Remove all known AIM viruses with one consolidated removal tool.

Detect and quarantine/remove the malware found on your PC.

Microsoft published a desktop security guide for Internet Explorer 7

InfoWorld reports that Symantec has patched a critical flaw in the 2006 versions of Norton AntiVirus, Norton Internet Security, and Norton System Works.

News.com reports that Microsoft will release next week nine security patches

Update your Spybot S&D detections without the need for the included WebUpdate.

According to a message posted over the weekend on the Full-Disclosure mailing list, the latest version of Firefox, 2.0.0.5, contains a password management vulnerability that can allow malicious Web sites to steal user passwords. If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw.

Macaulay, a software engineer, was able to hack into a MacBook through a zero-day security hole in Apple's Safari browser. The computer was one of two offered as a prize in the "PWN to Own" hack-a-Mac contest at the CanSecWest conference here.
The successful attack on the second and final day of the contest required a conference organizer to surf to a malicious Web site using Safari on the MacBook--a type of attack familiar to Windows users. CanSecWest organizers relaxed the rules Friday after nobody at the event had breached either of the Macs on the previous day. ZdNet has more.

Microsoft broke with its monthly patch cycle Tuesday to repair a bug in the way Windows handles animated cursors. Cybercrooks had been using the hole since last week to attack Windows PCs. But the fix is not compatible with software that runs audio and networking components from Realtek Semiconductor, some Windows users have found.
"Apparently the update is not compatible with Realtek," CNET News.com reader Dave House wrote in an e-mail. "We lost all Ethernet and audio functions. Removing the update and doing system restores brought the systems back." ZdNet has more.

A new worm was spammed out this weekend purporting to be a beta version of Microsoft's Internet Explorer 7 browser.
Emails with spoofed headers such as admin@microsoft.com contain a file that claims to be a beta version of the browser, despite the fact that the full code was released in October 2006. The 'ie7.0.exe' file contains the Grum-A worm. Vnunet has more.

Microsoft has decided to rush out a fix for a flaw in its Windows operating system, saying that the problem has become too serious to ignore.
The flaw, which will be patched on Tuesday, was originally disclosed to Microsoft in December, but it was not publicly reported until Wednesday of last week. The bug lies in the way Windows processes .ani Animated Cursor files, which are used to create cartoon-like cursors in Windows.
Since the first attacks based on this flaw were reported, security experts say that more than 100 Web sites are now serving up malicious Web pages that take advantage of the bug, and a new worm , has begun spreading in China, according to by Symantec Corp. InfoWorld has more.

Romanian hackers, eat your hearts out: The United States has far and away the most malicious code, spam, phishing, attack and botnetwork activity on the planet, according to Symantec's most recent semi-annual Internet Security Threat Report.
In this, its 11th edition of the report, Symantec has for the first time ranked countries as far as their Internet malfeasance is concerned. Tapping into its global intelligence network, Symantec found that the United States spawned 31 percent of the worldwide total for malicious activity. China came in second with 10 percent, and Germany came in third with 7 percent.... E-Week has more.

Security company Symantec says new research supports fears that Windows Vista's use of the IP tunneling protocol Teredo is potentially insecure. Microsoft is using Teredo to enable a transition from IPv4, which is the traditional version of the network layer protocol for packet-switched networks now used as the Internet's background, to IPv6, an updated protocol whose biggest benefit is the exponential increase it will bring in the number of IP addresses available for networked devices. ExtremeTech has more.

A vulnerability in the way OpenBSD handles IPv6 data packets exposes systems running the traditionally secure open-source operating system to serious attack. A memory corruption vulnerability error exists in the OpenBSD code that handles IPv6 packets, Core Security Technologies said in an alert published Tuesday. Exploiting the flaw could let an attacker commandeer a vulnerable system, according to Core, which said it discovered the issue and crafted sample exploit code. ZdNet Downunder has more.

Yahoo reports:A vulnerability in Microsoft Corp.'s Internet Explorer (IE) browser could help fraudsters make phishing Web sites appear legitimate, a security researcher reported Wednesday.
The flaw lies in the way IE7 processes a locally stored HTML (Hypertext Markup Language) error message page that is typically shown when the user cancels the loading of a Web page, said Aviv Raff, a security researcher based in Israel.

The megapatch is the seventh Apple security patch release in three months. It deals with vulnerabilities in Apple's own software, as well as third-party components such as Adobe Systems' Flash Player, OpenSSH and MySQL. Sixteen of the vulnerabilities addressed by the update were previously released as part of two high-profile bug-hunting campaigns. The vulnerabilities pose varying risks to Macs. Several of the flaws could be exploited to gain full control over a Mac running the vulnerable component, according to Apple's advisory. Other holes are limited and could only be exploited to crash a Mac or used by somebody who already has access to a machine to elevate privileges, for example. More at ZdNet

Researchers are fuzzy about the impact of a flaw discovered in Microsoft Windows Explorer, but US-CERT's advisory said there's exploit code out there for it.
At issue is Windows Explorer's failure to properly handle malformed Office documents. Although researchers aren't clear about the implications, the advisory said that it may allow an attacker to take over a system and execute arbitrary code. Crashing Windows Explorer is the least of the woes the flaw could cause, US-CERT says. EWeek has more.

The rate of identity theft-related fraud in the US has risen sharply since 2003, a report from research firm Gartner suggests. And the story is somewhat similar in Australia.
Gartner's study, released Tuesday in the US, shows that from mid-2005 until mid-2006, about 15 million Americans were victims of fraud that stemmed from identity theft, an increase of more than 50 percent from the estimated 9.9 million in 2003.
According to the Australian Competition and Consumer Commission, identity theft costs billions of dollars.
"On identity theft alone, losses to the Australian community are estimated to be in excess of $1 billion annually." ZdNet Downunder has more.

As you may know, Microsoft has updated their WGA - notification tool. But what you don´t know is that this tool will phone home when you try to cancel the installation of the WGA tool.
If you haven´t installed a desktop firewall you will get no notice from this homecall.
Heise.de has checked the content of the packages which are sended back to Microsoft and they include a lot of cryptic stuff, the version of the WGA and a GUID which could be used as a unique identification mark. The language of the system and if the machine is part of a domain was also submitted to Microsoft.
Redmond told Heise.de that they collect the datas for quality reasons without identifying the users. To prevent the home call it´s higly recommended to install a desktop firewall. Roughly translated source by Google

A security expert has cracked one of the U.K.'s new biometric passports, which the British government hopes will cut down on cross-border crime and illegal immigration.
The attack, which uses a common RFID (radio frequency identification) reader and customized code, siphoned data off an RFID chip from a passport in a sealed envelope, said Adam Laurie, a security consultant who has worked with RFID and Bluetooth technology. The attack would be invisible to victims, he said.
"That's the really scary thing," said Laurie, whose work was detailed in the Sunday edition of the Daily Mail newspaper. "There's no evidence of tampering. They're not going to report something has happened because they don't know." InfoWorld has more.