exploits

ExploitShield becomes Malwarebytes Anti-Exploit

ExploitShield launched in September 2012 (covered previously by Seth Rosenblatt) with an ambitious goal: to close the yawning security gap for zero-day threats, those nasty exploits that arise upon first notice of a security vulnerability in a browser or other application before developers can fix the hole. Today, the ExploitShield technology gained a lot more visibility as it was acquired by security-software publisher Malwarebytes, whose Malwarebytes Anti-Malware software has been a Top 10 product on Download.com for many years.

As a result of the purchase, Malwarebytes has released a new beta version of the software, now called Malwarebytes Anti-Exploit. … Read more

Google plans to wipe child porn from the Web

Photos and videos of child pornography on the Web have multiplied at an alarming rate over the past few years. In 2011, the National Center for Missing and Exploited Children said it received 17.3 million images and videos of suspected child abuse, which is four times more than 2007.

Google has announced that it wants to help curb this proliferation of child pornography. In fact, the Web giant plans to take it even a step further -- it wants to completely eradicate child porn from the Internet.

"Behind these images are real, vulnerable kids who are sexually victimized … Read more

Google push for faster zero day fixes hits a wall: Other companies

Google has undertaken what some might call a Sisyphean effort: to get technology companies to patch publicly unknown security vulnerabilities, referred to as "zero day" exploits, more quickly.

In a blog post published Wednesday, two Google security engineers advised their counterparts at other companies to respond to actively exploited zero days within seven days.

The post's authors, Chris Evans and Drew Hintz, wrote, "Often, we find that zero day vulnerabilities are used to target a limited subset of people. In many cases, this targeting actually makes the attack more serious than a broader attack, and more … Read more

As Schmidt speaks of caution, Google Glass gets hacked

Within hours of Google Executive Chairman Eric Schmidt's revelation that apps for Google Glass will require Google's approval, a renowned hacker/developer has shattered the notion of locked-down Glass. More specifically, Jay Freeman -- aka "Saurik" -- has jailbroken it.

Freeman is also the creator of the popular Cydia app store for jailbroken iOS devices, and he tweeted a photo Friday afternoon that's apparently a capture of the "Device info" dialog for the pair of Glass he purchased from Google as a developer. It describes the device as "Jailbroken ;P"… Read more

Oracle issues emergency Java update to patch vulnerabilities

In response to discovering that hackers were actively exploiting two vulnerabilities in Java running in Web browsers, Oracle has released an emergency patch that it says should deal with the problem.

"These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password," Oracle wrote in a security alert today. "For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and … Read more

Apple promises fix for iOS 6 passcode exploit

Apple says it plans to fix the exploit that lets users gain access to a passcode-locked iPhone even if they don't know the access code.

"Apple takes user security very seriously," the company said in a statement provided to CNET. "We are aware of this issue, and will deliver a fix in a future software update."

The company did not offer a timeline of when such an update would arrive, or offer guidance on any interim way to secure devices.

The hack, published last month by a YouTube user, surfaced earlier today and opens up … Read more

Flash update fixes active exploits for both OS X and Windows

Java is not the only runtime that malware developers use to target victims of their attacks, and yesterday Adobe released an update to Flash that fixes two zero-day exploits in its popular Web plug-in software.

The two vulnerabilities in question affect both OS X and Windows systems, and allow malicious Flash content on Web sites to deliver malware to Macintosh systems via Firefox and Safari. The second vulnerability targets Windows users by tricking them into opening an e-mail attachment that contains the Flash-based exploit.

These problems are considered critical, so if you have Flash enabled on your system (which most … Read more

Microsoft's next Patch Tuesday won't resolve IE zero-day flaw

Microsoft's regular Patch Tuesday rolls around next week. But one flaw that won't be fixed in the mix is the latest zero-day exploit in Internet Explorer.

Last Saturday, Microsoft warned about the zero-day flaw in IE 6, 7, and 8 that could allow attackers to gain control of Windows computers to host malicious Web sites. In its advisory, the company noted that IE 9 and 10 are unaffected by the vulnerability and suggested a variety of workarounds to those running the older browser versions.

On Monday, the company issued a temporary fix that prevents the flaw from being … Read more

Deadly exploit briefly massacres World of Warcraft

Imagine your virtual character relaxing in the confines of the massive World of Warcraft city Orgrimmar, when suddenly, zero health points. Upon spinning the mouse cursor around, everything around you also simultaneously perishes. Not long after the death, countless skeletons of fallen players stack up upon the city streets.

While this sounds like a bad dream that might strike someone who plays World of Warcraft too much, the deadly scenario played out yesterday across many WoW servers around the world. Entire Horde and Alliance megacities -- including Stormwind -- suddenly became graveyards for thousands afflicted by an in-game exploit carried out by malicious players. … Read more

ExploitShield appears to live up to its name

A new company called ZeroVulnerabilityLabs says that it has solved the Gordian knot of exploits, slicing through the complicated, Hydra-headed problem with a single stroke from a software weapon it calls ExploitShield.

Available exclusively today from Download.com, the first ExploitShield Browser Edition beta (download) appears to stop all manner of exploits, from those affecting browsers directly to browser plug-ins like PDF readers, Flash, and Java, to Microsoft Office components, to a handful of media players. The potential for raising the level of computer security here is huge, as a vast number of threats are actually mutations of malware, sold in kits like BlackHole, … Read more