Lisa Vaas

Microsoft is jumping its regular monthly patch schedule to release a patch this Tuesday for the animated cursor attack that’s been roughhousing Windows users since it was discovered last week. Update MS07-017 will take care of this vulnerability in Windows Animated Cursor Handling, a component of Windows. The regular schedule would have been for patches […]

Fortify Software has documented what the security firm is calling a “pervasive and critical” vulnerability in Web 2.0 applications—specifically, in the ability of an attacker to use a JavaScript vulnerability to steal critical data by emulating unsuspecting users. The vulnerability—which allows an exploit called JavaScript Hijacking—can be found in the biggest AJAX frameworks out there, […]

If you’re reading this with Internet Explorer on a Windows machine, don’t. The Windows animated cursor zero-day attack that was coming through on IE 6 and 7 running on fully patched Windows XP SP2 is now also hitting Windows 2000, Server 2003 and Vista. As F-Secure advises, better to use some other combination. Proof-of-concept code […]

If you haven’t heard already, you’re going to have to put on your Mac hacking cap for CanSecWest Vancouver 2007, in April. The show organizers plan to set up two pimped, fully loaded Apple Macbook Pros on their own AP. They’ll have security updates, but otherwise it’s all default. Attendees will be able to connect […]

The same script that planted malicious code last month on the Super Bowl site is responsible for the zero-day animated cursor file exploit on Windows XP SP2. McAfee uncovered the exploit, which preys on an unpatched vulnerability in Windows ANI files, earlier this week. Websense discovered in February that the official Web site of Dolphin […]

A widespread malicious attack is posing as a convincing invitation from Microsoft to download a beta version of Internet Explorer 7.0, security company Sophos reported. The e-mails appear to come from [email protected]. The subject line is “Internet Explorer 7 Downloads.” The e-mail contains an image inviting users to download Beta 2 of IE 7. Those […]

An Indiana man will spend 27 months in prison for selling more than $700,000 worth of counterfeit software on eBay, the Milwaukee FBI announced on Wednesday. Courtney Smith, 36, of Anderson, Ind., was sentenced by U.S. District Judge Sarah Barker of the Southern District of Indiana for selling the software over the Internet, in violation […]

eEye Digital Security’s Research Team has released a workaround for the zero-day Windows animated cursor vulnerability that McAfee discovered earlier in the week. Microsoft as of yesterday still hadn’t come up with a patch or workaround for the ANI files vulnerability, which eEye called “one of the most potent zero-days recorded” by the security company’s […]

Microsoft released a security advisory regarding the vulnerability in Microsoft Windows Animated cursor, McAfee reported on Wednesday. McAfee had earlier noted a proof of concept on the message boards but only recently found a drive-by exploit in which a Trojan was being silently slipped onto visitors’ machines. A company spokesperson said that for the attack […]

McAfee’s Avert Labs have discovered a drive-by exploit on the Web that preys on fully patched Windows XP SP2 systems running IE 6 and 7 browsers. In preliminary tests, McAfee found that the IE/XP systems proved vulnerable to an attack that delivers a Trojan download in complete silence. McAfee Avert Labs said on its site […]