Web Browser Security
- August 06, 2008
Black Hat: Security researcher Dan Kaminsky outlined more than a dozen ways the DNS cache poisoning flaw could be exploited by an attacker to wreak havoc on vulnerable systems.
- August 04, 2008
Web security vendors Zscaler Inc., Purewire Inc. enter growing Software as a Service (SaaS) space dominated by appliance vendors
- July 02, 2008
A cross-site scripting filter and additional security features for developers will help defend against attacks.
- July 01, 2008
A zero-day vulnerability in Internet Explorer (IE) leaves the browser open to an attack that could allow someone to capture the keystrokes of a victim.
- May 31, 2008
In a warning issued to customers late Friday, Microsoft urged Safari users to change the browser's default download location.
- February 13, 2008
Cybercriminals are conducting Web-based attacks to bypass traditional protection technologies. With most security vendors unable to solve the problem, companies need to rethink their security strategy.
- February 12, 2008
Microsoft's Bill Sisk explains the Internet Explorer critical flaws being addressed in this month's batch of security updates.
- December 20, 2007
Microsoft announced a workaround for IT shops affected by a flawed Internet Explorer (IE) security patch, but some administrators sought the solution on their own.
- December 11, 2007
Mozilla is touting big security advances in Firefox 3, including stronger anti-malware measures. Those testing the beta say it looks promising, though tweaks are needed.
- December 06, 2007
Microsoft plans to release seven security updates Tuesday, including three critical fixes for Windows, DirectX, DirectShow, Windows Media Format Runtime and Internet Explorer.
- October 19, 2007
Attackers could exploit multiple flaws in Mozilla Firefox to tamper with sensitive information, conduct phishing attacks and run malicious code.
- October 11, 2007
Microsoft issued an alert warning of an unpatched command execution vulnerability in Windows XP and Windows Server 2003 that could be exploited remotely to access a machine.
- September 05, 2007
Despite Mozilla's recent Firefox security update, researchers say there's another way attackers could exploit the browser for malicious purposes.
- August 14, 2007
Microsoft released nine security updates Tuesday -- six of them critical -- for flaws in Internet Explorer, Excel and other programs within the Windows OS.
- August 14, 2007
Microsoft's Christopher Budd explains the software vendor's new Update Catalog, a searchable database of all Microsoft security updates, drivers, and service packs. Also a look at this month's updates.
- August 10, 2007
Nine security bulletins will be released Tuesday to patch flaws in Windows, Office, IE and Virtual PC, Microsoft said. Six of the bulletins are expected to be critical.
- August 09, 2007
The next version of Firefox will include new anti-phishing and anti-malware capabilities. Mozilla also plans to release a pair of fuzzing tools to detect Java, FTP and HTTP flaws.
- July 31, 2007
Firefox version 126.96.36.199 addresses critical flaws involving unescaped URLs passing to external programs and privilege escalation.
- July 26, 2007
Danish vulnerability clearinghouse Secunia and the United States Computer Emergency Readiness Team (US-CERT) issued advisories about the input validation flaw.
- July 18, 2007
Mozilla attended to eight flaws in Firefox, fixing three critical and two high-impact vulnerabilities that could be used by an attacker to gain access to sensitive information.
- June 14, 2007
Researchers who haven't liked Apple's past response to flaw reports applaud the company's quick fix to Safari for Windows. But they're not convinced Apple is turning over a new leaf.
- June 13, 2007
Attackers can exploit a new buffer-overflow flaw in Microsoft Office to cause a denial of service or run malicious code on targeted machines via IE, Symantec warned Wednesday.
- June 12, 2007
Microsoft fixed 15 flaws in a variety of products Tuesday, including Windows XP, Vista and Internet Explorer 7. Attackers could exploit the most serious flaws for remote code execution.
- June 12, 2007
Attackers could exploit a flaw in Apple's Safari for Windows to pass arbitrary command line arguments to any application that can be called through a protocol handler.
- May 31, 2007
Firefox versions 188.8.131.52 and 184.108.40.206 fix flaws attackers could exploit to do a variety of damage. Mozilla says this is the final update for Firefox 1.5.
