Vulnerabilities and exploits

Webmasters, mainly corporate admin, need to pay attention to today’s Oracle CPU, impacting Oracle Fusion Middleware, Oracle Application Server, and Oracle Enterprise Manager. This stuff is commonly deployed in the enterprise, and it is critical that sysadmin are on top of http DoS vulnerabilities.

Recently, NSS Labs, a US-based testing company has performed a comparative review of several Internet browsers in order to determine which one provides the best protection against socially engineered malware.

In addition to today’s Microsoft updates, users of Adobe’s Reader and Acrobat software on both Windows and Apple systems need to update their software ASAP.

This month’s Microsoft patch release is pushed out with lower urgency recommendations overall. While the Sharepoint and server side vulnerabilities are interesting, IT and individuals should attend to the Excel vulnerabilities with urgency.

Arbor Networks reseracher Jose Nazario talks about new DDoS bot families, most previously unidentified. Nazario provides a tour of recently discovered DDoS bots from around the world showing the proliferation of attack models, adoption of .Net, and new modular functionalities.

August is traditionally one of the busiest months for the information security industry.

Kaspersky Lab is paying a lot of attention to IT security education & literacy development sharing its knowledge & experience actively through its educational program “Kaspersky Academy”

In the Netherlands news just broke involving more details with regards to the DigiNotar compromise.

Here’s the latest of our malware calendar wallpapers.

Today we saw the discovery of another rogue SSL certificate – this time for *.google.com. The certificate itself was issued five weeks ago. This will allow an attacker to sniff the traffic to virtually all of Google’s services even with HTTPS enabled.

In this special edition we have an external expert again, a participant of SAS 2011, Aviv Raff from Seculert. He talks about the evolution of exploit kits, especially on the server side.

Another edition of “Lab Matters” with a special guest Uri Rivner, Head of New Technologies, Identity Protection and Verification, RSA Security, where he describes what happened when RSA was hacked with a zero-day vulnerability.

In this special edition Ryan Naraine joins David Lenoe, Head of the Product Security Incident Response Team, Adobe, in a discussion about how Adobe is responding to attacks against zero-day vulnerabilities in PDF Reader and Flash Player.

Network devices such as routers, access points and DSL modems are an integral part of today’s home and small office networks.

In 2010 we noted a decline in the number of players in the fake antivirus market, and as a result, fewer counterfeit programs used to distribute fake antivirus products