McAfee has reported about new Windows Mobile PocketPC Trojan that disables phone security. The Trojan has been discovered in China and installs via a memory card, can’t be uninstalled and create special home page in your phone browser. WinCE/InfoJack, how McAfee named this Trojan, sends the infected device’s serial number, operating system and other info to the author. Also leaves the infected mobile device vulnerable allowing silent installation of malware. The Trojan modifies the infected device’s security settings and allow unsigned applications to be installed without a warning messages. Users are advised to be aware about this Trojan and be careful when installing software or transfer data from memory cards.

Facebook and Myspace users are reminded to be cautious when using plugins for their services. As Symantec reports Image Uploader is still vulnerable to ActiveX control hacks, especially in 4.5.57.1 version where hackers can exploit it with a multi-attack kit. If you are using Aurigma Image Uploader to upload photos to your profiles be aware about possible threats and problems you might encounter. Even that those bugs were patched couple months ago hackers again found the way to hijack the software and damage the users.

Core Security Technologies reported today that it has discovered a vulnerability in VMware’s desktop virtualization software. This flaw can allow attackers to gain complete control of a system and launch potently dangerous executable files. With this flaw malicious user–or an application–running on VMware’s desktop software can break out of its isolated environment and gain access to the system. VMware is reported about this vulnerability and said that it works on fixing these issues soon. For now, it is recommended that users disable shared folders for all virtual machines that use the feature.

The hacking group Cult of the Dead Cow (CDC) released a tool that uses Google and transforms it into automated vulnerability scanner and scanning for all sensitive information, like passwords on websites. News tool is called Goolag Scan and as guys from CDC says can be used as a wake-up call for system administrators to run the tool on their own sites before attackers get around to it.

Opera Software has released patches for Opera browser fixing the three bugs we mentioned couple days ago. The new Opera 9.26 available at opera.com patches highly severe vulnerability could be used by attackers to dupe the browser into treating image-file comments as script.

One of most interesting features in new Firefox 3, which is in Beta 3 phase is anti-malware tool that blocks users from reaching the potentially malicious websites. The malware protection feature in Firefox 3.0 Beta 3 relies on a blacklist provided by Google to stymie access to potentially dangerous websites. In last couple days two new websites were blocked, DownThemAll.net and JoeHewitt.com. Both sites were barred by Firefox because Google claimed hey either pushed malware or included links that did that, so malware protection feature in Firefox 3.0 Beta 3 simply added those websites on its blacklist.

New flaw in the Firefox and Opera browsers has been discovered and concern how browsers handle bitmap image files that can allow attackers to see what websites users have visited. This new flaw has been spotted by researcher Gynvael Coldwind of Vexillium who also posted a video that illustrates the problem. Hackers can get user data using the “canvas” HTML tag and then with JavaScript, the information can be sent to a remote server. This flaw also crashes Firefox. So far researchers report that this flaw affects Firefox 2.0.0.11 and previous as well as Opera 9.50 beta.

One of patches Microsoft issued last Tuesday was exploit code for Microsoft Works. Hacker called chujwamwdupe reported that vulnerability exists in WPS to RTF convert filter that is part of Microsoft Office 2003. It could be exploited by remote attacker to take complete control of an affected system. So, if you are running Microsoft Works it is recommended to patch your system immediately.

It is Valentine’s Day and Storm gang hits again. As you can suspect there is a flood of infected emails with Valentine’s Day theme and subject lines such as “Love Rose”, “Rockin’ Valentine”, and “Just You”. If you follow the provided link you will be redirected to website that will try to download and install valentine.exe malicious file. Worm is detected as Email-Worm:W32/Zhelatin.TQ and it is recommend that Internet users should keep virus definitions up to date along with patched computer and cautious about opening suspicious emails.

This Monday Apple released 10 patched for Mac OS X 10.5. All patches addresses eight vulnerabilities in Leopard and two Tiger flaws that were described in Month of Apple Bugs web site almost a year ago. One of issues was flaw in arbitrary code execution that seemed to have vindicated MOAB hackers.