[ MDVSA-2008:080 ] – Updated Firefox packages fix multiple vulnerabilities

continue reading.....

Re: Internet explorer 7.0 spoofing

continue reading.....

VMSA-2008-0006 Updated libxml2 service console package

continue reading.....

CuteFlow Version 1.5.0 Multiple Remote Vulnerabilities

continue reading.....

A recent change in corporate policy threatens BP’s new green-friendly image.

continue reading.....

Our elections are plagued by vote suppression and fraud. Making sure we have a fair election in 2008 is even more important than who wins.

continue reading.....

Local populations can offer help in bringing this resource to their communities if given the right tools and opportunities.

continue reading.....

It was one security embarrassment after another for Apple the week of March 24. It began at the CanSecWest show, where the annual hacker contest challenged attendees to compromise a Vista system, a Ubuntu Linux system and a MacBook Air. The first day was reserved for preauthentication attacks and would have netted $20,000, but nobody took the prize.

continue reading.....

How well does the BBB protect PC buyers, given that blanket statements like “prices subject to change at any time” are staples of print and web advertising? In my case, not at all.

continue reading.....

How well does the BBB protect PC buyers, given that blanket statements like “prices subject to change at any time” are staples of print and web advertising? In my case, not at all.

continue reading.....

ZDNet Asia is one of my bookmarked online resources that I frequently visit. The site is NOT compromised per se; rather, their site’s search engine was abused by an attacker with queries of popular keywords. Leveraging on the fact that the site is, legitimate, and has high page ranks, the popular search engines are returning some of these ‘iFRAME’ed results in the first few pages of the search results. And the objective? To get the unsuspecting user to click on the link.

The last time we checked, 20,600 cached pages loading the iFRAME was found. Upon clicking on the malicious link, you get redirected to some Russian Business Network’s IPs and RBN is notoriously known for hosting not only malware but also rouge antivirus and antispyware applications. At the end of the redirects, the unsuspecting user might be a victim of a Zlob trojan.

We detect it as Trojan-Downloader:W32/Zlob.HOG.

Signing off,
Fei

Update: This information was first posted on Dancho’s blog and he obviously deserves credit. When we last checked on the situation this morning, it seems that we found 18,400 “new” cached pages appearing with the iFrame, which are now redirecting users to a different domain.

On 05/03/08 At 04:28 AM

continue reading.....

continue reading.....

flux has discovered a vulnerability in www.liblogging.org, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

Callum Manning has discovered a vulnerability in www.cellularfactory.com, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

Cru3l.b0y has discovered a vulnerability in www.imj.ir, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

xylitol has discovered a vulnerability in gallery.boobs.pl, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

st@rext has discovered a vulnerability in www.freeweb.hu, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

BackDoor has discovered a vulnerability in www.skeuri.nl, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

mox has discovered a vulnerability in www.it.com, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

CoLL1eR has discovered a vulnerability in www.tradeslang.com, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

CCC has discovered a vulnerability in www.wladbladi.com, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

Hanno Boeck has discovered a vulnerability in www.amd64.org, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

Fabian Fingerle has discovered a vulnerability in www.itwissen.info, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

Xbox2002 has discovered a vulnerability in www.sha1.info, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

Fabian Fingerle has discovered a vulnerability in www.freundin.de, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

CCC has discovered a vulnerability in www.idgkurser.dk, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

Hanno Boeck has discovered a vulnerability in www.dotmailer.co.uk, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

CCC has discovered a vulnerability in indostream.org, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

cueballr has discovered a vulnerability in www.allclocksonline.com, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....

BackDoor has discovered a vulnerability in www.pista.sk, which could be exploited by malicious people to conduct XSS attacks.

continue reading.....