Exploit

New Java zero-day exploit could spread "mayhem"

By

The vulnerability already has been added to commercially available attack toolkits, such as BlackHole and Nuclear Pack.

Zero-day attacks last much longer than most would believe

By

A new report highlights just how little is known about zero-day attacks, even after the flaws are made public.

Microsoft releases urgent browser patch to curb online attacks

By

The most critical flaw could lead to the installation of the backdoor trojan Poison Ivy on victims' machines.

Report: Most ZeroAccess zombie computers found in U.S.

By

Researchers have discovered that a majority of the infected machines enlisted in a botnet capable of stealing up to $100,000 per day are based in the United States.

Researchers: Oracle will address new Java flaw next month

By

Security firm Security Explorations discovered the new vulnerability, which, when combined with other still-unpatched weaknesses in Java, could allow for a complete bypass of the Java Virtual Machine sandbox in the environment of the latest Java SE software.

Déjà vu? Oracle may be dealing with another Java exploit

By

Hours after the company that maintains Java released a much-anticipated patch for a widespread malware attack, Polish firm Security Explorations said it discovered a new vulnerability in the software platform.

Java exploit in BlackHole shows immediate success

By

In light of the fast-spreading Java 7 exploit, Mozilla has become the first browser maker to suggest users disable Java functionality.

New Java exploit on the loose, unofficial patch may help

By

A new Java exploit is expected to become more widespread now that proof-of-concept code has been published. Oracle isn't scheduled to update Java until October.

Google increases rewards for bug and exploit finding

By

Google is raising the stakes for researchers who can show exploits and discover vulnerabilities in its Chrome browser.

Hackers add Java exploit to BlackHole toolkit

By

The commercially available and automated BlackHole exploit kit has been updated to include exploit functionality for a recently patched Java vulnerability, and attacks are now happening in the wild.

Mozilla fixes "critical" bugs in new release of Firefox

By

Thirteen security vulnerabilities were fixed this week when Mozilla released Firefox 13.

Flash flaw being used to deliver email based attacks

By

Adobe on Friday issued an emergency patch for a critical bug in its Flash Player software that is being used in targeted malware attacks.

Russian works around sandbox to pull off Chrome exploit

By

One of the most prolific Chrome researchers has netted Google's top prize in its inaugural Pwnium competition. Google promptly patched the bug.

Purported Iran nuke document contains trojan

By

The malicious file spreads thanks to a vulnerability in the popular Adobe Flash software.

New Chrome version contains malware download security

By

Google has issued an official update to its Chrome browser to fill 20 security holes, one of which is deemed "critical" and eight of which are considered "high" in severity.

Study: BlackHole appears, Conficker remains

By

Eighty-five percent of all malware is web-based, and some 30,000 websites are newly infected with malicious code each day, according to Sophos' "Security Threat Report 2012."

Adobe to issue emergency fix for Reader security bug

By

Adobe warned Tuesday of an unpatched vulnerability in its Reader and Acrobat software after catching wind of active exploits by cybercriminals.

New Java exploit one of many impacting firms

By

A new exploit, which has made its way into the Metasploit framework, underscores the danger posed by Java vulnerabilities, which are responsible for many of today's enterprise malware threats.

Most spam subject lines contain fake order, ticket numbers

By

Most spam messages sent in recent days have been delivered with subject lines containing fake order or ticket numbers, delivery invoices, payment notices or tax information, according to researchers from security firm Websense.

Microsoft releases four security patches, one critical

By

Microsoft on Tuesday patched one "critical" vulnerability, plus three other less-severe flaws. Not patched, as expected, is a bug related to the Duqu trojan.

Hacker attacks against retailers up 43 percent

By

Much of the surge can be blamed on SQL injection and the use of exploit toolkits, according to researchers at Dell SecureWorks.

New exploit toolkit not so nice

By

At least 10,000 websites have been compromised to redirect users to a new exploit toolkit, called "Nice Pack," according to researchers at Dell SecureWorks. Nice Pack, discovered Wednesday, attempts to take advantage of flaws in users' third-party apps, such as Java and Adobe, to install the "Zero Access Trojan," a rootkit that allows attackers to take control of a victim's machine. Though researchers are still looking into the threat, they have discovered that the JavaScript on compromised sites is nearly identical to the malicious code recently found on MySQL.com, which was infected to redirect users to the Black Hole exploit toolkit.

BlackHole exploit kit now available for free

By

A free copy of the BlackHole exploit kit is available on several file-sharing sites, lowering the cost of entry for budding cybercriminals, experts warned this week.

Industrial control systems at risk, ICS-CERT warns

By

Software products used to manage critical infrastructure facilities contain a vulnerability that could allow an attacker to take control of affected systems, the ICS-CERT warned.

Zeus source code open for inspection, use

By

As if Zeus wasn't already a torment, the insidious banking trojan may become even more prolific now that its source code has been leaked on at least two underground forums, according to researchers at Denmark-based CSIS. Peter Kruse, writing on the company's blog, said the source code for the Zeus toolkit is "freely available for inspection, inspiration or perhaps to be compiled and used in future attacks." He expects the leakage to cause the trojan to become more pervasive. One likely can expect the price to fall too. McAfee researchers in September said the Zeus builder toolkit was going for between $700 and $1,500.

Adobe fixes Reader, Acrobat issues early

By

Adobe has sped up the planned release of updates to its Reader and Acrobat software, good news for customers now that reports of public exploits have emerged. The updates, released Thursday but not expected until next week, shore up two critical vulnerabilities, one of which has been leveraged in in-the-wild attacks, according to a revised bulletin. Reader X for Mac and Acrobat X for Windows and Mac received updates, as did Reader/Acrobat 9.4.3 for Windows and Mac. Reader X for Windows won't receive a new version until June 14, a scheduled quarterly update, because the "Protected Mode" capability prevents against exploit. The flaw being used in attacks also was present in Flash Player, but that software was patched last week.

Number of reported vulnerabilities spiked in 2010

By

System flaws and exploits dramatically jumped last year, but the news is not all bad, as many of the bugs were discovered by their creators.

Attack toolkits to pose bigger problem for businesses

By

Attack toolkits have been refined to the point where they are producing high success rates for their criminal users.

New Google Chrome version notifies of unpatched plug-ins

By

Google's latest version of Chrome warns users if they are attempting to run a plug-in that is out of date.

Unwitting accomplices and complicit security teams

Unwitting accomplices and complicit security teams

End-users may be the weakest link, but technology exists to take security out of their hands.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US