May’s Patch Tuesday came earlier this week, addressing six vulnerabilities. The latest batch of Microsoft Security Bulletin consisted of four security updates, with three rated as critical and one as moderate. This batch includes a security update on the vulnerability found in Microsoft Jet Database Engine that was initially reported late March. Here is the set of security advisories for May: Risk Rating: Critical Microsoft Security Bulletin MS08-026: Vulnerabilies in Microsoft Word Could Allow Remote Code Execution (951207) Microsoft Security Bulletin MS08-027: Vulnerability in Microsoft ...

Our researchers "followed the bouncing Web threat" in this newly discovered spate of hacked legitimate Web sites. Advanced Threats Researcher Paul Ferguson posted about this mass compromise on the blog yesterday, when it was still a "developing issue originating from various locations in China for the past few days that we (security researchers) are still piecing together." It appears that several thousand Web sites have been compromised -- via SQL injection -- with embedded malicious JavaScript that redirects users to two ...

Here is yet another case of Patch Tuesday/Exploit Wednesday. While the bounty hunt for software vulnerabilities is still very much an active industry, malware authors have been seen to watch out for (and ultimately prey on) vulnerabilities disclosed by legitimate software vendors. This isn't as irrational as it looks; malware authors are not looking for massive hits, just the numerous few who do not take care enough to download and install software patches. A few days after the regulation Patch Tuesday ...

After the famous two minutes it took three security researchers to hack the equally famous Apple MacBook Air, Computerworld reports that another security researcher accomplished a similar feat, this time on a Vista notebook. The said notebook was running on the Windows Vista Ultimate platform and comes with an installed Flash Player from Adobe. A critical vulnerability in Flash was successfully exploited by Shane Macaulay, a consultant at Security Objectives, enabling him to break into a Fujitsu U810 running Windows Vista ...

Sony claims that a possibility of unauthorized access through the PLAYSTATION®Store, a content download service of the PLAYSTATION®Network, may have occurred. This obviously compromises the millions of accounts subscribed to the said network. The full transcript is given here. However, Sony reassures its customers that only a small percentage of users are affected, and that since PLAYSTATION Network accounts do not display entire credit card numbers, any unauthorized access to a PLAYSTATION Network account is very unlikely to compromise anyone's credit ...