Vulnerabilities and exploits

First things first, I have to point out a mistake in the previous text. When analyzing the fourth incident in Iran, we stated that there were two network attacks on a victim machine from the IP address 63.87.255.149. It could have been an exclusive version of Duqu, but it turned out to be a big mistake.

Tim Armstrong looks at the timeline of the Sony breach and pieces together the relevant details at each point in time. He discusses the known facts of the case and the potential future fallout.

Here’s the latest of our malware calendar wallpapers.

Our investigation and research of Duqu malware continues.

In September we saw a 3700% increase in JavaScript-based redirection scripts, specifically Trojan.JS.Redirector.ro. This malicious redirector went from 908th place to 15th place in the list of the most detected malware in Sweden in one month. This code only redirects users to another URL, and I thought it was strange that we did not really see an increase of detected malware in September?

Shadowed by the Duqu madness yesterday, Oracle released a slew of critical updates. Most interesting, but perhaps with little impact, is the Java SE BEAST update.

A relatively new development in app advertising has a concerning feature. It leeches much of the same information that many Android Trojans also steal. Through an app promotion campaign, a new feature called “offerwalls” are used by Pay Per Install (PPI) services to promise further adoption and revenue for app developers. But what is the real danger? It is found in the way these services uniquely identify users and the information they collect.

Sony has reported that it has had a number of sign-in attempts on accounts belonging to users on its various networks, and has locked out those accounts.

The following statistics were compiled in September using data collected from computers running Kaspersky Lab products

Microsoft customers have an urgent and heavy dose of patching to do today. Internet Explorer may have only one update assigned to it, but the update fixes eight different vulnerabilities.

On the first anniversary of Stuxnet, Roel Schouwenberg discusses gaping holes in Industrial Control Systems and the risks associated with these vulnerabilities.

Here’s the latest of our malware calendar wallpapers.

With headlines like “New cyber threat compromises financial information – Experts say new threat could affect millions of sites”, you would think that the trust model of the internet is finally crumbled.

From an hour long wait to view the demo, the Ekoparty demo for the SSL hack was staged. And it was interesting that the attack succeeded in cracking the SSL confidentiality model.

Adobe pushed an emergency update to its ubiquitous Flash player yesterday that closed holes on 6 separate vulnerabilities.

Webmasters, mainly corporate admin, need to pay attention to today’s Oracle CPU, impacting Oracle Fusion Middleware, Oracle Application Server, and Oracle Enterprise Manager. This stuff is commonly deployed in the enterprise, and it is critical that sysadmin are on top of http DoS vulnerabilities.