Microsoft is having a tough month dealing with many security problems caused by its own weaknesses. This post is a quick accumulation of some issues from the past 2 weeks.
THE HACKER claiming credit for the 'Here you have' Trojan, written as a blow against the invasion and occupation of Iraq, might be located in Spain.
Microsoft has credited security partners at Kaspersky Lab and Symantec for helping to close a critical Windows vulnerability that was being exploited by a sophisticated worm that has attacked industrial plant
Microsoft has released a security advisory about a vulnerability affecting Web applications built on ASP.NET.
Attackers have begun exploiting a recently disclosed vulnerability in Microsoft web-development applications that opens password files and other sensitive data to interception and tampering.
The vulnerability in the way ASP.Net apps encrypt data was disclosed last week at the Ekoparty Conference in Argentina. Microsoft on Friday issued a temporary fix for the so-called “cryptographic padding attack,” which allows attackers to decrypt protected files by sending vulnerable systems large numbers of corrupted requests.
Now, Microsoft security pros say they are seeing “limited attacks” in the wild and warned that they can be used to read and tamper with a system's most sensitive configuration files.
Web anti malware firm Dasient has published data claiming that more than 1 million Web sites were compromised in the second quarter, 2010 - a sharp increase.
More than one million Web domains were infected with malicious code in the second quarter of 2010 - around one percent of all active Web domains, according to data released by Web security firm Dasient, Inc.
The tainted ads exposed visiting surfers to Windows Trojans via drive-by download attacks. Pirate Bay has experienced similar problems in the past, and it's unclear how long it will take to clear up the latest issues.
About one-third of small and medium-sized businesses have been infected with malware from social networks like Facebook and Twitter, according to a recent study released by Panda Security, a company specializing in cloud security.
The vast majority of malware - more than 99 per cent - targets Windows PCs, according to a new survey by German anti-virus firm G-Data.
G-Data reckons 99.4 per cent of all new malware of the first half of 2010 targeted Microsoft’s operating system. Just 0.6 per cent of the 1,017,208 new malware programs discovered in 1H2010 targeted other systems, such as Apple Mac boxes and servers running Unix.
Insecurity outfit Damballa revealed that the creatively named IMDDOS (I'm DDoS) botnet can be hired out as "pressure test software" by those who are willing to cough up some cash and download an application. The application is little more than dialogue box allowing the user to point the botnet to a particular IP address and port number and start hitting it with spurious requests.
Late last week, a security flaw in Internet Explorer 8 was publicly disclosed to the Full Disclosure mailing list. The flaw allows attackers to steal private information from online services such as web mail and Twitter, allowing attackers to, for example, delete e-mails or send tweets from their victims' accounts.
FIRMS RUNNING Microsoft's Exchange mail server could find that users of its Outlook Web Access (OWA) software have their sessions hijacked.
A security vulnerability in Exchange Server 2003 SP2 and Exchange Server 2007 SP1 and SP2 means that attackers can take control of a user's OWA session and issue commands up to the level permitted by security controls without the user knowing. OWA is a rich 'web mail' client that is offered by Exchange Server and has the look and feel of Microsoft's standalone Outlook software.
There are rumors that the possible technical problem with the Microsoft Exchange is causing the delay of Android 2.2 Froyo push to Motorola Droid X devices. Multiple news outlets including Droid Life has confirmed the news.