Peaches

PC Tools Releases iAntiVirus Version 1.0 Tool For Macs Jan 16, 2009 | 11:32 AM By PC Tools DarkReading Sydney, December 16 2008: "PC Tools today announced the release of iAntiVirus Version 1.0, a light-weight anti-virus and anti-spyware tool, designed specifically for the Mac operating system. Providing real-time protection and comprehensive system scanning, iAntiVirus is designed to detect and remove Mac specific threats ensuring your Mac remains safe. "While the Mac has a solid reputation for remaining relatively threat free, the Mac community has been very receptive to the BETA launch

Mozilla delays third Firefox 3.1 beta Pesky bugs stall progress By Kelly Fiveash • 15th January 2009 15:40 GMT Mozilla Corporation has pushed back the release of the third, and possibly final, beta for Firefox 3.1 by a week to allow the firm to fix some bugs in the upcoming version of its open source browser. The beta had been expected to land on 26 January, but Mozilla has delayed the release to 2 February to allow it time to fix some glitches in the InternetExplorerChromeSafari rival surfing tool. "Due to the large number of outstanding P1 blockers, we are declaring a code sl

15 January 2009, 13:03 Virus creator taunts Windows Defender Team with New Year greeting In a variant form of the Zlob Windows trojan, its author has concealed a message wishing Microsoft's Windows Defender Team a Happy New Year and praising its work. He had already secreted a message in his version of the worm in October 2008, saying "I want to see your eyes the man from Windows Defender's team". His new message says "Hello from Russia", wishes the Team a Happy New Year, and expresses surprise at Microsoft's speedy reaction to new threats. He hints that he has long been working on

One-Third of Windows PCs Susceptible to Worm Gregg Keizer, Computerworld Thursday, January 15, 2009 1:35 PM PST The worm that has infected several million Windows PCs is causing havoc because nearly a third of all systems remain unpatched 80 days after Microsoft rolled out an emergency fix, a security expert said Thursday. Based on scans of several hundred thousand customer-owned Windows PCs, Qualys Inc. .concluded that about 30% of the machines have not yet been patched with the "out of cycle" fix Microsoft provided Oct. 23 as security update MS08-067. "The unpatched numbers went dow

January 15, 2009 2:03 PM PST Expert: Worm spreading in many ways becoming an epidemic Posted by Elinor Mills A worm that spreads via removable devices, network shares, and weak administrator passwords--in addition to exploiting a critical Windows vulnerability--is spreading so fast it is becoming an epidemic, a security researcher said on Thursday. The worm, known as Kido, Conficker, or Downadup, initially exploited MS08-067, a vulnerability considered critical for Windows 2000, XP, and Server 2003. It was patched in October. Newer variants have been configured to give the wo

Windows 7, Linux Battle for Netbook Supremacy Shane O'Neill, CIO.com Thursday, January 15, 2009 3:00 PM PST Possibly Microsoft's most important strategic goal for Windows 7, in addition to redeeming the brand damage done by Windows Vista, is to dominate netbooks, now the fastest selling segment of the PC market. This may not bode well for the Linux operating system. With netbooks, the open-source OS with a highly tech-savvy audience found a market where it could legitimately threaten Windows. But Linux will face an uphill battle in this category now that the sleeping software giant

14 January 2009, 09:25 Numerous security updates from Oracle Oracle has released its Critical Patch Update (CPU) for January 2009, fixing a total of 41 vulnerabilities in many of its products. Twenty of the vulnerabilities are found in Oracle's database products, while others are found in Oracle's Secure Backup and TimesTen DataServer. Some of the holes in Secure Backup are classified as critical as they are remotely exploitable without authentication. According to Alexander Kornbrust of Red Database Security, one of the database holes (CVE-2008-5437) allows a user with execute privileges

14 January 2009, 13:26 Banking details can be stolen through a new JavaScript exploit Phishers are reported to be able to exploit a vulnerability in the JavaScript engines of current browsers, including Internet Explorer, Firefox, Safari and Chrome. Trusteer is a security services provider specialising in online banking, whose chief technician is the well known security specialist Amit Klein. Trusteer report that a crafted web site can exploit a certain JavaScript function to identify the bank page a user is currently logged into. If a user is connected to his bank's online banking servic

