Vulnerabilities and exploits

Microsoft releases a long list of security bulletins this month on the server and client side, patching a longer list of vulnerabilities in this month’s array of technologies. Only four of the bulletins are rated “critical” this month: Internet Explorer, a variety of built-in Windows components, and Sharepoint and Office Web Services. Thirteen security bulletins

In this article, we discuss how a computer can be infected using the BlackHole exploit kit and the relevant protection mechanisms that can be employed.

We’re currently seeing a spam run which involves a (fake) report from CNN saying that the US have started bombing Syria. Clicking the shortened link will lead to an exploit kit which targets older, vulnerable versions of Adobe Reader and Java. The attackers favor using the Java exploit over the Reader exploit, as Java exploits

We’ve discovered Backdoor.AndroidOS.Obad.a is the first malware being distributed using botnets that were created using completely different mobile malware.

While I was investigating the Trojan.JS.Iframe.aeq case one of the files dropped by the Exploit Kit was an Applet exploiting a vulnerability.

Not many weeks ago Google released a new revision of its flagship mobile operating system, Android 4.3. Although some say that this time updates have been quite scarce, from a security perspective there have been some undeniable improvements (among others, the “MasterKey” vulnerability has been finally patched). One of the most prominent is SELinux. Many

According to KSN data, Kaspersky Lab products detected and neutralized a total of 983 051 408 threats in the second quarter of 2013.

Today, Microsoft released a set of eight security Bulletins (MS13-059 through MS13-066) for a broad variety of vulnerable technologies and exploit categories. The critical vulnerabilities are not known to be exploited publicly at the time of Bulletin release. The more interesting Bulletins this month address RCE and EoP vulnerabilities in Internet Explorer, Windows components, and yet again

Around one year ago I posted about what were the most common web attacks in Spain and how the malware was spread. It is time for an update! We regularly collect data regarding infected web sites based in our detections on KSN. Apart from the general verdicts that I usually find in the top of

A snippet of code on the Central Tibetan Administration website redirects CN speaking visitors to a Java exploit that drops an APT-related backdoor. For some context, the site claims the administration itself as “…the Central Tibetan Administration (CTA) of His Holiness the Dalai Lama, this is the continuation of the government of independent Tibet.” The

Yesterday, Lavabit – a secure e-mail provider – announced that it’s closing down their operations. The official text and the Website looks like this: Lavabit was one of the very few secure e-mail service providers bringing security for its paid customers by encrypting all locally stored e-mail messages with an asymmetric key and AES-256. This means

As the binary is still being analyzed, in this article we will focus only on the delivery part. Even if the exploit is not a zero-day, it’s pretty interesting…

Last weeks have been quite busy with announcements of either master keys or Chinese master keysbeing unveiled, both qualifying as critical vulnerabilities for the Android platform. Although things have finally calmed a bit, we are still waiting for the final act in Las Vegas at Black Hat USA, where Jeff Forristal (the researcher who discovered one of the

While analyzing suspicious URLs I found out that more and more malicious URLs are coming from.lc domain, which formally belongs to Santa Lucia country located in in the eastern Caribbean Sea. Our statistics confirm this trend. Cybercriminals from different places of the world are actively using this domain, including cybercriminals from Brazil abusing free Web

According to surveys conducted in Europe and the United States, company employees spend up to 30% of their working hours on private affairs.