● Smut page ransomware Trojan ransacks browsers

Russian cybercrooks have come up with a variant of ransomware scams, which works by displaying an invasive advert for online smut in users' browsers that victims are extorted to pay to remove.

● The Business of Botnets

Kaspersky Lab released some interesting statistics recently in a technical whitepaper. As part of its research into the cyber-underground, the company took a look at how botmasters are pricing the networks under their control.

● Microsoft to fix critical hole in IE

In a rare move, Microsoft on Friday said it would be releasing security updates on Tuesday--outside of its monthly patch cycle--for a critical vulnerability in Internet Explorer and a moderate vulnerability in Visual Studio.

● Microsoft to Issue Emergency Patches Next Week

The advance notification advisory that Microsoft released about these upcoming patches doesn't say so explicitly, but a spokesperson for the company confirmed that the updates will address a critical security flaw in collection of code that Microsoft uses in a number of places in Windows. Having a vulnerability in this so-called "code library" is especially dangerous because Microsoft also provides this library to third-party software makers to help them build programs that can leverage certain built-in features of Windows.

● Insecure by design: MS Office formats

You see, when you're opening an Office document today, you're not just opening static words, images, or numbers. You're actually starting a program that uses Microsoft Office as its interpreter. And, no matter whether you're using Word 2,0 formats or the 2008's 7,000+ pages mis-mash of 'standard' ECMA-376 Office Open XML file formats, there is no built-in network security layer. Instead, there is a mis-mash of fixes for one problem or the other.

Also see: Emergency, Botnets, and No Remedy