Remote Code Execution
Twitter Worm
Sunday, April 12th, 2009F-Secure has information regarding a cross-site scripting worm spreading in Twitter profiles for several hours last night. Twitter users started reporting that their profile had sent Twitter messages without their knowledge. Messages looked like this:
Â
Many users thought the ‘tweets’ were legitimate communications from trusted friends and clicked on the link to ’stalk daily’. That caused [...]
Hospital ignores Sysadmins, disables Windows Update, pays the Price
Wednesday, January 21st, 2009Computer malware Conficker otherwise known as DownadUp is creating havoc across the Internet, but especially at Sheffield Teaching Hospitals. The malware exploits the MS08-067 vulnerability patched by Microsoft last October. MS08-067 fixes vulnerability in the Server service that could allow remote code execution via a specially crafted RPC request. This vulnerability is particularly nasty because [...]