Man... more.. now? But... but...it's Friday! Take the day off! 

Dancho Danchev reports an incident in which a friend pinged him at an odd hour on Skype "with a message pointing to what appeared to be a photo site with the message 'hahahahaha foto' and a link to hxxp://random_subdomain.photalbum.org." Yup, malware. 

Read the rest. 

I was just prompted for the update, and you will need to reboot. 

Version 7.7.2 of QuickTime for Windows has been released to address a total of 17 security vulnerabilities in the media player. According to Apple, these include integer, stack and buffer overflows, as well as memory corruption issues, all of which could be could exploited by an attacker to crash the application or execute arbitrary code on a victim's system. For an attack to be successful, a user must first open a malicious web site or a specially crafted file.

The company notes that, on Mac OS X, many of the holes have already been fixed in Mac OS X 10.7.3 and 10.7.4 Lion, and Security Updates 2012-001 and 2012-002 for Mac OS X 10.6.8 Snow Leopard systems. A majority of these vulnerabilities were discovered by members of TippingPoint's Zero Day Initiative (ZDI). 

Read the rest of the article.

Well, that... blows.

Adobe Flash Player users beware: A website that promises visitors a free copy of the download for all versions of Android is reportedly planting malware on smartphones running Google's mobile operating system.  

The infected web page used to distribute the malware was discovered in a number of Russian domains, wrote Karla Agregado, a fraud analyst with Trend Micro, in a recent company blog. A similar tactic emerged last month to infect Android phones with bogus copies of Angry Birds and Instagram.

Read the rest of the article.

Earlier this week, Adobe shipped critical updates to fix code execution vulnerabilities in the Photoshop and Illustrator software products but users looking for security protection will have to pay for these updates. The upgrade cost is $99 for Adobe Flash Professional, $199 for Adobe Photoshop CS5.5, and $249 for Adobe Illustrator CS5.5. The update for Adobe Shockwave Player is free.

The company acknowledged the vulnerabilities can be exploited to take complete control of affected machines but the fixes are are listed as a “paid upgrade,” prompting criticisms that Adobe is forcing users to buy a product upgrade to get protection from cyber-criminals.

Read the details HERE!

Face it, software isn't perfect. It's bad enough that bugs in the code occasionally make a program crash just when you were about to defeat the final boss and finish the level. What's worse is that hordes of cyber criminals are constantly seeking flaws in operating systems and other software, vulnerabilities that will let them steal your passwords, install malware, and otherwise give you grief. The bad guys find a hole, the good guys release a patch, and you, the user, had darn well better install that patch.

Operating Systems
If you're using Windows, you absolutely must turn on Automatic Updates to get all the important security patches. It's worthwhile to occasionally visit http://windowsupdate.microsoft.com and see what non-critical updates are available. "But I heard that a bad update damaged some PCs," you say? That was years ago. Let it go, move on, and turn on Automatic Updates. Turning on Automatic Updates protects all your Microsoft software, including Office.

Read the full story HERE!

Adobe released an emergency update today to fix a critical vulnerability in Adobe Flash Player for Windows, which has come under attack. The vulnerability could allow hackers to crash or take control of an affected machine.

Read the rest... then download the patch.