- May 14, 2007
A DNS service failure and an ongoing WSUS glitch are among this month's frustrations as IT administrators try to deploy the latest security patches from Microsoft.
- April 27, 2007
This week in Security Blog Log: A much-hyped QuickTime exploit threatens Mac OS X and Windows browsers, but the Apple faithful feel the greatest sting.
- March 30, 2007
Beware of emails from "firstname.lastname@example.org." It may look like an invitation to download Internet Explorer 7, but it's really a trick to infect machines with malware.
- March 22, 2007
One newly-discovered flaw and several glitches introduced in the last update have been fixed with Mozilla's release of Firefox 220.127.116.11 and 18.104.22.168.
- March 15, 2007
Microsoft said it is investigating a flaw in Internet Explorer 7 (IE 7) attackers could exploit to launch phishing expeditions.
- March 06, 2007
Attackers could exploit the latest Firefox flaws to bypass security restrictions and hijack targeted machines. The latest version of the browser corrects the problem.
- February 26, 2007
he Mozilla update fixes Firefox flaws digital miscreants could exploit to circumvent security restrictions, conduct cross-site scripting attacks and access sensitive information.
- February 19, 2007
In other news, researchers warn of a new security hole in Mozilla Firefox that could allow attackers to tamper with cookies.
- February 08, 2007
This week, Trend Micro released a fix for a flaw in its antivirus engine, while no fixes are available for two newly discovered Mozilla Firefox browser flaws.
- February 01, 2007
Windows users faced a breathtaking spike in zero-day threats last year and most security experts agree the problem is only going to get worse. Mark Shavlik, founder and CEO of Roseville, Minn.-based patch management firm Shavlik Technologies, is ...
- January 16, 2007
Window Snyder was a senior security strategist at Microsoft before leaving in 2005 to become a founder and CTO of Matasano Security LLC. Last September she became Mozilla Corp.'s security chief and is now responsible for locking down the popular ...
- January 11, 2007
Attackers can exploit the flaw remotely to compromise a user's system via the Safari Web browser.
- November 22, 2006
A flaw in Firefox 2.0 and IE could affect anyone visiting a Web site that allows user-contributed HTML codes to be added, according to Chapin Information Services.
- November 14, 2006
Microsoft said it is aware of proof-of-concept exploit code for the Windows Workstation service flaw, which was among the vulnerabilities patched this week.
- November 14, 2006
A Firefox automated antiphishing feature beat IE 7 in a test conducted by Mozilla, but analysts say large enterprises should focus on spam blocking software.
- November 08, 2006
Attackers could exploit multiple flaws in Firefox, SeaMonkey and Thunderbird to crash machines, bypass security restrictions and launch malicious code.
- November 06, 2006
This time, attackers are going after a zero-day flaw in Windows, and Microsoft has released some workarounds until a patch is available.
- November 03, 2006
This week, bloggers examine the security features of Firefox 2.0 and come away with mixed reviews. Does it fare better than Internet Explorer 7?
- November 01, 2006
Microsoft has outlined a series of steps users should take to protect their machines from attacks that exploit a new zero-day flaw in Visual Studio 2005.
- November 01, 2006
Attackers could exploit the security flaw to crash versions 22.214.171.124 and 2.0 of the browser, according to various security advisories.
- October 31, 2006
IT administrators like the security improvements in IE 7. But for those who use Firefox, Microsoft's browser upgrade isn't enough to make them switch.
- October 30, 2006
Security researchers have reported three flaws affecting Microsoft, including two Internet Explorer glitches and a vulnerability affecting organizations that share Internet connections.
- October 25, 2006
Meanwhile, Britain investigates an assault from Haxdoor; a Florida man is charged with attacking Akamai; and Britain's BT Group plans to buy Bruce Schneier's Counterpane.
- October 20, 2006
This week, the infosecurity community reacts to the long-awaited release of Internet Explorer 7 with a mix of satisfaction, disappointment and apathy.
