Microsoft Security Updates November 2015

Microsoft posted four critical bulletins today, along with another eight rated Important and lesser. Microsoft’s summary is at the Technet site. All in all, the software maker is patching a large number of vulnerabilities this month, with 37 CVE listed vulnerabilities being fixed with the four critical Bulletins alone. Read Full Article

The Power of V&V

A secure system – especially a system that is used to provide security – has to be trusted. But what underpins that trust? What proof do we have that the main components of our trusted system are implemented properly and won’t fail at a critical moment? Read Full Article

On the trail of Stagefright 2

In early October, it was announced that a critical vulnerability had been found in the libutils library. Although exploits for newly discovered vulnerabilities take a while to appear ‘in the wild’, we believe we should be prepared to detect them even if there have been no reports, as yet, of any such exploits being found. Because of this, we decided to do the research and generate a PoC file on our own. Read Full Article

Stealing to the sound of music

The malicious VK Music app not only lets you listen to music but also steals the login details of those using the popular Russian social networking site VKontakte. According to our estimates, the attackers may have stolen the accounts of hundreds of thousands of users. Read Full Article