New Internet Explorer weakness already exploited in attacks

A previously unknown security hole in Internet Explorer 7, 8 and 9 is being actively exploited to deliver a back door trojan known as "Poison Ivy," researchers warned.

Security blogger Eric Romang, who uncovered the vulnerability this weekend, wrote on his blog yesterday:

I can confirm, the zero-day season is really not over yet. Less than three weeks after the discovery of the Java SE 7 0day, aka CVE-2012-4681, potentially used by the Nitro gang in targeted attacks, a potential Microsoft Internet Explorer 7 and 8 zero-day is actually exploited in the wild. Romang found an attack that … Read more

A conversation with the first PlayStation Vita hacker

Those hoping to see a PlayStation Vita hack could have their wishes answered in a few months. Some anonymous programmers announced they discovered an exploit allowing them application-level (userland) access into the Sony gaming device.

Before you get all excited about the idea of illegally downloading full PS Vita games, you should know that this purported hack can't grant such abilities. However, if the group of developers creates a loader, the hack could open the door for homebrew, and more importantly, emulation. Which means that one day the Vita could play Super Nintendo, Nintendo 64, Nintendo DS, Sega, and many other games, similar to a hacked PSP. … Read more

New vulnerabilities found in latest Java update

Only hours after Oracle released its latest Java 7 update to address active exploits, security researchers found yet another vulnerability that can be exploited to run arbitrary code on systems that have the runtime installed.

Oracle's latest release of its Java 7 runtime has come under scrutiny in the past few weeks after it was found being actively exploited in malware attacks that target Windows systems. While so far the vulnerability has only been found being used against Windows, other platforms such as the Mac OS could potentially be targeted through the same exploit.

In response to these findings, … Read more

Microsoft implements BlueHat prize tech

LAS VEGAS -- A year ago this week, Microsoft announced a startup-style contest with serious reward money called BlueHat to get security researchers to apply their expertise to innovative defenses. Today, the company revealed that the efforts of one of the three BlueHat finalists would be incorporated into its Enhanced Mitigation Experience Toolkit tool.

Mike Reavey, the senior director of Microsoft's Security Response Center, explained that the BlueHat contest process was a big win for Microsoft. "In less than a year, we were able to solicit for ideas, receive them, implement them, and get them to customers," … Read more

App Store hacker says the 'game is over'

The creator of an exploit that let users purchase digital goods inside of iOS apps without actually paying for them said today that Apple's fix puts the hack out of business.

"Currently we have no way to bypass [the] updated APIs," creator Alexei Borodin wrote in a post on his development blog. "It's a good news for everyone, we have updated security in iOS, developers have their air-money."

Borodin says that the exploit, which requires the use of third-party servers and specially-installed security certificates, will continue to be up and running until Apple releases … Read more

In-app purchase hacker sets sights on Mac App Store

The exploit that allowed users to purchase digital goods inside iOS apps without actually paying has jumped platforms and now works on Apple's Mac platform.

The Next Web notes that programmer Alexei Borodin, who created the iOS in-app purchase exploit, now has a similar solution for apps purchased in Apple's Mac App Store. Like the exploit for iOS, this too requires that users install special security certificates on their machines, though it also requires the installation of an extra helper program.

Earlier today Apple said it had a fix coming in the next version of iOS, due out … Read more

Apple fights back at in-app freebie exploit

Apple is not too pleased with Russian hacker Alexey V. Borodin, and a hack he developed that allows iDevice owners to install in-app goods without paying for them.

According to The Next Web, Apple over the weekend blocked the IP addresses of the server Borodin used to facilitate the hack. In addition, the company issued a takedown request to his server's hosting provider. Apple even requested that the video Borodin posted showing his technique in action be removed from YouTube due to a copyright violation.

Borodin last week surfaced with an exploit that re-routes in-app purchase requests away from Apple or a developer's secured serverRead more

New iOS hack yields in-app freebies

A new exploit aimed at iOS devices enables users to gain free access to paid content within applications, thereby circumventing built-in security measures.

The hack, which was detailed by a Russian programmer and picked up by 9to5mac this morning (via i-ekb.ru), uses a proxy system to send purchase requests to third-party servers where they are validated and sent back to the application as if the transaction had gone through. However before that happens, users need to install special security certificates on their device, as well as be on a Wi-Fi network.

The individual behind the effort has already created … Read more

Kaspersky to cut phisher lines before they hook you

SAN FRANCISCO--Ever click a link to a Web site and discover that while it looks like your banking site, or Facebook, the URL didn't match your expectations? That's called phishing. Kaspersky revealed a new feature at a reviewer's conference here yesterday that the company says can stop such credential-stealing attacks before you get hooked.

Automatic Exploit Prevention, as the feature is called, is expected in the Kaspersky 2013 security suites due in August. The premise behind it is simple: Phishing attacks are on the rise, due in large part to the plummeting cost of entry to the … Read more

How Facebook fights child porn

It's hard not to be affected by an article titled "Kids Raped, Sodomized on Facebook Pages," the first of a four-part WND series about child porn and Facebook.

The article alleges that the blog "located dozens of child porn images after 'friending' many likely pedophiles and predators who trade thousands of pornographic photos on the social network."

Unlike legal "adult pornography," child porn depicts sexual exploitation of children, in some cases very young children. Child porn is illegal in the United States and many other countries. Anyone who knowingly produces, transmits, stores, or … Read more