Microsoft issues first Windows 7 beta patch But it skips offering SMB patch because it's not critical January 13, 2009 (Computerworld) "Microsoft Corp. today issued its first patch for the just-released Windows 7 beta, but it passed on plugging a hole in an important file-sharing protocol that it fixed in older versions of the operating system. Earlier today, Windows Update, Microsoft's primary update service, began delivering the first patch to Windows 7 since the company struggled to launch the public beta last Friday. The update fixes a flaw that shaves several seconds of audio from any

BlackBerry Products PDF Distiller Multiple VulnerabilitiesSecunia Advisory: SA33534 Release Date: 2009-01-13 Popularity: 1,060 views Critical: Highly critical Impact: DoS System access Where: From remote Solution Status: Vendor Patch Software:BlackBerry Enterprise Server for Domino 4.x BlackBerry Enterprise Server for Exchange 4.x BlackBerry Enterprise Server for Novell GroupWise 4.x BlackBerry Professional Software 4.x BlackBerry Unite! 1.x Subscribe: Instant alerts on relevant vulnerabilities Description: Some vulnerabilities have been reported in BlackBerry Enterprise Server and Blac

Storm worm smackdown as researchers unpick control system But legal fears may kibosh clean-up By John Leyden A team of security researchers have developed a technique for automatically purging the remnants of the Storm worm infection from the internet. But the approach - which involves turning the botnet's command and control system against itself - could run foul of computer hacking laws in Germany and elsewhere, which ban the modification of computer systems without consent. Nonetheless, the work of the team from Bonn University and RWTH Aachen University have advanced knowledge about how b

Researcher warns of data-snooping bug in Apple's Safari Mac or Windows, equal pwnage opportunity By Dan Goodin in San Francisco 13th January 2009 23:12 GMT Apple's Safari web browser for both the Mac and Windows suffers from a serious vulnerability that can expose emails, passwords and other sensitive contents of a user's hard drive, a researcher has warned. Those using Mac OS X 10.5, aka Leopard, are susceptible to the data-snooping bug even if they use Firefox or another alternate browser, according to open source software developer Brian Mastenbrook. Apple has yet to plug the gaping hole,

<h2 class="headline">New Phishing Attack Targets Online Banking Sessions With Phony Popups </h2>'In-session phishing' the latest Web-based method for phishers to steal users' banking credentials Jan 13, 2009 | 12:30 PM By Kelly Jackson Higgins DarkReading Researchers have discovered a sophisticated, new method of phishing that targets users while they are banking online -- sending phony popup messages pretending to be from their banks. The so-called "in-session phishing" attack prompts the victim to retype his username and password for the banking site because the online banking

Microsoft and Trend Micro Logos Used in Spam by Maria Alarcon (Anti-spam Research Engineer) Please be wary of e-mail messages supposed to be coming from Microsoft and using the Trend Micro logo in an attempt to look legitimate. The following sample spammed message, which seems to be targeting Latin American users, leads users to malware: The message roughly translates to: Hello Sir, it was found that your system is automatically sending spammed email messages that contain a virus. Please install our antispam software, available for download at the end of the message, if your email is b

Panda Issues Orange Alert For Malicious Conficker Worm Conficker is a family of worms that exploits vulnerability on Microsoft Windows in order to spread Jan 12, 2009 | 03:26 PM By Panda Security DarkReading GLENDALE, Calif., Jan. 12, 2009 - PandaLabs, Panda Security's malware analysis and detection laboratory, today issued an orange alert warning against the malicious Conficker worm, a new family of computer worm has already infected thousands of computers worldwide. PandaLabs has located three variants of this malicious code (Conficker A, B and C).The first known infections of this worm

Windows 7 and Office 14 Dual Launch Not Likely Elizabeth Montalbano, IDG News Service Monday, January 12, 2009 3:10 PM PST "Though Microsoft released Office 2007 and Windows Vista at the same time, people should not expect the same of Windows 7 and the next version of Office, code-named Office 14. Sources who follow Microsoft closely said that while they expect Windows 7 to be in full release as early as August or September -- or at least by the end of this year -- Office 14 probably won't be out until next year. Microsoft released the first Windows 7 beta for public download on Saturday, ini

Browser Bug Could Allow Phishing Without E-mail Robert McMillan, IDG News Service Monday, January 12, 2009 6:30 PM PST A bug found in all major browsers could make it easier for criminals to steal online banking credentials using a new type of attack called "in-session phishing," according to researchers at security vendor Trusteer. In-session phishing (pdf) gives the bad guys a solution to the biggest problem facing phishers these days: how to reach new victims. In a traditional phishing attack, the scammers send out millions of phoney e-mail messages disguised to look like they come from le

