There is currently a lot of buzz about the Backoff point-of-sale Trojan that is designed to steal credit card information from computers that have POS terminals attached. Read Full Article
ZeroLocker won’t come to your rescue
In recent times we’ve been seeing a lot of file-encrypting ransomware activity. Read Full Article
A Post-PC BlackHat?
This year’s BlackHat had a particularly wide range of topics. A more diverse range of topics means that more targets are under attack. Read Full Article
Adobe Updates April 2014
This month’s Adobe Patch Tuesday revolves around Flash. This means the zero-days used by VUPEN to exploit Adobe Reader at CanSecWest last month go unpatched. CVE-2014-0506 and CVE-2014-0507 deal with remote code execution and were both used separately at CanSecWest’s… Read Full Article
Trust. Trust. Trust
Over the past week or so I’ve been to TrustyCon, Jeffrey Carr’s town-hall debate on Privacy v National Security and Georgetown’s conference on International Engagement on Cyber. All these conferences had trust as a major focal point. Trust in the… Read Full Article
Adobe’s First Patch Tuesday of 2014
This month’s Adobe Patch Tuesday release sees fixes for Flash Player, Acrobat and Reader. All vulnerabilities get the highest priority rating. This means future exploits are likely. The Flash Player bulletin was only announced today. CVE-2014-0491 and CVE-2014-0492 both concern remote code… Read Full Article
Adobe Security Updates December 2013
This month Adobe’s realing fixes for both Flash Player and Shockwave. The vulnerabilies for Flash Player affect all platforms and concern two CVEs – CVE-2013-5331 and CVE-2013-5332, which both allow for remote code execution. Eploitation of CVE-2013-5331 using Microsoft Word… Read Full Article
November Adobe Patches
This month’s Adobe Security Update round is a relatively quiet one, in contrast to the Microsoft patch cycle. There are two bulletins, one affecting Flash Player and one affecting ColdFusion. After the discovery of a major breach at Adobe recently some would perhaps… Read Full Article
Fake CNN Emails Claim US Have Started Bombing Syria
We’re currently seeing a spam run which involves a (fake) report from CNN saying that the US have started bombing Syria. Clicking the shortened link will lead to an exploit kit which targets older, vulnerable versions of Adobe Reader and… Read Full Article
NSAccess Control Lists
Last week, I attended the International Conference on Cyber Security at Fordham University in NYC. This event brought together participants from government, the private sector and academia. The closing session was a panel featuring the directors of the CIA, FBI and NSA… Read Full Article