Vulnerabilities and exploits

Earlier today, Softpedia reported that an Algerian hacker using the nickname MCA-CRB has managed to deface the Romanian sites of Google (google.ro) and Yahoo! (yahoo.ro).

Last night, reports have appeared on several Russian forums regarding a Skype account hijacking exploit. The information has been made available on several Russian blogs and is now actively exploited in the wild. The exploit, which has been available for two months already, takes advantage of the Skype password reset feature. This allows you to

Microsoft is patching a fair number of vulnerabilities in their software with 19 flaws being fixed.

According to KSN data, Kaspersky Lab products detected and neutralized 1,347,231,728 threats in Q3 2012.

In information security, talk about botnets equals talk about malicious actions that materialize through criminal action. In essence, we think there is always a hostile attitude on the part of those who administer them. Please correct me colleagues, refute this if I’m wrong, but I think conceptually you agree with me. BoteAR (developed in Argentina)

Today, cybercriminals are quick to exploit vulnerabilities in Adobe Reader, Flash and Java to infect users’ computers. There is a simple reason for this popularity: exploits of vulnerabilities found in these products can infect computers regardless of which operating systems and browsers are used on the attacked machines. We assumed that the threats posed to

In information security, talk about botnets equals talk about malicious actions that materialize through criminal action. In essence, we think there is always a hostile attitude on the part of those who administer them. Please correct me colleagues, refute this if I’m wrong, but I think conceptually you agree with me.

It can happen to anyone… and when it does it usually catches everybody – the victim and his relatives – completely unprepared. I’m talking about kidnapping. Twice in my life I’ve been involved in helping the police track down and arrest gangs of kidnappers. The first case didn’t directly affect me or my family, but

Today’s Microsoft updates include a few fixes for remote code execution, and several fixes for escalation of privilege and denial of service flaws.

Introduction This is the description of an attack happening in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, which affected 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on DSL modems. We will show how cybercriminals exploited

Earlier this year, about 6.5 million LinkedIn account password hashes were published on a hackers’ forum. The hashes were simple SHA1 digests computed from the user’s passwords, as stored into the LinkedIn backend infrastructure. It didn’t take long for hackers to start cracking them, with over half of them cracked in almost no time. There

Hotmail / Microsoft accounts limit maximum password size to 16.

The Internet knows no borders, but according to our data, cybercrime has specific ‘geographical features’.

The Java 0day activity that we have been monitoring and preventing for almost the past week has been irresponsibly reported on other blogs, with early posts publicly linking to known sites serving the 0day.

According to KSN data, Kaspersky Lab products detected and neutralized over 1 billion threats in Q2 2012.