- October 12, 2006
A malicious Web site poses as Google's Italian site, but attempts to install malicious ActiveX controls on victim's machines and ultimately redirect them to adult content.
- October 03, 2006
Hacker, Mozilla security official now say the flaw results in a DoS, not code execution.
- September 21, 2006
This week's Internet Explorer zero-day warnings illustrated how security vendors are increasingly using the blogosphere to deliver threat alerts to the public.
- September 20, 2006
Update: As more exploits target the VML flaw in Internet Explorer, a third-party fix patch is released and security organizations raise their alert status.
- September 19, 2006
In other news: The Department of Homeland Security (DHS) names a new cybersecurity chief and a new worm uses AOL Instant Messenger to spread.
- September 15, 2006
Several flaws could be used for man-in-the-middle, spoofing and cross-site scripting attacks. Mozilla has released Firefox 126.96.36.199 to address the problems.
- September 15, 2006
Days after Patch Tuesday, Microsoft warned of a new threat against Internet Explorer. Attackers could exploit it to crash machines or take them over.
- September 07, 2006
In other news: Mozilla hires a former Microsoft strategist to bolster security, a new "pump-and-dump" stock spam campaign is discovered and TippingPoint lists info on new flaws.
- August 29, 2006
A research group claims attackers could launch malicious code using a flaw in the way Internet Explorer instantiates certain COM objects' ActiveX controls.
- August 22, 2006
Update: Microsoft has fixed a faulty browser fix that enabled an exploitable condition. Souces say a compatibility problem with Systems Management Server delayed the fix.
- August 08, 2006
Updated: Microsoft releases a dozen August security updates, nine critical. The Department of Homeland Security says one fix in particular should be implemented immediately.
- August 03, 2006
Speakers at Black Hat USA 2006 have revealed a Cisco CallManager Express flaw and a proof-of-concept exploit. Also: Patches for GroupWise and yet another Firefox update.
- July 27, 2006
The open source group has issued new versions of Firefox, Thunderbird and SeaMonkey to fix 13 software security flaws, eight of which have been deemed critical.
- July 27, 2006
Also: Microsoft will push IE7 as a high-priority update to Windows XP and Windows 2003 customers and MessageLabs releases new spam data as an analyst ponders the vendor's future.
- July 25, 2006
The exploits target issues Microsoft patched earlier this month. Meanwhile, flaws are reported in Oracle for OpenView and a Mozilla Firefox keystroke logger is on the loose.
- July 20, 2006
Meanwhile, Metasploit creator H.D. Moore warns of a serious Internet Explorer flaw and Cisco may get more unwanted attention at the upcoming Black Hat conference.
- July 07, 2006
This week in Security Blog Log: A researcher vows to expose a new browser flaw every day this month. Meanwhile, McAfee's blog marks a mournful malware milestone.
- June 28, 2006
New flaws and exploits surface in Internet Explorer; Apple fixes Mac OS X bugs; a new data security bill is filed; and F-Secure fixes a flaw in its antivirus products.
- June 13, 2006
The baker's dozen of new patches includes 12 new ones that address flaws in Internet Explorer and Word, plus a re-release of a patch first issued in March.
- June 13, 2006
Microsoft's Christopher Budd outlines the finer points behind this month's security bulletins, plus offers advice on when to open Word files and guidance for Exchange administrators.
- June 08, 2006
June's "Patch Tuesday" security bulletins will feature nine Windows fixes, including a cumulative update for Internet Explorer, plus a pair of patches for Office and one for Exchange.
- May 12, 2006
Apple Computer Inc. has patched more than 25 flaws in its operating system and updated its media player to address 12 vulnerabilities.
- May 09, 2006
The software giant releases its May security bulletins and two of the three are rated critical. Issues with Exchange and Flash Player are addressed, but none fixes the latest IE flaws.
- April 28, 2006
This week, a security blogger frowns on an independent group's efforts to force IE users onto the Firefox bandwagon. Plus, an international fight over identification cards.
- April 27, 2006
Two more security holes surfaced in Internet Explorer Thursday, on top of one announced Tuesday. Attackers could exploit the latest flaws to install malicious ActiveX controls and read sensitive data.
