0-day 'Mass Exploit Distribution' 0-day vulnerability of Java revealed On 10th of January a 0-day vulnerability of Java revealed. Oracle has not quoted any response on this vulnerability till now, despite widespread adoption by exploit kits and evidence it is being used to serve up nasty malware.
Android Research Shows Serious Problems With Android App SSL Implementations Thousands of apps in the Google Play App Store contain serious mistakes in the way that SSL/TLS is implemented, leaving them vulnerable to man-in-the-middle attacks.
vulnerability Samsung Galaxy Phones May Be Vulnerable to Malicious Wiping Samsung Galaxy SII and SIII smartphones might be at a huge security risk when opening links with QR technology, NFC or push notifications, according to a new report.
0-day Android 4.0.4 multiple Zero-Day Vulnerabilities The Samsung Galaxy S3 can be hacked via NFC, allowing attackers to download all data from the Android smartphone
vulnerability Oracle Database stealth password cracking vulnerability Some Oracle DBs suffered with vulnerability in auth protocol enabling remote attacker to brute-force a token provided prior to auth & determine user’s pass
vulnerability Private US networks vulnerable to cyber attack: Pentagon Privately-owned U.S. computer networks remain vulnerable to cyber attacks, and many U.S. companies are not doing enough to protect them
0-day FireEye spotted Critical 0-day vulnerability in Java Runtime Environment FireEye’s Malware Intelligence Lab is making the claim that there is a new zero day vulnerability in the wild that affects the latest version of Java
vulnerability Symantec: parts of antivirus source code exposed Symantec said hackers had exposed a chunk of its source code, which is blueprint for its products, potentially giving rivals some insight to company’s tech
vulnerability Researcher claims all GSM phones vulnerable to hijacking Security expert Karsten Nohl says all GSM phones are potentially vulnerable to eavesdropping and hijacking that would enable attackers to send texts or make calls. Speaking at the Chaos Communications Congress [http://events.ccc.de/congress/2011/Fahrplan/index.en.html] in Berlin, noted mobile security expert Karsten Nohl claims
vulnerability Skype security flaw leaves user locations vulnerable Users of Skype may be inadvertently putting themselves at risk of having their physical location and other personal details stolen, experts warn.
trojan BlackBerry phones hit by ZeuS Trojan virus ZeuS Trojan has be discovered which specifically targeting BlackBerry users. And it aims to monitor users’ private information especially when they conduct mobile banking.
0-day Adobe Flash Hit with Zero-Day Exploit Adobe has published a security advisory in response to a critical flaw found in Flash Player on Windows, Mac OS X, Linux, Solaris, and Android
vulnerability Internet Explorer Used to Exploit Windows MHTML Vulnerability The way IE parses MHTML (method to combine multiple files & HTML content into a single file) is vulnerable & targeting users in “drive-by” browser attack
vulnerability Soundminer Android Malware Researchers have developed a low-profile Trojan horse program for Google’s Android mobile OS that steals data in a way that is unlikely to be detected by either a user or antivirus software
vulnerability PHP Floating Point Bug Crashes Servers PHP scripting language could crash servers when the software is given the task of converting a large floating point number, raising the possibility that the glitch could be exploited by hackers
vulnerability IE9 Blocks Malware, But Older Versions Are Vulnerable IE9 beta offers “vastly” more protection from malware than other browsers, while vulnerability in IE 6, 7 & 8 that could allow malicious remote control
adobe Adobe Flash unspecified code execution vulnerability Adobe Flash contains a vulnerability that can result in memory corruption, which can allow arbitrary code execution. See also Adobe Security Advisory APSA10-03 [http://www.adobe.com/support/security/advisories/apsa10-03.html] and Adobe Security Bulletin APSB10-22 [http://www.adobe.com/support/security/bulletins/apsb10-22.html]. Note that separate instances
vulnerability The 'onMouseOver' incident at Twitter “onMouseOver” flaw — exploit occurred when mouse was over a link. With XSS on Twitter.com; someone created an account & exploited issue by turning tweets different colors & causing a pop-up box to appear on hoving the link.
