Vulnerabilities and exploits

A short while ago, we came across a set of similar SWF exploits and were unable to determine which vulnerability they exploited. We reported this to Adobe and it turned out that these ITW exploits targeted a 0-day vulnerability. Today, Adobe released a patch for the vulnerability. This post provides a technical analysis of the exploits and

Early this year, we received a malicious Java application for analysis, which turned out to be a multi-platform bot capable of running on Windows, Mac OS and Linux. The bot was written entirely in Java. The attackers used vulnerability CVE-2013-2465 to infect users with the malware. Initializing and decrypting strings To make analyzing and detecting

This month’s Adobe Patch Tuesday release sees fixes for Flash Player, Acrobat and Reader. All vulnerabilities get the highest priority rating.

This will take place on April 8, 2014 and Microsoft has already announced this publicly.  This would not be a problem if all Windows users would have already migrated to more recent versions of Windows or do so by the mentioned date. However, according to our statistics based on the KSN technology during the last 30 days,

With the Xbox One having landed in many countries, it’s time to have a closer look at the new console generation. The Xbox One is equipped with two virtualized operating systems, both running on a hypervisor: the core system for gaming and a slimmed down version of Windows 8 for the app landscape. It is

In our search for various types of malicious code for Mac we recently came across a rather interesting peculiarity in Safari. It turns out that Safari for Mac OS, like many other contemporary browsers, can restore the previous browsing session. In other words, all the sites that were open in the previous session – even

In 2014 we expect significant growth in the number of threats related to economic and domestic cyber-espionage, with cyber-mercenaries/cyber-detectives playing an active role in such attacks. The full report is available here

In 2014 we expect significant growth in the number of threats related to economic and domestic cyber-espionage.

The vulnerabilities for Flash Player affect all platforms and concern two CVEs – CVE-2013-5331 and CVE-2013-5332, which both allow for remote code execution.

Eight Microsoft Security Bulletins are being pushed out this month, MS13-096 through MS13-106.

In 2013 security issues around mobiles have reached new heights and attained a new level of maturity in terms of both quality and quantity.

Companies are increasingly falling victim to cyber-attacks. According to a recent survey conducted by Kaspersky Lab and B2B International, 9% of the organizations polled were the victims of targeted attacks – carefully planned activity aimed at infecting the network infrastructure of specific organization. The extensive use of digital devices in business has created ideal conditions

Attacchi di phishing nei confronti dei clienti di Poste Italiane PDF Version The number of serious cyber-attacks detected over the last two years has increased so much that new attacks rarely cause much surprise. It’s now commonplace for antivirus companies to issue a report about the discovery of another botnet or highly sophisticated malware campaign

Once again, it’s time for us to deliver our customary retrospective of the key events that have defined the threat landscape in 2013. Let’s start by looking back at the things we thought would shape the year ahead, based on the trends we observed in the previous year. The full report is available here.

In China, start page Trojans have become a popular type of malware because by changing users’ browser start pages to point to some navigation site, the owner of the site can get a large amount of web traffic which can then be converted into large sums of money. In order to spread such Trojans as