Hot on HuffPost Tech:

See More Stories
Free Switched iPhone app - try it now!
AOL Tech

Tag: EXPLOIT

Gargantuan SQL injection infects 3.8 million URLs, installs rogue antivirus

Over the last few days, a mass SQL injection attack has been quickly gathering speed. Just three days ago only 28,000 URLs were affected, but at the time of writing, there could be up to 3.8 million infected URLs. Websense has a complete write up the attack, dubbed 'LizaMoon,' but here's the basic gist: it looks like someone is exploiting a vulnerabilty (or vulnerabilities) in hundreds of...

Adobe patches latest Flash and Reader vulnerabilities

Just recently, new critical vulnerabilities were reported in Adobe Flash Player and Adobe Reader. While Google and Adobe managed to deliver an update to secure Chrome users, it took a few more days to put together the necessary bits for the general Flash and Reader using public. Fortunately, the work is now complete, and Adobe has posted updated downloads for both products. You should be...

Flash and Reader zero-day vulnerability going unfixed for a week

Don't get us wrong -- Adobe has gotten better about responding to security risks over the past year or so -- but news of a new, critical Flash zero-day exploit going unfixed for a week has us hearing the sad trombone noise all over again. The flaw lies in both the Flash Player and authplay.dll, which ships with Windows versions of Reader. Flash is affected on all operating systems, however. ...

Microsoft Security Essentials vulnerability reminds that security risks are everywhere

Microsoft recently delivered a patch for its malware and antivirus tools, including Security Essentials, Windows Defender, MSRT, and Forefront -- its enterprise antivirus solution. The patch addresses a flaw in Microsoft's scanning engine which could allow an attacker who had a valid username and password to gain elevated rights on a system. As is often the case with these flaws, the fact that...

All Internet Explorer versions affected by newly-discovered critical flaw

Microsoft has posted a new security bulletin which describes a critical flaw in Internet Explorer which -- wait for it -- could allow a remote attacker to execute arbitrary commands on a compromised computer. The flaw affects all supported versions of IE and occurs because of "the creation of uninitialized memory during a CSS function within Internet Explorer." Vista and Windows 7 users are at...

Critical vulnerability exploited in Internet Explorer 6, 7 and 8 -- but IE9 beta is safe!

A new vulnerability has been found in all major releases of Internet Explorer -- 6, 7 and 8 -- and a zero-day exploit is already in the wild. The exploit, HTML_BADEY.A, uses the vulnerability to remotely execute code. By visiting a compromised website, encrypted files are downloaded to your computer and then decrypted to become a Trojan backdoor. Little is known about what happens after that --...

iPhone bug lets anyone easily bypass the lock screen to look at your photos

Bad news: if you own an iPhone 4, be careful -- bypassing your lock screen is simply a matter of hitting "emergency call," dialling "###," presssing the call button, then immediately pressing the lock button. Voilá -- one cracked iPhone. After the break, there's a video of some Spanish Portuguese-speaking guy showing you how to carry out the exploit. This bug, which will surely cause a...

Kaspersky has its own security breached yet again

It hasn't been smooth sailing for security vendor Kaspersky Labs over the last few years. Back in 2008, the company's Malaysian website was defaced by a Turkish hacker via an SQL injection. In 2009, their U.S. support site was compromised -- again by the use of an SQL injection. Following the second breach, Kaspersky's Roel Schouwenberg lamented, "This is not good for any company, and...

Greenpois0n iOS 4.1 jailbreak released, but only for Windows

Yesterday brought us limeral1n, and today we have greenpois0n from the Chronic Dev Team! You can now jailbreak your iPhone 4 and 3GS, iPod touch (3rd and 4th generations), and the iPad. A future release will let you jailbreak your 2nd generation iPod touch and Apple TV! This is a delayed release that's wrapped in controversy: Geohot, the creator of limeral1n, has apparently been a very naughty...

New Safari autocomplete bug exposes your personal info

We've covered security holes in Safari's AutoFill function before, but now there's a new one on the loose -- and Apple has thus far left it unpatched. AutoFill is the feature that quickly fills out forms for you using information you've previously entered. It can store everything from your name and address to your credit card and Social Security numbers. Now, one security expert has figured out...

Twitter aware of onMouseOver hack for months, claims 17-year-old who exposed it

A 17-year-old schoolboy from Australia has taken the blame for the onMouseOver JavaScript Twitter exploit that caused havoc for a few hours on Wednesday. Disclaiming innocence, Pearce Delphin -- who has the coolest name in the world -- says that he only discovered the vulnerability. "I did it merely to see if it could be done ... that JavaScript really could be executed within a tweet," he...

64-bit Linux kernel exploit in the wild, allows local user root escalation

If you're running a 64-bit Linux kernel, update it now. There's a new local root exploit, and it seems like Ksplice has yet again managed to get their advertisement fix onto the front page of Slashdot. Normally such an arcane bug wouldn't be an issue, but the example exploit leaves an open backdoor even after the bug has been patched -- lovely. It's an escalation exploit, so a user still...

Twitter onMouseOver flaw poses huge risk to users, is being actively exploited

Sophos Labs' Graham Cluely posted this morning about a nasty little Twitter security flaw that is being actively exploited. Twitter apparently doesn't block onMouseOver JavaScript code, which (you guessed it!) kicks in when your mouse pointer passes over a specially crafted link. What happens next is up to the creator. It could be something harmless like the alert box you see above, or it...

Apple patches old QuickTime vulnerabilities with QuickTime 7.6.8 for Windows

A few weeks ago, we told you about an exploit in the Windows version of Apple's QuickTime, based on a line of code from 2001. QuickTime 7.6.8, released Wednesday, finally fixes that vulnerability. The bug allowed the takeover of Windows XP, Vista and Windows 7 machines with Internet Explorer installed. The news isn't so much that Apple fixed the problem, but that they took longer to do so than...

New Adobe zero-day hole already exploited, Trojan virus in the wild

Is it just me, or are Adobe Acrobat and Reader about as secure as the contents of President Skroob's suitcase? Remember that new zero-day exploit which they announced yesterday? Well, if yesterday was day zero it's now day one, and that exploit is being targeted by the bad guys. Trend Micro reports that a trojan is spreading which drops a downloader -- which then drops another downloader. From...