Vulnerabilities and exploits

We’ve recently experienced yet another case of a root certificate authority (CA from now on) losing control of its own certificates. And yet again, we have been waiting for either the CA or the browser to do something about it. This whole mess stems, once again, from both a governance and a technical problem. First,

Today’s February Microsoft Security Bulletin release patches a long list of vulnerabilities. However, only a subset of these vulnerabilities are critical. Four of them effect client side software and one effect server side – Internet Explorer, DirectShow media processing components (using web browsers or Office software as a vector of delivery), OLE automation components (APT

Adobe Flash Player CVE-2013-0633 is a critical vulnerability that was discovered and reported to Adobe by Kaspersky Lab researchers Sergey Golovanov and Alexander Polyakov. The exploits for CVE-2013-0633 have been observed while monitoring the so-called -legal- surveillance malware created by the Italian company HackingTeam. In this blog, we will describe some of the attacks and the usage of this 0-day to deploy malware from -HackingTeam- marketed as Remote Control System.

This report is based on information about vulnerable programs found on the computers of our customers. The purpose of this research is to understand how users react to vulnerable programs and analyze the potential dangers of vulnerable software.

Earlier this week, we published our report on “Red October”, a high-level cyber-espionage campaign that during the past five years has successfully infiltrated computer networks at diplomatic, governmental and scientific research organizations. In part one, we covered the most important parts of the campaign: the anatomy of the attack, a timeline of the attacker’s operation,

Since the publication of our report, our colleagues from Seculert have discovered and posted a blog about the usage of another delivery vector in the Red October attacks (http://blog.seculert.com/2013/01/operation-red-october-java-angle.html).
In addition to Office documents (CVE-2009-3129, CVE-2010-3333, CVE-2012-0158), it appears that the attackers also infiltrated victim network(s) via Java exploitation (35f1572eb7759cb7a66ca459c093e8a1 – NewsFinder.jar), known as the Rhino exploit (CVE-2011-3544).

Just a quick note, it’s only the second week of January, but early 2013 brings with it the first Java 0day mass exploit distribution of the year.

Microsoft starts the new year with a January Security Bulletin Release of seven Security Bulletins. These seven bulletins cover at least 11 CVE. Three of the vulnerabilities need to be addressed immediately with two of the Bulletins. These three vulnerabilities effect XML Core Service components (MS13-001) that can be abused using Internet Explorer as a

Microsoft just publicly announced a release to actively “untrust” three certificates issued by Certificate Authority TURKTRUST, a subsidiary of the Turkish Armed Forces ELELE Foundation Company. According to Microsoft, the company made several mistakes resulting in fraudulent certificates issued that could be used to MiTM encrypted communications with gmail or other google properties.

Before 2012, there were only two instances of cyber weapons being used – Stuxnet and Duqu. However, analysis of these two forced the IT community to dramatically expand the whole concept of what cyber warfare entails

The folks at the Microsoft Security Response Center are winding down 2012 with another full release of seven Security Bulletins containing fixes for memory corruption on application, server, and system code along with a Certificate Bypass problem and set of fixes for Oracle Outside In software components. Within the seven Bulletins, they are patching at least 11 vulnerabilities, accurately described in the Advanced notification for this month. The MSRC recommends that their Internet Explorer (MS12-077) and Microsoft Word (MS12-079) updates are addressed asap.

The folks at the Microsoft Security Response Center are winding down 2012 with another full release of seven Security Bulletins containing fixes for memory corruption on application, server, and system code along with a Certificate Bypass problem and set of fixes for Oracle Outside In software components. Within the seven Bulletins, they are patching at

Why in Dubai? First, I was there recently.  Second,  Dubai has become one of the most important cities in the world for holding IT conferences. All statistics are based on around 3 thousand found WiFi access points.  Let’s begin with the channels Dubai’s WiFi is running on: It’s logical to see that channel 6 and

Earlier today, Softpedia reported that an Algerian hacker using the nickname MCA-CRB has managed to deface the Romanian sites of Google (google.ro) and Yahoo! (yahoo.ro).

Earlier today, Softpedia reported that an Algerian hacker using the nickname MCA-CRB has managed to deface the Romanian sites of Google (google.ro) and Yahoo! (yahoo.ro).