Vulnerabilities and exploits

Today we saw the discovery of another rogue SSL certificate – this time for *.google.com. The certificate itself was issued five weeks ago. This will allow an attacker to sniff the traffic to virtually all of Google’s services even with HTTPS enabled.

In this special edition we have an external expert again, a participant of SAS 2011, Aviv Raff from Seculert. He talks about the evolution of exploit kits, especially on the server side.

Another edition of “Lab Matters” with a special guest Uri Rivner, Head of New Technologies, Identity Protection and Verification, RSA Security, where he describes what happened when RSA was hacked with a zero-day vulnerability.

In this special edition Ryan Naraine joins David Lenoe, Head of the Product Security Incident Response Team, Adobe, in a discussion about how Adobe is responding to attacks against zero-day vulnerabilities in PDF Reader and Flash Player.

Network devices such as routers, access points and DSL modems are an integral part of today’s home and small office networks.

In 2010 we noted a decline in the number of players in the fake antivirus market, and as a result, fewer counterfeit programs used to distribute fake antivirus products

Microsoft released 13 bulletins addressing 22 CVE’s in its own software: Microsoft Windows, Office, Internet Explorer, .NET and Visual Studio. We’ll be watching for Adobe to coordinate any release of their own updates today.

Here’s our malware wallpaper for August, highlighting some notable malware-related events from the past.

Alexey Polyakov is a Head of the Global Emergency Response Team of Kaspersky Lab – a new security policy consultation service for current and new corporate customers. Over the last 12 months this new service has responded to numerous incidents in which corporate customers’ networks have been targeted.

It is very interesting to see how short the lifespan of an exploit kit is. Some kits that were once popular and infected thousands of users are no longer being used.

In this webcast, Eugene Kaspersky, CEO and co-founder of Kaspersky Lab, shares his extensive knowledge of the driving forces that power the modern cyber-criminal ecosystem and discuss the way that cybercrime operates.

Discussion of this month’s patch Tuesday is overshadowed by the current round of massive releases from targeted spearphishing, web and SQLi attacks reported in the media. Four bulletins are being released to address 22 CVE records, or sets of vulnerabilities.

“Weibo”, a micro blog in Chinese, is really hot and has become fashionable in China lately.

Yesterday, I blogged about the older version of Adobe Flash Player on my recently purchased Google Chromebook. On Tuesday, the day before, I’d sent out a note to Adobe’s PSIRT asking if they knew what was up with this earlier version.

This week my Samsung Chromebook finally arrived. My interest in this platform had been especially piqued after my colleague Costin Raiu’s excellent analysis following the Chromebook’s introduction.