H-Online: The phpMyAdmin developers have announced the release of versions 3.4.4 and 3.3.10.4 of their open source database administration tool. According to the security advisory, these maintenance and security updates close a hole (CVE-2011-3181) in the Tracking feature that leads to multiple cross-site scripting (XSS) vulnerabilities. The exploit was discovered by Norman Hippert and is caused…
Java™ SE 6 Update 27 The full internal version number for this update release is 1.6.0_27-b07 (where “b” means “build”). The external version number is 6u27. Highlights This update release contains important enhancements for Java applications: Improved performance and stability Certification for Firefox 5 Update release notes: http://www.oracle.com/technetwork/java/javase/6u27-relnotes-444147.html Complete bug fix list: http://www.oracle.com/technetwork/java/javase/2col/6u27bugfixes-444150.html
This article is originally posted at Norman Security Blog, Credit to my friend ‘Pondus’ for sharing. Introduction During recent months, we have seen several examples of attempts and suggestions to restrict access to different types of net resources, and in some cases the Internet itself. Is this a method that accomplishes its end, or is…
H-Online: The German Federal Office for Information Security (BSI) is warning of online shops which infect users with malicious software by exploiting security vulnerabilities in the user’s browser, operating system or applications. The affected shops have themselves been hacked by attackers exploiting security vulnerabilities in outdated versions of open source online shop software osCommerce. As reported…
Sophos Labs: Twitter users are being hit today by messages claiming to link to a new app from Twitter which will track your stalkers. However, the messages are really designed to steal your Twitter usernames and passwords. Here’s a typical message that users are seeing: Twitter finally released an app that tracks your “Stalkers” get…
H-Online: Officially, Adobe’s current update for Flash Player has closed only 13 holes, but unofficially it is said to have closed several hundred. Security specialist Tavis Ormandy, who works for Google, claims that he discovered 400 holes and notified Adobe of them. The specialist has now complained that, while the holes have been closed, they…
Posted by the Stop. Think. Connect. Campaign on Homeland Security Cyber predators are real. They use the anonymity of the Internet to target victims, especially today’s youth, with unwanted solicitations, harassment, and fraud. It’s important that parents discuss ways to stay safe online with their children, particularly before they use social networking sites. US-CERT offers…
SOFTPEDIA: According to statistics gathered by cloud security provider Zscaler, 56.4% of enterprise users have out of date Adobe Reader plug-in versions inside their browsers. The company gathered statistics about browser plug-ins and presented the results in its “State of the Web” report [pdf] for the second quarter of 2011. “Nearly every browser is running…
H-Online: Security specialist Sophos reports that it has discovered new spam email messages that claim to be an advisory related to an update to the open source Firefox web browser. The fake advisory asks users to update their Firefox installations, “for security reasons”, and includes a download link to the supposed update. According to Graham…
The Hacker News: Microsoft has announced that it will release 13 bulletins to address 22 vulnerabilities in Windows, Office, Internet Explorer, .NET and Visual Studio on its next Patch Tuesday. Another “critical” bulletin affects Windows server operating systems, and addresses a code-execution risk on unpatched systems. Also of note is an update restricted to newer…