Vulnerabilities and exploits

Just a quick note, it’s only the second week of January, but early 2013 brings with it the first Java 0day mass exploit distribution of the year.

Microsoft starts the new year with a January Security Bulletin Release of seven Security Bulletins. These seven bulletins cover at least 11 CVE. Three of the vulnerabilities need to be addressed immediately with two of the Bulletins. These three vulnerabilities effect XML Core Service components (MS13-001) that can be abused using Internet Explorer as a

Microsoft just publicly announced a release to actively “untrust” three certificates issued by Certificate Authority TURKTRUST, a subsidiary of the Turkish Armed Forces ELELE Foundation Company. According to Microsoft, the company made several mistakes resulting in fraudulent certificates issued that could be used to MiTM encrypted communications with gmail or other google properties.

Before 2012, there were only two instances of cyber weapons being used – Stuxnet and Duqu. However, analysis of these two forced the IT community to dramatically expand the whole concept of what cyber warfare entails

The folks at the Microsoft Security Response Center are winding down 2012 with another full release of seven Security Bulletins containing fixes for memory corruption on application, server, and system code along with a Certificate Bypass problem and set of fixes for Oracle Outside In software components. Within the seven Bulletins, they are patching at least 11 vulnerabilities, accurately described in the Advanced notification for this month. The MSRC recommends that their Internet Explorer (MS12-077) and Microsoft Word (MS12-079) updates are addressed asap.

The folks at the Microsoft Security Response Center are winding down 2012 with another full release of seven Security Bulletins containing fixes for memory corruption on application, server, and system code along with a Certificate Bypass problem and set of fixes for Oracle Outside In software components. Within the seven Bulletins, they are patching at

Why in Dubai? First, I was there recently.  Second,  Dubai has become one of the most important cities in the world for holding IT conferences. All statistics are based on around 3 thousand found WiFi access points.  Let’s begin with the channels Dubai’s WiFi is running on: It’s logical to see that channel 6 and

Earlier today, Softpedia reported that an Algerian hacker using the nickname MCA-CRB has managed to deface the Romanian sites of Google (google.ro) and Yahoo! (yahoo.ro).

Earlier today, Softpedia reported that an Algerian hacker using the nickname MCA-CRB has managed to deface the Romanian sites of Google (google.ro) and Yahoo! (yahoo.ro).

Last night, reports have appeared on several Russian forums regarding a Skype account hijacking exploit. The information has been made available on several Russian blogs and is now actively exploited in the wild. The exploit, which has been available for two months already, takes advantage of the Skype password reset feature. This allows you to

Microsoft is patching a fair number of vulnerabilities in their software with 19 flaws being fixed.

According to KSN data, Kaspersky Lab products detected and neutralized 1,347,231,728 threats in Q3 2012.

In information security, talk about botnets equals talk about malicious actions that materialize through criminal action. In essence, we think there is always a hostile attitude on the part of those who administer them. Please correct me colleagues, refute this if I’m wrong, but I think conceptually you agree with me. BoteAR (developed in Argentina)

Today, cybercriminals are quick to exploit vulnerabilities in Adobe Reader, Flash and Java to infect users’ computers. There is a simple reason for this popularity: exploits of vulnerabilities found in these products can infect computers regardless of which operating systems and browsers are used on the attacked machines. We assumed that the threats posed to

In information security, talk about botnets equals talk about malicious actions that materialize through criminal action. In essence, we think there is always a hostile attitude on the part of those who administer them. Please correct me colleagues, refute this if I’m wrong, but I think conceptually you agree with me.