SECUNIA ADVISORY ID: SA35014

VERIFY ADVISORY: http://secunia.com/advisories/35014/

CRITICAL: Highly Critical

DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, which can potentially be exploited by malicious people to compromise a user's system. Integer overflow errors in the Skia 2D graphics component can be exploited to corrupt memory and potentially execute arbitrary code when a user visits a malicious web site. The vulnerabilities are reported in versions prior to 1.0.154.64. NOTE: An error when validating input from a renderer process has also been reported.

SOLUTION: Update to version 1.0.154.64.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html

SECUNIA ADVISORY ID: SA34525

VERIFY ADVISORY: http://secunia.com/advisories/34525/

CRITICAL: Highly Critical

DESCRIPTION: Secunia Research has discovered a vulnerability in IrfanView's Formats plug-in, which can be exploited by malicious people to compromise a user's system. The vulnerability is confirmed in version 4.22. Other versions may also be affected.
 Read More...

From Dennis Johnson (WHT):

It's been pretty hectic around here, but I wanted to make sure as many members as possible know what's going on. At approximately 8:30 pm EST on Saturday, March 21 The malicious attacker deleted all backups from the backup servers within the infrastructure before deleting tables from our db server. We were alerted of the db exploitation and quickly shut down the site to prevent further damage.

We've tried to answer any questions or concerns in the following thread posted at http://www.webhostingtalk.com/showthread.php?t=729727. Be sure to subscribe if you want to stay informed.

WHT Data - Q&A Information
========================
What do we know about the damage done?

This attack was very deliberate, sophisticated and calculated. The attacker was able to circumvent our security measures and access via an arcane backdoor protected by additional firewall. We are still investigating the situation, but we know the attacker infiltrated and deleted the backups first and then deleted three databases: user/post/thread. We have no record or evidence that private message data was accessed. Absolutely no credit card or PayPal data was exposed.

Read the entire story

nb1 writes:  

Windows has, for many years, come with a special mode you can load at boot called Safe Mode. The idea is that non-essential services and software don't load in safe mode and so it can be useful in diagnosing system problems.

You might assume that it can be useful in fixing malware infections and you'd be right, but not in all cases. As McAfee's Avert Labs points out in a blog entry, it's possible for malware to set itself up to load even in Safe Mode.

Full Article

HorrorCode writes:  

SECUNIA ADVISORY ID: SA34256

VERIFY ADVISORY: http://secunia.com/advisories/34256/

DESCRIPTION: Two vulnerabilities have been reported in ModSecurity, which can be exploited by malicious people to cause a DoS (Denial of Service). Successful exploitation requires that PDF XSS protection is enabled (disabled by default).

 Read More...

nb1 writes:  

Trend Micro is reporting, and Twitter confirms, that Twitter users are once again under attack by people who need to upgrade their ethics. Targets receive a tweet from someone claiming to be female, 23, and in possession of a webcam. Click the link and you end up on an "adult" site that both attempts to phish your credit-card info and slathers your computer with ads for the same stuff.

twitter says it has changed the passwords and removed the spam from the 750-odd accounts, none of which were believed to actually be kept by anyone female, 23, and in possession of a webcam. Trend Micro notes tartly that though it's not clear how how the attack was undertaken, "with Twitterers' willingness to enter their Twitter username and password into any number of third-party websites offering Twitter-related services, the opportunities for cybercrime are many."