Vulnerabilities and exploits

Microsoft finishes out this year of patching with a heavy release that’s all over place. While techs were notified of an anticipated 14 bulletins, 13 were released for the month of December. Headline grabbing events and code are addressed in one of them, and while fewer are labelled “Critical”, are they any less important?

On 3 December, we noted a rapid growth in the number of detections for exploits targeting the vulnerability CVE-2011-3544 in Java virtual machine

In this webcast, Kurt Baumgartner talks about the rise of exploits against vulnerabilities in Oracle’s Java software. The discussion centers around the exploitation of Java vulnerabilities in exploit kits and the poor state of patching on the Windows platform.

There’s been a lot of talk about a piece of software installed on many mobile devices called Carrier IQ. The intended purpose of the software according to the manufacturer is to collect metrics to improve many functions of the device on which it’s installed. The uproar has been that this software has access to so much private user data.

Here’s the latest of our malware calendar wallpapers.

Kaspersky Lab security researcher Tim Armstrong looks at the security posture of the Android platform and discusses current and future threats to Android-powered devices.

Over the past few weeks, we have been busy researching the Command and Control infrastructure used by Duqu

Kaspersky Lab malware analyst Dmitry Besthuzhev looks at cybercrime in Latin America and makes a prediction regarding state-sponsored cyber-attacks in the region.

Not so long ago we wrote about cybercriminals using infected computers to generate virtual money via Bitcoin

A look at the top five database breaches and the technologies that may have helped limit the damage.

A simple message on a Google forum in August sparked an investigation which would eventually bring down the DigiNotar certificate authority.

Once the driver is loaded, it decrypts a small block that contains its registry key and the name of the registry value to be read from that key. It also contains the name of the driver object to create

In this edition of Lab Matters, Ryan Naraine interviews Kaspersky Lab CTO Nikolay Nikolay Grebennikov about malicious threats on mobile devices. Grebennikov talks about the taxonomy of threats and explains Kaspersky Lab’s vision for protecting data on smart phones.

New information suggests Duqu was used to spy on Iran’s nuclear program.

Dutch Certificate Authority KPN/Getronics has announced the suspension of the issuance of digital certificates.