Vulnerabilities and exploits

Discussion of this month’s patch Tuesday is overshadowed by the current round of massive releases from targeted spearphishing, web and SQLi attacks reported in the media. Four bulletins are being released to address 22 CVE records, or sets of vulnerabilities.

“Weibo”, a micro blog in Chinese, is really hot and has become fashionable in China lately.

Yesterday, I blogged about the older version of Adobe Flash Player on my recently purchased Google Chromebook. On Tuesday, the day before, I’d sent out a note to Adobe’s PSIRT asking if they knew what was up with this earlier version.

This week my Samsung Chromebook finally arrived. My interest in this platform had been especially piqued after my colleague Costin Raiu’s excellent analysis following the Chromebook’s introduction.

Here’s the latest of our malware wallpaper calendars.

I found an interesting “bug” in the malicious .php script on the .cc domain. For example, instead of clicking on http://3cm.kz/example, just put at the end http://3cm.kz/example+ or http://3cm.kz/example* or any other and for each new special char you will get the binary. One special char per one new download. The second short URL service used by the criminals is http://shortn.me

Patches are up! This month’s patch Tuesday is a sizable one by any standards. Microsoft is patching a total of 34 vulnerabilities in 16 bulletins. At least eight different product lines are updated. Adobe is coordinating release of Reader, Acrobat, Shockwave and Flash updates as well today.

Here’s the latest of our malware wallpaper calendars.

The Democratic Party of Hong Kong’s website was compromised and serving malware nearly identical to the compromised UK Amnesty International servers at the beginning of this month. The server has been cleaned up.

We are currently investigating a new malicious campaign on Facebook mostly targeting French speaking users.

A host of events took place in the world of IT threats during the first quarter of 2011.

For business travelers, the use of a laptop to stay connected to access business documents and connect to office resources is an absolute necessity. In this Lab Matters webcast, Kaspersky Lab malware researcher Stefan Tanase provides some general travel tips and advice to assist in protecting you, your laptop and your corporate data while you are on the road.

The Sony PSN servers are back online

Thoughts on the security of the newly announced Chromebook with Google Chrome OS.

In this newest edition of Lab Matters, Director of Kaspersky Lab’s Global Research and Analysis Team Costin Raiu offers some predictions about what we will see in the second half of 2011.