Previous
IE 5.5 exploit evades security feature
News Guninski outlines this vulnerability on his Web site where he also provides a demonstration of the exploit in action. The "IE 5.5 Cross Frame security vulnerability" uses JavaScript, a Web page scripting language, to bypass security features built...
[September 7, 2000, 15:26]
Linux exploit gets around security barrier
News Security training organisation the Sans Institute called the exploit "fascinating". In a blog post on Friday, Sans Institute incident handler Bojan Zdrnja said that the exploit uses the Linux compiler to overcome the security features.
[July 20, 2009, 15:37]
Exploit-selling site will boost security, say founders
News An eBay-like auction site that sells vulnerabilities will improve security by ensuring researchers get a fair price for their work, say the founders. Our intention is that the marketplace facility on WSLabi will enable security researchers to get a...
[July 6, 2007, 13:55]
Debian attacker may have used new exploit
News An as-yet-unknown security exploit in Linux may have been responsible for a recent compromise of Debian.org's servers, according to a system administrator with the Debian operating system project. The compromised servers were all running recent...
[November 28, 2003, 14:05]
Microsoft warns of ActiveX attacks targeting Access
News Microsoft issued a security advisory on Monday warning about targeted attacks that exploit a hole in the ActiveX control for the Snapshot Viewer in the Microsoft Access database-management system. An attacker would have to lure a victim, via a link...
[July 8, 2008, 8:29]
Sans Institute warns of cookie-stealing threat
News A tool to harvest cookies left from secure browser sessions can now be built, following the release of information on the CookieMonster exploit, security training organisation the Sans Institute has warned.
[September 12, 2008, 15:50]
Hackers pick at Firefox holes
News Security researchers claim to have found ways to exploit a serious bug in Firefox and Mozilla Web browsers, a sign that attacks could be on the way. Disclosure of a flaw typically starts a race in the security community to exploit it.
[September 14, 2005, 7:25]
Attackers target unpatched flaw in Excel
News Attackers are attempting to exploit an unpatched security hole in Excel that could allow someone to take control of a compromised computer, Microsoft said in a security advisory on Tuesday. Symantec has discovered malicious files in the wild in...
[February 25, 2009, 7:37]
Microsoft and Mozilla admit 'minor' security flaw
News Microsoft and Mozilla have acknowledged that a security hole in their Web browsers could let an intruder nab files, but say it is tough to exploit and so not that high a risk. Microsoft noted that it has not seen any malicious code that attempts to...
[June 9, 2006, 10:45]
eEye releases IE patch
News eEye Digital Security released a temporary fix on Monday for Internet Explorer to combat attacks that exploit a recently disclosed security hole in the browser. Since the flaw was disclosed publicly last week, more than 200 Web sites have been...
[March 28, 2006, 12:40]
Security researcher faces jail for finding bugs
News A French security researcher who published exploit codes that could take advantage of bugs in an antivirus application could be imprisoned for violation of copyright laws. However, K-OTik, which regularly publishes exploit codes, claims that the...
[January 11, 2005, 11:45]
'Blaster-type event' forecast for summer
News Program files designed to exploit two major vulnerabilities in Microsoft software are being used to attack computers, but security experts worry that worse -- such as an MSBlast-type worm -- could be ahead.
[April 29, 2004, 8:30]
Exclusive: Major security flaw hits Microsoft
News David Litchfield a Windows NT specialist with British firm Cerberus Information Security, says the latest exploit against a Microsoft product allows a malicious hacker to gain unauthorised access to sensitive files, including cached or stored...
[January 27, 2000, 16:03]
Hacker cracks Apple downloads
News The exploit takes advantage of Apple's software updating mechanism in OS X, called SoftwareUpdate, which checks weekly for new updates from Apple. According to hacker Russell Harding, who claims to have discovered the exploit, the Mac OS X...
[July 8, 2002, 16:27]
Microsoft server exploit goes public
News Monday's public release of the program's source code -- known in security parlance as an exploit -- will allow less technically knowledgeable system administrators to test for the existence of the vulnerability or allow less skillful miscreants to...
[March 25, 2003, 7:49]
Exploit turns iPhone into a spy tool
News Using a specially crafted web page utilising an iPhone exploit (now patched) he gained root level shell access to the phone — which means he could do anything that the iPhone is capable of from his laptop," explained Jarno Niemelä, security...
[November 22, 2007, 8:22]
Internet Explorer hit by zero-day exploit
News Internet Explorer 7 users have been exposed to a zero-day exploit that may have been accidentally let loose by Chinese security researchers. Rick Howard, director of intelligence at iDefense Security Intelligence Services said the exploit was...
[December 11, 2008, 7:57]
Firms urged to use unauthorised Windows patch
News Corporations were advised by security experts on Tuesday to use an unofficial patch to combat the latest Microsoft Windows Metafile (WMF) exploit. Security experts say the WMF exploit is potentially very dangerous as conventional antivirus software...
[January 3, 2006, 16:10]
IE flaw danger increases as exploit code released
News The threat posed by a critical flaw in Internet Explorer has been ratcheted up by the release of a program designed to exploit the vulnerability, security researchers warned on Thursday. This advisory has been rated 'extremely critical', as a...
[November 5, 2004, 7:23]
Microsoft admits IE security alert lapse
News Microsoft has admitted that it knew about a security hole in Internet Explorer (IE) a full week before it accused a security firm of acting irresponsibly for publicly disclosing details of the exploit.
[November 19, 2001, 14:55]
