Microsoft disclosed four security bulletins describing a total of six vulnerabilities and released product updates to address these vulnerabilities. January Patch Tuesday repairs a privilege escalation bug in the ND Proxy Driver that manages Microsoft’s Telephony API. Microsoft had released a mitigation that would have rendered the API unusable. The Continue Reading

Malicious ads served through Yahoo’s ad network delivered malware to thousands of site visitors, according to researchers at Fox-IT, but Yahoo subsequently blocked the attack. Fox-IT’s post said that visitors who saw the ads in their browsers were redirected to a “Magnitude” exploit kit. “This exploit kit exploits vulnerabilities in Continue Reading

Security researcher Jitendra Jaiswal has identified a couple of interesting vulnerabilities in Facebook and Google. Both of them have been addressed. The security hole that plagued Facebook was an open URL redirect issue that allowed an attacker to redirect victims to any website without any restriction and without interaction on Continue Reading

Microsoft’s handy automated Windows error report feature “Dr. Watson” mostly transmits crash log data in the clear, leaving organizations that use the function vulnerable to targeted attacks, researchers say. Websense Security Labs found in a study of risks posed by some popular applications and services that Microsoft Windows Error Reporting, Continue Reading

Skype said its social media properties were targeted, with a group styling itself as the Syrian Electronic Army appearing to claim credit for the hacks. “You may have noticed our social media properties were targeted today,” Skype said in a Twitter message late Wednesday. “No user info was compromised. We’re Continue Reading