- April 26, 2006
Attackers could launch malicious code and corrupt system memory by exploiting the latest Internet Explorer flaw. Experts suggest avoiding untrusted Web sites.
- April 24, 2006
In other news: Financial firms scramble over massive online heist, Symantec warns of Scan Engine flaws and a new Snort-based tool is unveiled.
- April 14, 2006
The digital underground could exploit the vulnerabilities to bypass security restrictions, tamper with sensitive data or conduct cross-site scripting and phishing attacks.
- April 11, 2006
In his debut column, Microsoft security specialist Christopher Budd talk about the vendor's April software update, including a fix for the createTextRange flaw and changes in IE ActiveX behavior.
- April 11, 2006
The software giant's monthly update fixes several IE flaws, including the createTextRange issue, and addresses vulnerabilities in a range of Windows programs.
- April 06, 2006
In other news, Cisco patches a variety of flaws and attackers could access Windows file through a security hole in HP's printer software.
- April 06, 2006
The createTextRange flaw in IE will be among those fixed, but with exploits in the wild, some debate whether once-a-month patching is right for the times.
- March 30, 2006
With big updates in store for Internet Explorer, outgoing security chief Mike Nash uses Microsoft's security blog to address concerns.
- March 28, 2006
The unofficial work-arounds for the createTextRange flaw suggest the security community doesn't like waiting for Microsoft to address potentially dangerous vulnerabilities.
- March 24, 2006
The software giant offers workarounds for the so-called createTextRange flaw as security experts issue sober warnings about the potential impact.
- March 23, 2006
In other news: IE flaws continue to mount; RealPlayer vulnerabilities are addressed; and a "sophisticated" Trojan targets Microsoft's WMF flaw.
- March 07, 2006
In other news, one hacker gains root access to a Mac while another shows how to compromise Microsoft Fingerprint Reader.
- March 02, 2006
The pile of security updates is Apple's response to not only a critical flaw uncovered last week, but also to the recent scrutiny regarding the security of its flagship OS.
- February 27, 2006
IT pros still believe Mac OS X is more secure than Windows, despite recent challenges, but that isn't likely to help it unseat Windows in the enterprise.
- February 21, 2006
A serious problem with the way Apple's OS processes specially crafted resource forks and HFS metadata comes just days after it became the target of malicious code for the first time.
- February 10, 2006
This week the blogosphere focused on some significant security holes in Internet Explorer, Windows and Sun's Java Runtime Environment.
- February 08, 2006
Attackers could exploit an Internet Explorer flaw to launch malicious code. Meanwhile, a Windows glitch could allow elevated system privileges.
- February 03, 2006
Security researchers in the blogosphere are buzzing about a flaw in IE 7. Should users wait before taking the browser for a spin?
- February 02, 2006
The digital underground could exploit as many as seven flaws to bypass security restrictions, compromise sensitive data and launch cross-site scripting attacks.
- January 31, 2006
Meanwhile: MIT researchers warn of attacks exploiting Skype; man gets two years in prison for selling Microsoft source code; Fortinet and Trend Micro settle a patent dispute.
- December 13, 2005
In addition to the long-awaited browser fix, the software giant also addressed an "important" Windows kernel flaw involving how certain procedure calls are processed.
- December 08, 2005
It remains to be seen whether the software giant on Dec. 13 will address an outstanding Internet Explorer issue that is currently the target of a malicious Trojan.
- December 01, 2005
Microsoft may release a critical Internet Explorer fix before the next Patch Tuesday, amid reports that malicious code is targeting a memory corruption flaw.
- November 22, 2005
Update: The SANS Top 20 vulnerability list for 2005 shows the bad guys attacking flawed apps and paying more attention to network holes.
- November 21, 2005
Update: Security experts warn of proof-of-concept code for a memory corruption flaw in Internet Explorer. One firm recommends disabling Active Scripting, and explains how.
- October 27, 2005
In other news, former HP CEO Carly Fiorina takes a role with Cybertrust; malware exploits avian flu fears; and Zotob's impact is measured.