vulnerability

In the course of a mass iFrame injection attack, nearly 100,000 web pages for e-commerce sites on the open source OS Commerce platform were compromised with malware, reports security firm Armorize.

As estimated the attacks appear to come from Ukraine and they aim to infect the websites with malware to further attack visitors to these e-commerce websites, says Wayne Huang, chief technology officer at Armorize.

While Google markets its Chrome OS based computers as safe because of cloud information storage compared to traditional PCs where the information is stored on hard drives, researchers have found some vulnerabilities that allow hackers successfully steal users’ data the same way they do when hijacking websites.

A group of hackers reported a new successful hijacking of another Sony Corp’s computer networks to show that the electronic company lacks proper security in all its systems. LulzSec hackers broke into U.S. PBS television and Fox.com and accessed the information of more than 1 million customers. It published the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony.

Sony PlayStation Network has not been hacked, according to a new statement made by the company in a blog post. Sony spokesperson Patrick Seybold says that the PlayStation Network wasn’t hacked so much as threatened yesterday when a password exploit accessible through its PSN web page login page came to light.

“We temporarily took down the PSN and Qriocity password reset page,” wrote Seybold, quickly adding “Contrary to some reports, there was no hack involved.”

Another beta of Firefox 4 is coming again before Mozilla will at last launch its Release Candidate.

"There are currently fewer than 20 'hard' blocking issues which have been identified as requiring beta coverage [1] and only 7 without patches," noted the open source outfit's Mike Beltzner late on Friday.

"At this point in time I do not believe we will require an additional beta, and am recommending that we continue to push hard to close these blockers out over the next few days."

According to a new research by cPacket Networks hackers can exploit high-frequency trading networks to pocket millions of dollars during stock market transactions. Rony Kay, a former IBM research fellow and founder of cPacket Networks, says that the networks used to complete stock market transactions in microseconds, are vulnerable to manipulation by hackers who can inject tiny amounts of latency into them. By doing so, they can subtly change the course of trading to their advantage.

Several versions of Microsoft Windows operating system have vulnerabilities that may be exploited by hackers to remotely take control of a personal computer.

This week Microsoft warned of the bug in a special alert saying that it has yet to develop software to plug the hole in Windows or to figure out a workaround to the problem.

The Redmond reports that it does not know any attacks to date that tried to exploit the flaw which involves the way Windows renders graphics on versions of Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008.

According to the stats from the online security vendor Kaspersky Lab computers worldwide contain about 32 million vulnerabilities because most users fail to update their software.

Google again came at the top of the rating charts. This time it was due to negative factors. Its web browser Chrome was ranked as the number one application in the "Top Vulnerable Applications - 2010" list compiled by Bit9.

The statistics is based on the U.S. National Institute of Standards and Technology's official vulnerability database, so the results are a little hard to argue with. Chrome came first with a big margin (76 vulnerabilities) beating Apple’s Safari which came second with 60 problems.

According to the research performed by Nitesh Dhanjani, Apple’s iOS is vulnerable to web-based attacks that incite third-party apps to make phone calls and carry out other sensitive operations without first warning the user. He showed how the planting of a simple iframe on a webpage can force the Safari browser to open Skype and dial a phone number or send a message to another Skype user. As long as Skype is installed and it stores the victim's account password, the attack will work with no warning.

A developer Eric Butler showed critical vulnerabilities in most social networking and other websites that allows anyone collect private user data including login credentials from Wi-Fi networks. Butler has created Firefox extension, Firesheep, which will let you essentially eavesdrop on any open Wi-Fi network and capture users’ cookies.

According to a new report Oracle’s Java platform is exceeding Adobe applications as the most attacked software suit. Holly Stewart, a member of the Microsoft Malware Protection Center, reported that warned she was seeing “an unprecedented wave of Java exploitation.” By the beginning of this year, the number of Java exploits “had well surpassed the total number of Adobe-related exploits we monitored,” she said.

Adobe Systems reported a critical vulnerability in its latest Flash Player that is actively exploited in the wild. The vulnerability affects Flash Player 10.1.82.76 for Windows, Macintosh, Linux, Solaris, and Android operating systems.

“There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows,” the warning said, without elaborating. The latest versions of Adobe's Reader and Acrobat applications are vulnerable to the same flaw, but there's no evidence they are being exploited.

A flaw found in Apple QuickTime Player can be exploited to remotely execute malicious code on Windows-based PCs, even those running the most recent versions of operating system. The bug was discovered by Ruben Santamarta of Spain-based security firm Wintercore. Before this time an unused parameter known as “_Marshaled_pUnk” remained undetected for at least nine years. The inclusion of this parameter is a backdoor because it is the work of an Apple developer who added it to the QuickTime code base and then, most likely, forgot to remove it when it was no longer needed.

As it became known Tuesday, Adobe Systems patched 20 security vulnerabilities in its Shockwave Player, used to display content created by Adobe's Director program, offering advanced tools for creating interactive content.

These vulnerabilities are in versions of Shockwave Player up to version 11.5.7.609, on both Apple's Mac OS X and Microsoft Windows. The patched version is 11.5.8.612, according to an Adobe advisory.