Vulnerabilities .. Sun Solaris Adobe Reader Multiple Vulnerabilities Secunia Advisory: SA33491 Release Date: 2009-01-12 Critical: Highly critical Impact: Privilege escalation System access Where: From remote Solution Status: Unpatched OS: Sun Solaris 10 Subscribe: Instant alerts on relevant vulnerabilities CVE reference: CVE-2008-2549 CVE-2008-2992 CVE-2008-4812 CVE-2008-4813 CVE-2008-4814 CVE-2008-4815 CVE-2008-4817 Description: Sun has acknowledged some vulnerabilities Adobe Reader included in Solaris, which can be exploited by malicious, local users to gain escalated

Reports: Spammers Cooking Up More Financial Fraud Financial spam scams tripled so far this year over last, spammers to target 'tiny URLs' By Kelly Jackson Higgins DarkReading "It didn't take long for spammers to jump on the financial crisis bus: A little more than one week into the New Year, financial spam has tripled over the same time last year, according to new spam data released today. And in the wake of the recent Twitter phishing hack, look for the bad guys this year to start exploiting those convenient and cute "tiny URLs" (tinyurl.com). These are among the big trends in spamming

Expect Office 2007's 'Ribbon' UI to permeate Windows 7 apps, Microsoft says Ribbon will also be used in Windows 7 apps, Nash says January 9, 2009 (Computerworld) "The controversial "Ribbon" user interface that Microsoft Corp. introduced in Office 2007 is being used for some of Windows 7's built-in applications, such as WordPad and Paint. According to Mike Nash, corporate vice president of Windows product management, the Ribbon will be adopted for many other Windows 7 applications from Microsoft as well as third-party vendors. "This is one of the things we think will differentiate apps written

Microsoft delays first Windows 7 public beta 'Feature complete' code demand buckles servers By Gavin Clarke in San Francisco "Microsoft has postponed broad availability of the first Windows 7 beta in order to keep up with anticipated download demand. According to reports from across the web, both the Windows 7 download page and Microsoft.com were intermittently unreachable earlier today as would-be downloaders angled for position. A Microsoft spokeswoman has confirmed that the sites saw unusually heavy traffic this morning. Chief executive Steve Ballmer said on Wednesday that the beta build 7

Malware spread via Google Code "According to McAfee's Avert Labs blog which, rather inaccurately, talks of spammers, Google's free code-hosting project has, in recent weeks been subverted by malware distributors. Over the Christmas holiday they have used it to create a large number of websites offering such things as free sex movies. Attempting to view the movie by clicking on the play button results in a message offering a 'required' CODEC for download, acceptance delivers a trojan payload and further clicking reaches an adult content site that is also infectious. The malware distributors ar

Israel-Gaza Conflict Spam Leads to Malware by Nino Peloniar (Anti-spam Research Engineer) "Another malware attack is circulating in the wild today, especially through email. It arrives via bogus email which claims to be from CNN news. The email purports to contain news about Israel’s bombardment of Gaza. It also contains a link of the graphic video of Al Jazeera English Report about the news. The subject and the senders name vary in every mail. When the victim clicks on the link, it will open a fake CNN webpage: If the victim clicks on the video “click to play†icon, an error message po

Microsoft to Kick off 2009 With Single Security Fix Robert McMillan, IDG News Service After being forced to rush out an emergency patch for its Internet Explorer browser last month, Microsoft plans to release just one security update in its first patch release of 2009. The update will be a critical fix for server and desktop versions of Windows, Microsoft said Thursday. It fixes at least one bug that could allow attackers to install unauthorized software on a victim's computer. Microsoft did not say which bugs it would be fixing with next week's updates, but the company has several to choose f

Patch for critical Windows vulnerability coming Posted by Elinor Mills Microsoft will issue a patch on Tuesday for a critical vulnerability that could allow a hacker to gain control of a computer remotely, the company said in an alert on Thursday. Microsoft also plans to host a Webcast at 11 a.m. PST as part of Patch Tuesday, which comes the second Tuesday of every month. There will be just one security update. The critical vulnerability affects Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008, Microsoft said. The software maker will also release nonsec