Avne Lite

According to Kaspersky Lab’s Information Security Threats in the First Quarter of 2010 Report, exploiting Adobe applications accounted for almost half of all reported security threats. Furthermore, Symantec’s Internet Security Threat Report released in April 2010 declared Adobe infections to be the number one Internet-based infection vector in 2009. In a press release today, Invincea, Inc. announced that they have a solution. If that name sounds familiar, it might be due to my article, “Invincea Browser Protection: Using the power of virtualization to combat malware.” Dr. Ghosh and the Invincea team determined the same virtual environments used to keep computers safe from malicious web-browser downloads can also protect computers from PDF documents embedded with malware. With that in mind, the team developed Document Protection. Since the application is new, I had few details of how Document Protection worked. continue reading

Kaspersky Lab, a leading developer of secure content and threat management solutions, has been awarded the Asia Pacific Super Excellence Brand 2010 for its achievement in the cyber security market. The prestigious international brand certification award is presented annually by the Asia Entrepreneur Alliance, an international not-for-profit business organisation, the company said in a statement on Wednesday. Kaspersky Lab's channel sales director, South-East Asia, Jimmy Fong, said the recognition gave the company a boost in confidence to capture even more market share in Malaysia and the rest of Asia Pacific. Currently, Kaspersky Lab holds about 50 per cent of the personal information technology software market in Malaysia and is looking to increase its market share this year, he said. The brand offers wide-ranging protection against all forms of threats such as viruses, spyware, hackers and spam, Fong said, adding that it protects over 300 million systems globally rangi...

Penetration testing specialists Core Security has publicly released information on a serious security vulnerability in Apple’s Mac OS X and criticized the computer maker for delaying the release of a patch. The vulnerability, which only affects Apple Mac OS X v10.5, could allow hackers to take complete control of a vulnerable machine via malicious PDF files. In an advisory, Core Security said Apple claims it already has a patch prepared for this issue but failed to release the fix despite several promises. Apple did not give any reasons for skipping the patch release. Full Story

In the wake of zero-day attacks against a critical vulnerability in its software products, Adobe is fast-tracking an emergency fix for the widely deployed Flash Player. The patch was originally scheduled for release on November 9 but Adobe now says the patch will be ready tomorrow (November 4, 2010). From Adobe’s updated advisory: We are in the process of finalizing a fix for the issue and expect to provide an update for Flash Player 10.x for Windows, Macintosh, Linux and Solaris by November 4, 2010. We expect to make available an update for Flash Player 10.x for Android by November 9, 2010. We expect to make available an update for Adobe Reader and Acrobat 9.4 and earlier 9.x versions during the week of November 15, 2010. Continue reading

A security audit of the Android kernel has turned up 88 “high-risk defects” with with significant potential to cause security vulnerabilities, data loss, or quality problems such as system crashes. According to Coverity, a source code analysis firm, the high-risk defects included memory corruption flaws, memory illegal accesses and resource leaks. The analysis was conducted against the Android kernel 2.6.32 (code named “Froyo”). This kernel is targeted for smartphones based on the Qualcomm MSM7xxx/QSD8×50 chipset, specifically the HTC Droid Incredible. In addition to the standard kernel, this version includes support for wireless, touchscreen, and camera drivers. Continue reading

Google plans to start paying bounties to hackers who find serious security flaws in web applications that manage highly sensitive user data. As part of what is described as an experimental new vulnerability reward program that applies to Google web properties, the search marketing giant is inviting the security research community to report potentially dangerous flaws in “any web properties which display or manage highly sensitive authenticated user data or accounts.” The company specifically called out the flagship *.google.com domain, as well as the wildly popular *.youtube.com, *.blogger.com and *.orkut.com sites. Continue reading