Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.
A few weeks ago, I wrote about a Windows kernel vulnerability that was reported to Microsoft on October 22, 2004 and remained unpatched for more than two years. This is a bug I've been following closely since last November when Cesar Cerrudo, the hacker who found it, got tired of waiting for a fix from Microsoft and published details during the MoKB (Month of Kernel Bugs) project.
The official Web site of Asustek Computer has been hijacked and used to serve up exploit code for the recently-patched animated cursor (.ani) vulnerability.
Microsoft plans to issue five bulletins next Tuesday, four affecting the Windows operating system. The highest maximum severity rating for the Windows bugs is "critical." Don't look for fixes for known (and under attack) Office bugs.
The virus, named Podloso, does not pose a real threat but signals an intent by malware authors to move beyond computers and smart phones.
The flaw "allows for remote execution of arbitrary code with minimal user interaction" and and affects Windows 2000, Windows XP and Windows 2003.
Mozilla is considering a "workaround" to block the attack vector that puts Firefox users at risk of attacks exploiting the Windows animated cursor (.ani) vulnerability.
The ongoing Windows animated cursor (.ani) flaw attack just keeps getting worse.
Microsoft's out-of-band update for the critical -- and under attack -- animated cursor (.ani) vulnerability has finally crossed the finish line, one week ahead of Redmond's own schedule but more than three months after it was first reported by a private security research company.
eEye Digital Security has shaken up its top management, firing chief executive officer Ross Brown less than six months after promoting him to the top slot.Kamal Arafeh, who previously managed eEye's sales operations, will be the new CEO.
Sana Security has scooped up $12 million in a fifth round of funding and hired telco crash survivor Don Listwin to take over the corner office. Sana, which excels at behavior blocking software, is banking on the new CEO to find new customers for its Active Malware Defense Technology and figure out an exit strategy in a very tricky security market.