SECURITY WARNINGS & Notices - Please post them here

[YoKenny]

Internet Explorer security flaw that allows hackers to take control of computers
http://www.dailymail.co.uk/sciencetech/article-1341402/Microsoft-warns-Internet-Explorer-bug.html

Key comment

'We're currently unaware of any attacks trying to use the claimed vulnerability or of customer impact.'

Fear mongers are rampant :'(

[DavidR]

Hardly fear mongering, is the flay possible/feasible, etc. it doesn't matter if they are unaware of any attacks. Being unaware is hardly a glowing testimony that it isn't a problem. If/and when it does come to their knowledge it will be a bit late in the day.

You can hardly call it fear mongering when it is Microsoft doing the fear mongering as you call it.

Microsoft have warned about a flaw on the Internet Explorer browser, that could allow hackers to take control of unprotected computers.

[swarnava]

Privacy Alert: 10 Biggest Threats of 2010

http://www.pcworld.com/businesscenter/article/212631/privacy_alert_10_biggest_threats_of_2010.html?CID

[Asyn]

Critical update for WordPress
http://wordpress.org/news/2010/12/3-0-4-update/

[Asyn]

Hole in VLC Media Player
http://www.videolan.org/security/sa1007.html

[CharleyO]

***

The State Of IT Security In 2011

"Here are 10 key security trends that we see in the upcoming 2011."

http://www.crn.com/slide-shows/security/228800318/it-security-predictions-for-2011.htm


***

[Asyn]

Targeted attacks against recently addressed Microsoft Office vulnerability
http://blogs.technet.com/b/mmpc/archive/2010/12/29/targeted-attacks-against-recently-addressed-microsoft-office-vulnerability-cve-2010-3333-ms10-087.aspx

[malcontent]

http://krebsonsecurity.com/2011/01/white-house-ecard-dupes-dot-gov-geeks/

A malware-laced e-mail that spoofed seasons greetings from The White House siphoned gigabytes of sensitive documents from dozens of victims over the holidays, including a number of government employees and contractors who work on cybersecurity matters.

The attack appears to be the latest salvo from ZeuS malware gangs whose activities over the past year have blurred the boundaries between online financial crime and espionage, by stealing both financial data and documents from victim machines.

[Asyn]

Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/2490606.mspx

[YoKenny]

Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/2490606.mspx

Key comments

We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time.
Non-Affected Software
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems

[mkis]

http://www.csoonline.com/article/650614/is-storm-waldec-botnet-part-of-new-year-spam-campaign-

Is Storm/Waldec botnet part of New Year spam campaign?
Researchers with Shadowserver Foundation think they are seeing some new tricks from an old botnet. And it could mean a comeback in 2011

[mkis]

http://nakedsecurity.sophos.com/2011/01/04/fake-microsoft-update-spreads-worm/

Fake Microsoft security update spreads Autorun worm

In the current example, they've spammed out an email containing a worm, which even quotes the real name of a senior member of Microsoft's security team - Steve Lipner - to try to fool you into believing it is genuine.

[Asyn]

Floating point DoS attack
http://www.h-online.com/security/news/item/Floating-point-DoS-attack-1163838.html

[yongsua]

PandaLabs Annual Report 2010http://press.pandasecurity.com/wp-content/uploads/2010/05/PandaLabs-Annual-Report-2010.pdf

[Hermite15]

lol it didn't take long:
Researcher breaks security sandbox in Adobe Flash
http://www.theregister.co.uk/2011/01/07/adobe_flash_bypass/

edit: BUT:

An attacker would first need to gain access to the user's system to place a malicious SWF file in a directory on the local machine before being able to trick the user into launching an application that can run the SWF file natively. In the majority of use scenarios, the malicious SWF file could not simply be launched by double-clicking on it; the user would have to manually open the file from within the application itself.
The company's security team has rated the bug “moderate.

... so no need to worry really.