Mozilla Foundation on Monday issued a critical fix designed to address vulnerabilities in a recent security update for the Firefox browser and SeaMonkey application suite.
The security flaws were discovered in Firefox 1.5.0.9 and 2.0.0.1, as well as in SeaMonkey 1.0.7, according to a security advisory posted by Mozilla. More at News.com

Apple has issued eight security updates for the Mac OS X and Windows versions of its QuickTime multimedia software.
The French Security Incident Response Team issued its most severe security rating of 'critical' for all the flaws.
All eight vulnerabilities affect current versions of QuickTime for Windows Vista, XP and 2000. Seven also affect Mac OS X versions 10.3.9 and later. More here

Bit older but i know that a lot of my colleagues using this system Version 2.11 of WordPress contains some exploitable code placed there by a cracker. An excerpt of the note posted to the WordPress blog this afternoon:It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.If you downloaded version 2.1.1 of WordPress within the last week, you should put down the ice cream nachos and upgrade to 2.1.2 right now. Be sure to totally wipe the old files, including the wp-includes. More at WordPress Source: Wired

A variant of the Storm worm is able to analyze network traffic and insert a link to a malicious Web site into text posted in blogs, webmail and bulletin boards. A variant of the well-known and troublesome worm is being used in a spam attack that is luring blog, bulletin board and webmail (Internet-based e-mail) users to connect to a malicious Web site, according to Dmitri Alperovitch, a principal research scientist at Secure Computing Corp.
Alperovitch explains that there is a new component in the variant that enables it to analyze network traffic on the infected computer and dynamically insert a link to the malicious site into text -- whether it's a blog post, a bulletin board entry or an e-mail sent through a webmail system. The users' text will contain their own content, along with the link and a note that lures readers to check out a Web site with "fun" videos or e-card. .... I-Week has more.

....Marc Maiffret, founder and chief hacking officer of eEye Digital Security said hackers were starting to look at how to turn over Vista and have already found five or six different Vista-specific vulnerabilities.... Whole story at Inq

VuNet reports: Firefox users are now receiving automatic updates that fix serious bugs in the open source browser.
The update, which started being sent out at the weekend, fixes flaws that security firm Secunia described as 'highly critical'.
The flaws affect Firefox 1.5 and 2.0 for Windows, Mac and Linux systems.
"Due to the security fixes, we strongly recommend that all Firefox users upgrade to these latest releases," said Mozilla in a statement. The fixes include a location.hostname vulnerability that independent Polish coder Michal Zalewski found a few weeks ago, and a critical memory corruption bug that can cause the browser to crash.
This could be the last security fix for Firefox 1.5, since the organisation will stop supporting the old browser on 24 April.

Microsoft is investigating two recently disclosed security vulnerabilities that affect Internet Explorer 7 and Windows Vista, the company said Monday.
The vulnerabilities aren't considered high-risk, yet they affect the latest releases of Microsoft's Web browser and operating system software. Microsoft has promoted the security of both IE 7 and Windows Vista. The flaws could let attackers get their hands on sensitive user information, security experts have warned.
The French Security Incident Response Team said in an alert that the IE vulnerability, which also affects IE 6, could be exploited in phishing attacks, scams that try to trick people into giving up sensitive information such as credit card data and Social Security numbers. The problem exists because of an error in the way the browser handles certain "onunload" events, the security monitoring company said. Attackers could exploit the issue to spoof the browser address bar, FrSirt said. News.Com has more.

Think the new built-in phishing filters in Internet Explorer 7 and Firefox 2 will protect your private data? Think again. The number of sites devoted to phishing skyrocketed last year, and the number of Americans taken in by phishing schemes has nearly doubled. In November 2006, the last month for which data is available, the Anti-Phishing Working Group found 37,439 new sites, up an astounding 709 percent from the 4630 sites in November of 2005.
Last October, both Mozilla and Microsoft released new versions of their browsers that use blacklists to block access to known phishing sites. In response, resourceful phishers are flooding new fake Web sites onto the Internet too quickly for them all to be shut down or blacklisted. Again Yahoo has more.

