Denial of Service attacks against secure web sites
http://www.norman.com/security_center/security_center_archive/2011/dos_attacks_against_secure_web_sites/en-us

Worm wriggles through year-old flaw, builds zombie-net. More a business failure than a software security failure’
http://www.theregister.co.uk/2011/10/26/jboss_worm/

Tsunami Trojan: First Mac attack based on Linux crack. Slips in Mac OS X backdoor, phones home
http://www.theregister.co.uk/2011/10/26/tsunami_mac_backdoor/

Facebook sees 600,000 compromised logins per day
http://arstechnica.com/gadgets/news/2011/10/facebook-sees-600000-compromised-logins-per-day006-of-all-logins.ars

Duqu exploits previously unknown vulnerability in Windows kernel
http://www.h-online.com/security/news/item/Duqu-exploits-previously-unknown-vulnerability-in-Windows-kernel-1370369.html

I still wonder if ā€œcompromisedā€ means actual hacked accounts or simply attempts to access an account using
an incorrect password ??? (Something all of us have probably done on occasion.)

Microsoft releases Security Advisory 2639658
http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx
https://technet.microsoft.com/en-us/security/advisory/2639658

So the fix involves something that might break other things. I’ll wait for the actual patch and depend on Avast in the meantime.

Whilst I too will wait for the actual security update, when you download the hotfix/fixit there is normally an associated one to reverse the fix. If I were to use the fixit I would download the reversal function also.

Microsoft is currently still working on a security update. However, the company said that the update will not be ready in time for its upcoming monthly patch day, known as Patch Tuesday, next week.

As Dave said, you can Enable/Disable the fix: http://support.microsoft.com/kb/2639658

Revoking Trust in DigiCert Sdn. Bhd Intermediate Certificate Authority
https://blog.mozilla.com/security/2011/11/03/revoking-trust-in-digicert-sdn-bhd-intermediate-certificate-authority/
http://blogs.technet.com/b/msrc/archive/2011/11/03/untrusted-certificate-store-to-be-updated.aspx
http://www.entrust.net/advisories/malaysia.htm

Microsoft Security Bulletin Advance Notification for November 2011
http://technet.microsoft.com/en-us/security/bulletin/ms11-nov

Major DNS Cache Poisoning Attack Hits Brazilian ISPs

here is a large-scale DNS cache-poisoning attack going on in Brazil at the moment, with potentially millions of users affected by a tactic that is forcing the to install a malicious Java applet before they can reach many popular sites, including Google, Gmail and Hotmail.

More

Nice…!!! :slight_smile:
http://www.avast.com/zero-day-exploit-reports

Security update available for Adobe Shockwave Player
http://www.adobe.com/support/security/bulletins/apsb11-27.html

Thanks, I didn’t even know I had it installed. It must have come with the computer. I just updated it but I’m not sure I even need it.

NP. And if you don’t need it, just drop it. :wink:

Are Adobe Shockwave Player and Adobe Flash Player now rolled into one application/plug-in called Adobe Shockwave Player ?

AFAIK, Flash Player and Shockwave Player are still 2 different things. I certainly have them both as separated tools, with different versions. Both are from Adobe.

Yes thought so, but the plugin for adobe flash player in firefox is reported as Shockwave Flash (and I though I had avoided adobe shockwave player.

At Adobe homepage, see attachment.