wednesday talk at this week's Black Hat conference in Las Vegas, researchers Mark Dowd, Ryan Smith and David Dewey will show a way of bypassing the 'kill-bit' mechanism used to disable buggy ActiveX controls. A video demonstration posted by Smith shows how the researchers were able to bypass the mechanism, which checks for ActiveX controls that are not allowed to run on Windows. They were able to then exploit a buggy ActiveX control in order to run an unauthorized program on a victim's computer.
"Although the researchers have not revealed the technical details behind their work, this bug could be a big deal, giving hackers a way of exploiting ActiveX problems that were previously thought to have been mitigated via kill-bits."More at
PCWorld...
"A critical ActiveX vulnerability used by hackers to exploit Microsoft Corp.'s Internet Explorer browser is a prime candidate for another Conficker-scale attack, security experts said.
"On July 6, just hours after security companies reported that thousands of compromised sites were serving up exploits, Microsoft acknowledged the flaw in the ActiveX control that can be accessed using IE. The bug has been used by hackers since at least June 9.
"Microsoft said it will issue a patch for the flaw on July 14..."More at
ComputerWorld...
"Denial-of-service attacks against government Web sites in this country and South Korea appear to have had little impact and are not particularly sophisticated, experts say.
"`It’s a very noisy attack,` said Rick Howard, intelligence director at VeriSign iDefense, which provides cybersecurity and intelligence services for private- and public-sector organizations. `Everyone in government says it didn’t affect them that much.`
"`It’s been more of a nuisance,` said Phil Neray, vice president of security Strategy at Guardium. `We have countermeasures for denial-of-service attacks.`
"Several security companies have obtained the malicious code used to carry out the attacks. Symantec Corp. identified it as W32.dozer and a variant of the MyDoom worm that has infected a large number of computers."More at
Federal Computer Week...
"The number of exploits being written to target specific software vulnerabilities could be at all-time highs, new threat figures have suggested.
"Fortinet's Threatscape report for June, which actually covers the period between 21 May and 20 June, reveals that of the 108 new vulnerabilities added to its firewall intrusion detection system in the period, 62 were being actively exploited.
"This is equivalent to a 57.4 percent exploit rate, a rise over previous months and in line with increasing percentages and absolute numbers for recent months. For comparison, April-May exploit rates stood at 46.4 percent, with March-April at 31.3 percent..."From
TECHWORLD...
"Security researchers have found a treasure chest of FTP passwords, some from high profile sites, on an open cybercrime server.
"Jacques Erasmus, CTO at security tools firm Prevx, stumbled across a site where a Trojan is uploading FTP login credentials captured from compromised machines. So far, Erasmus has found logins for ftp.bbc.co.uk, ftp.cisco.com, ftp.amazon.com, ftp.monster.com and, even security sites including ftp.mcafee.com and ftp.symantec.com along the extensive list of more than 68,000."More...
"A 29-year-old software engineer who was laid off four months back hanged himself last night, apparently fed up with his joblessness.
"Police said Sachin B. Khandewar, who hailed from Sholapur in Maharashtra and had been working in a city firm, hanged himself from the ceiling fan at his aunt’s house in the Kacheguda area.
"He left behind a suicide note addressed to the police saying his `unsuccessful career` had forced him to take the dire step, the police said.
"`I am bored of this meaningless and useless life. My unsuccessful career is the cause of my death. Nobody is responsible for it,` the note said."More...
"One day last August, the Secret Service paid a visit to the new owners of Custom House Coffee off West Main Road.
"The news they brought was bad: Computer hackers, whereabouts unknown, had used sophisticated spy software to break into the store’s wireless network and steal the credit and debit card numbers of customers.
"In all, about 50 customers of Custom House Coffee had been victimized, as early as May 2008, according to Police Chief Lance Hebert. But it wasn’t until the victims got their bank or credit card statements and saw charges they didn’t recognize that they realized they had been robbed. As the police reports started to filter in, detectives began connecting the dots..."More at
projo.com...
Posts