Mozilla has confirmed a potentially serious flaw in its open source Firefox browser.
Developer Michal Zalewski, who uncovered the flaw, described it as " seemingly pretty nasty, and apparently easily exploitable".
The vulnerability affects current versions of Firefox for all major PC platforms, according to Zalewski's report.
The use of a certain JavaScript instruction can cause Firefox to crash, allowing an attacker complete access to a system and the ability to run malware remotely. More at Vnunet

Microsoft has admitted its Windows Live Messenger client displayed banner ads for several days punting an application blacklisted as a security risk. Redmond has pulled the ads for Errorsafe, a purported security product labeled by legitimate firms as "scareware" designed to frighten users into buying a product that actually impairs internet safety. Redmond has promised to review its advertisement approval process in order to prevent the problem cropping up again. More at TheReg

A potentially devastating hole in Google Inc.'s prevalent desktop search product could have exposed personal files on users' computers to data thieves. Google fixed the defect within weeks of being informed about it and says it has no evidence the vulnerability was exploited.
The flaw was uncovered late last year by Watchfire Corp, a security-analysis provider.
While the vulnerability exists in roughly 80 percent of web applications, this problem appeared far more extreme "given the sensitive nature of what Google Desktop is doing," said Danny Allan, a researcher at Watchfire. Read on at SMH.Com.au

It's bad enough when crooks exploit bugs to ruin a home computer, but the consequences of a successful attack can be much worse. A substitute teacher in Norwich, Connecticut, found that out when a computer she was using in her classroom suddenly started showing pornographic pop-up ads to everyone in the class. She now faces up to 40 years in prison after being convicted of willfully showing her students the images. A security expert hired by her defense, however, says he found malicious software on the PC. Read on at PCWorld

Clark School's Cukier Stresses Strong Passwords as Defense Against Harm Are hackers trying to get into your computer right now? And what are they up to? A study by the University of Maryland's A. James Clark School of Engineering is one of the first to quantify the near-constant rate of hacker attacks of computers with Internet access?every 39 seconds on average?and the non-secure usernames and passwords we use that give attackers more chance of success. The study, conducted by Michel Cukier, Clark School assistant professor of mechanical engineering and affiliate of the Clark School's Center for Risk and Reliability and Institute for Systems Research, profiled the behavior of "brute force" hackers, who use simple software-aided techniques to randomly attack large numbers of computers. The researchers discovered which usernames and passwords are tried most often, and what hackers do when they gain access to a computer.

Here?s a major security issue that might have gotten buried in this week?s patch-release deluge: A critical code execution hole in µTorrent, everyone?s favorite lightweight torrent application.
What?s worse, exploit code that provides instructions on using dirty .torrent files in PC-takeover attacks has been publicly available for several days. Read on at ZdNet

Attackers could change the configuration of home routers using JavaScript code, security researchers at Indiana University and Symantec have discovered. The researchers first published their work in December, but Symantec publicized the findings on Thursday.

The latest versions of Internet Explorer and Firefox on Windows and (in the case of Firefox) Unix systems are vulnerable to attacks that could reveal the contents of sensitive files residing on a victim's hard drives.

Apple Inc. has patched a vulnerability in its QuickTime media player that could give a hacker control over a computer.
The problem concerns a buffer overflow that can occur when QuickTime processes a RTSP URL (Real Time Streaming Protocol Uniform Resource Locator), which directs the player to a streaming file and allows a user to play and pause it. A hacker could create a malicious RTSP URL embedded in a Web page that would could open a door for other harmful code to run on a machine, Apple said. The patch comes more than three weeks after researchers who are part of the Month of Apple Bugs (MOAB) project published exploit code. Infosworld has more on this topic.

Finish data security company F-Secure told reporters today that a computer virus called "Storm Worm" was sent to hundreds of thousands of email addresses globally. Knowing how many e-mail users do not blind-copy (BCC) their friends when sending mass e-mails, the numbers could be much higher. According to F-Secure, "Storm Worm" is spreading very quickly. Read on at DailyTech
View Video of the last 24 hours of Virus spreading @ YouTube

Adobe Systems has issued updates to fix security flaws in its Reader and Acrobat software that could allow an attacker to remotely commandeer a computer. The vulnerabilities affect Adobe Reader and Adobe Acrobat Standard, Professional and Elements versions 7.0.8 and earlier, as well as Adobe Acrobat 3D, Adobe said in its advisory. Secunia rated the Reader flaw as "highly critical." Read on at ZdNet

Symantec's Norton AntiVirus 2007 is the world's most trusted antivirus solution. It removes viruses and security risks automatically; heuristically detects Spyware threats, detects blocks Internet worm attacks, and protects email.

Start64!