Vulnerabilities and exploits

Not so long ago we wrote about cybercriminals using infected computers to generate virtual money via Bitcoin

A look at the top five database breaches and the technologies that may have helped limit the damage.

A simple message on a Google forum in August sparked an investigation which would eventually bring down the DigiNotar certificate authority.

Once the driver is loaded, it decrypts a small block that contains its registry key and the name of the registry value to be read from that key. It also contains the name of the driver object to create

In this edition of Lab Matters, Ryan Naraine interviews Kaspersky Lab CTO Nikolay Nikolay Grebennikov about malicious threats on mobile devices. Grebennikov talks about the taxonomy of threats and explains Kaspersky Lab’s vision for protecting data on smart phones.

New information suggests Duqu was used to spy on Iran’s nuclear program.

Dutch Certificate Authority KPN/Getronics has announced the suspension of the issuance of digital certificates.

In April, the .co.cc and .cz.cc sub-domains were absolutely littered with malware distributing web sites, and the unusually telling DNS registration setup on .co.cc and .cz.cc had forecast the previously upcoming Apple FakeAv.

First things first, I have to point out a mistake in the previous text. When analyzing the fourth incident in Iran, we stated that there were two network attacks on a victim machine from the IP address 63.87.255.149. It could have been an exclusive version of Duqu, but it turned out to be a big mistake.

Tim Armstrong looks at the timeline of the Sony breach and pieces together the relevant details at each point in time. He discusses the known facts of the case and the potential future fallout.

Here’s the latest of our malware calendar wallpapers.

Our investigation and research of Duqu malware continues.

In September we saw a 3700% increase in JavaScript-based redirection scripts, specifically Trojan.JS.Redirector.ro. This malicious redirector went from 908th place to 15th place in the list of the most detected malware in Sweden in one month. This code only redirects users to another URL, and I thought it was strange that we did not really see an increase of detected malware in September?

Shadowed by the Duqu madness yesterday, Oracle released a slew of critical updates. Most interesting, but perhaps with little impact, is the Java SE BEAST update.

A relatively new development in app advertising has a concerning feature. It leeches much of the same information that many Android Trojans also steal. Through an app promotion campaign, a new feature called “offerwalls” are used by Pay Per Install (PPI) services to promise further adoption and revenue for app developers. But what is the real danger? It is found in the way these services uniquely identify users and the information they collect.