According to a US-CERT alert, the attacks are using an unpatched stack buffer overflow vulnerability in the way Microsoft Access handles specially crafted database files.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
A zero-day hole is several major HP laptop models could provide an easy way for hackers to take complete control of Windows machines, according to a warning from an independent security researcher.
Microsoft's final batch of patches for 2007 has been released to cover at least 11 security vulnerabilities that put millions of users at risk of remote code execution attacks.
There are 28 vulnerabilities in the ZDI pipeline, all high-severity, affecting some of the world's biggest IT vendors -- Computer Associates, Microsoft, Hewlett Packard, Novell, Oracle, IBM, Symantec, Sun Microsystems, Veritas and Borland.
The specific flaw exists within the 'skype4com' URI handler created by Skype during installation. When processing short string values through this handler an exploitable memory corruption may occur which can result in arbitrary code execution under the context of the current user.
Last week's phishing attack at the Oak Ridge National Laboratory in Tennessee reportedly has a China connection.Oak Ridge and Los Alamos National Laboratory were hit with a cyber attack where hackers accessed Social Security numbers and birth dates of visitors to the lab between 1990 and 2004.
According to back-and-forth correspondence released by Secunia, the San Francisco-based Autonomy is threatening legal action to force the flaw alert aggregator to "suppress significant information about vulnerabilities in [its] products."
Guest post: Gadi Evron is Security Architect for Afilias global registry services and recognized globally for his work and leadership in Internet security operations. He is the founder of the Zero-Day Emergency Response Team (ZERT), organizes and chairs worldwide conferences, working groups and task forces.
Amidst growing chatter that the anti-virus/anti-spyware market is gasping for air, a veteran virus fighter says desktop security products must add new protection mechanisms to keep pace with aggressive online criminals.
The flaw, which carries a CVSS rating of 10.0 (the highest possible severity score), can be exploited remotely and causes corruption of kernel memory, which leads to a Windows stop error (blue screen) or to arbitrary code execution.