Vulnerabilities and exploits

Yesterday, Adobe published an advisory about a critical vulnerability in their Flash Player that is already being actively exploited. The exploit we are seeing right now has a payload which, while not being very sophisticated, holds several surprises.

Firefox users should be aware of a use-after-free vulnerability affecting Firefox versions 3.6.11 and earlier. The security team at Firefox has been working on getting a patch out since at least early Tuesday morning with a release candidate available for brave nightly build testers last night.

Ryan Naraine talks to mobile malware researcher Denis Denis Maslennikov about the mobile malware landscape.

The security was tight enough, but the raider knew exactly where the weak point in the system was. He had undergone special training to help him slip unnoticed through loopholes like these and infiltrate the network.

Kaspersky Lab Senior Anti-Virus Researcher Roel Schouwenberg answers questions on the Stuxnet work, the resources and sophistication involved in the attack and the likely nation-state involvement.

Over the last few days, Stuxnet has been covered extensively in the mass media. And it’s been covered differently by different sources. “Iran”, “Bushehr nuclear plant” and “cyber-weapon” are phrases which are already inexorably linked to Stuxnet.

There is a new, actively exploited XSS on Twitter.

As the subject of targeted attacks remains one of the industry’s most hotly discussed topics, and the waves of such attacks appear to be relentless, our experts, Kostin and Magnus, together with the team, decided to continue on with the theme.

With Apple fans waiting for the release of the Greenpois0n jailbreaking tool, the cybercriminals are exploiting the fuss with “Greenpois0n” trojans.

We’re still monitoring Pegel, and we’ve come across something which piqued our interest: redirects to malicious websites hosting exploits weren’t only coming from infected legitimate sites, but also from flash ads on legitimate sites.

Over the past few weeks the AV industry has continued to focus its research efforts on the Stuxnet worm. We blogged about what we found while we were investigating the malware; our Stuxnet series may have come to an end, but that doesn’t mean we’ve stopped our research.

Today Adobe put out an advisory for a previously unknown zero-day in its PDF Reader/Acrobat software.
This vulnerability is actively being exploited in the wild.

In the past, we’ve seen Web defacers act with only with political motivation. That has now changed. The Web defacers are being used by the online money gangs as a part of outsourced services.

The Winlock numbers, the Winlock laws

The cyber-criminal groups behind fake anti-virus (scareware/rogueware) infections have run into some significant roadblocks over the last few years, but there is much more to the overall story.