Vulnerabilities and exploits

Microsoft’s 2013 Treehouse of Horror Bulletins include a long list of fixes for memory corruption vulnerabilities effecting mostly previous versions of the software, and not the latest versions. Of immediate interest to most Windows users are the critical vulnerabilities being patched in Internet Explorer, multiple Windows drivers, and the .Net Framework which even effects the

Learn about the new Internet Explorer vulnerability – CVE-2013-3893, affecting IE versions 6 through 11 for platforms from Windows XP through Windows 8.1.

As a security analyst we often get asked the question: “What threats and vulnerabilities do you expect us to see in the future?” This is a very interesting question but also an indication that the way we think about and discuss IT-security is fundamentally wrong. Do we really need to invest time and resources to focus on

Microsoft releases a long list of security bulletins this month on the server and client side, patching a longer list of vulnerabilities in this month’s array of technologies. Only four of the bulletins are rated “critical” this month: Internet Explorer, a variety of built-in Windows components, and Sharepoint and Office Web Services. Thirteen security bulletins

In this article, we discuss how a computer can be infected using the BlackHole exploit kit and the relevant protection mechanisms that can be employed.

We’re currently seeing a spam run which involves a (fake) report from CNN saying that the US have started bombing Syria. Clicking the shortened link will lead to an exploit kit which targets older, vulnerable versions of Adobe Reader and Java. The attackers favor using the Java exploit over the Reader exploit, as Java exploits

We’ve discovered Backdoor.AndroidOS.Obad.a is the first malware being distributed using botnets that were created using completely different mobile malware.

While I was investigating the Trojan.JS.Iframe.aeq case one of the files dropped by the Exploit Kit was an Applet exploiting a vulnerability.

Not many weeks ago Google released a new revision of its flagship mobile operating system, Android 4.3. Although some say that this time updates have been quite scarce, from a security perspective there have been some undeniable improvements (among others, the “MasterKey” vulnerability has been finally patched). One of the most prominent is SELinux. Many

According to KSN data, Kaspersky Lab products detected and neutralized a total of 983 051 408 threats in the second quarter of 2013.

Today, Microsoft released a set of eight security Bulletins (MS13-059 through MS13-066) for a broad variety of vulnerable technologies and exploit categories. The critical vulnerabilities are not known to be exploited publicly at the time of Bulletin release. The more interesting Bulletins this month address RCE and EoP vulnerabilities in Internet Explorer, Windows components, and yet again

Around one year ago I posted about what were the most common web attacks in Spain and how the malware was spread. It is time for an update! We regularly collect data regarding infected web sites based in our detections on KSN. Apart from the general verdicts that I usually find in the top of

A snippet of code on the Central Tibetan Administration website redirects CN speaking visitors to a Java exploit that drops an APT-related backdoor. For some context, the site claims the administration itself as “…the Central Tibetan Administration (CTA) of His Holiness the Dalai Lama, this is the continuation of the government of independent Tibet.” The

Yesterday, Lavabit – a secure e-mail provider – announced that it’s closing down their operations. The official text and the Website looks like this: Lavabit was one of the very few secure e-mail service providers bringing security for its paid customers by encrypting all locally stored e-mail messages with an asymmetric key and AES-256. This means

As the binary is still being analyzed, in this article we will focus only on the delivery part. Even if the exploit is not a zero-day, it’s pretty interesting…