Vulnerabilities and exploits

In September we saw a 3700% increase in JavaScript-based redirection scripts, specifically Trojan.JS.Redirector.ro. This malicious redirector went from 908th place to 15th place in the list of the most detected malware in Sweden in one month. This code only redirects users to another URL, and I thought it was strange that we did not really see an increase of detected malware in September?

Shadowed by the Duqu madness yesterday, Oracle released a slew of critical updates. Most interesting, but perhaps with little impact, is the Java SE BEAST update.

A relatively new development in app advertising has a concerning feature. It leeches much of the same information that many Android Trojans also steal. Through an app promotion campaign, a new feature called “offerwalls” are used by Pay Per Install (PPI) services to promise further adoption and revenue for app developers. But what is the real danger? It is found in the way these services uniquely identify users and the information they collect.

Sony has reported that it has had a number of sign-in attempts on accounts belonging to users on its various networks, and has locked out those accounts.

The following statistics were compiled in September using data collected from computers running Kaspersky Lab products

Microsoft customers have an urgent and heavy dose of patching to do today. Internet Explorer may have only one update assigned to it, but the update fixes eight different vulnerabilities.

On the first anniversary of Stuxnet, Roel Schouwenberg discusses gaping holes in Industrial Control Systems and the risks associated with these vulnerabilities.

Here’s the latest of our malware calendar wallpapers.

With headlines like “New cyber threat compromises financial information – Experts say new threat could affect millions of sites”, you would think that the trust model of the internet is finally crumbled.

From an hour long wait to view the demo, the Ekoparty demo for the SSL hack was staged. And it was interesting that the attack succeeded in cracking the SSL confidentiality model.

Adobe pushed an emergency update to its ubiquitous Flash player yesterday that closed holes on 6 separate vulnerabilities.

Webmasters, mainly corporate admin, need to pay attention to today’s Oracle CPU, impacting Oracle Fusion Middleware, Oracle Application Server, and Oracle Enterprise Manager. This stuff is commonly deployed in the enterprise, and it is critical that sysadmin are on top of http DoS vulnerabilities.

Recently, NSS Labs, a US-based testing company has performed a comparative review of several Internet browsers in order to determine which one provides the best protection against socially engineered malware.

In addition to today’s Microsoft updates, users of Adobe’s Reader and Acrobat software on both Windows and Apple systems need to update their software ASAP.

This month’s Microsoft patch release is pushed out with lower urgency recommendations overall. While the Sharepoint and server side vulnerabilities are interesting, IT and individuals should attend to the Excel vulnerabilities with urgency.

Arbor Networks reseracher Jose Nazario talks about new DDoS bot families, most previously unidentified. Nazario provides a tour of recently discovered DDoS bots from around the world showing the proliferation of attack models, adoption of .Net, and new modular functionalities.