Ryan Naraine

Adobe Systems Flash Player contains a code execution hole that could put millions of users at risk of PC takeover attacks, the company warned in an advisory. The vulnerability, which was reported to Adobe by Microsoft, affects Flash Player Versions 8.0.22.0 and earlier running on Windows. “A malicious SWF [Shockwave Format] must be loaded in […]

Pranksters and criminals can infect RFID chips with computer viruses, worms and malware to cause major disruption at places where the popular tracking technology is used, according to new research by a group of European scientists. In a proof-of-concept paper presented at the IEEE Conference on Pervasive Computing and Communications March 15, researchers from the […]

Multiple security holes in Microsofts ubiquitous Excel spreadsheet program could put users at risk of PC takeover attacks, the software maker warned in a bulletin released March 14. As part of its monthly batch of security updates, Microsoft pushed out patches for five code execution vulnerabilities in Excel and a separate bug in its Office […]

Anti-virus vendor McAfee is scrambling to contain the damage from a faulty definition update that incorrectly flagged hundreds of legitimate software programs as W95/CTX, a low-risk Windows 95 virus that was first detected in 2004. The erroneous .DAT file (4715) was shipped late on March 10 with definitions for a wide range of new malware […]

Virus hunters have discovered a new Trojan that encrypts files on an infected computer and then demands $300 in ransom for a decryption password. The Trojan, identified as Cryzip, uses a commercial zip library to store the victims documents inside a password-protected zip file and leaves step-by-step instructions on how to pay the ransom to […]

Security flaws in Apples popular digital media products are beginning to add up. Researchers at eEye Digital Security have pinpointed two high-risk vulnerabilities in iTunes and QuickTime that could put millions of Windows and Mac users at risk of code execution attacks. Aliso Viejo, Calif.-based eEye issued two alerts on its upcoming advisories Web page […]

Lab rats at Microsoft Research and the University of Michigan have teamed up to create prototypes for virtual machine-based rootkits that significantly push the envelope for hiding malware and that can maintain control of a target operating system. The proof-of-concept rootkit, called SubVirt, exploits known security flaws and drops a VMM (virtual machine monitor) underneath […]

Microsoft plans to ship two security bulletins on March 14 with patches for potentially serious vulnerabilities in the Microsoft Office and Windows product lines. As part of its advance notice mechanism, the Redmond, Wash. software maker said the bulletin affecting Microsoft Office will be rated “critical.” According to Microsofts flaw severity rating system, a “critical” […]

Less than two months after the losing its president, Gene Hodges, to rival Websense, security vendor McAfee is reshaping its management team with the hiring of George Heron as chief scientist and John Viega as chief security architect. The personnel changes come on the heels of a separate announcement that Stuart McClure will take the […]

Symantec has quietly pulled the plug on sales of L0phtCrack, the venerable password auditing and recovery application. The decision to discontinue support for L0phtCrack, also known as LC5, comes just months after Symantec stopped selling the application to customers outside the United States and Canada out of concerns that it violated cryptography export controls. The […]