Get up-to-the-minute news and opinions, plus access to a wide assortment of IT security resources that will keep you current and informed.

Keep me logged in Forgot your password?

Please wait...

Please wait...

 Exploit

Flash flaw being used to deliver email based attacks

May 04, 2012

Adobe on Friday issued an emergency patch for a critical bug in its Flash Player software that is being used in targeted malware attacks.
 

Russian works around sandbox to pull off Chrome exploit

March 08, 2012

One of the most prolific Chrome researchers has netted Google's top prize in its inaugural Pwnium competition. Google promptly patched the bug.
 

Purported Iran nuke document contains trojan

March 05, 2012

The malicious file spreads thanks to a vulnerability in the popular Adobe Flash software.
 

New Chrome version contains malware download security

February 09, 2012

Google has issued an official update to its Chrome browser to fill 20 security holes, one of which is deemed "critical" and eight of which are considered "high" in severity.
 

Study: BlackHole appears, Conficker remains

January 26, 2012

Eighty-five percent of all malware is web-based, and some 30,000 websites are newly infected with malicious code each day, according to Sophos' "Security Threat Report 2012."
 

Adobe to issue emergency fix for Reader security bug

December 06, 2011

Adobe warned Tuesday of an unpatched vulnerability in its Reader and Acrobat software after catching wind of active exploits by cybercriminals.
 

New Java exploit one of many impacting firms

December 01, 2011

A new exploit, which has made its way into the Metasploit framework, underscores the danger posed by Java vulnerabilities, which are responsible for many of today's enterprise malware threats.
 

Most spam subject lines contain fake order, ticket numbers

November 21, 2011

Most spam messages sent in recent days have been delivered with subject lines containing fake order or ticket numbers, delivery invoices, payment notices or tax information, according to researchers from security firm Websense.
 

Microsoft releases four security patches, one critical

November 08, 2011

Microsoft on Tuesday patched one "critical" vulnerability, plus three other less-severe flaws. Not patched, as expected, is a bug related to the Duqu trojan.
 

Hacker attacks against retailers up 43 percent

October 12, 2011

Much of the surge can be blamed on SQL injection and the use of exploit toolkits, according to researchers at Dell SecureWorks.
 

New exploit toolkit not so nice

October 11, 2011

At least 10,000 websites have been compromised to redirect users to a new exploit toolkit, called "Nice Pack," according to researchers at Dell SecureWorks. Nice Pack, discovered Wednesday, attempts to take advantage of flaws in users' third-party apps, such as Java and Adobe, to install the "Zero Access Trojan," a rootkit that allows attackers to take control of a victim's machine. Though researchers are still looking into the threat, they have discovered that the JavaScript on compromised sites is nearly identical to the malicious code recently found on MySQL.com, which was infected to redirect users to the Black Hole exploit toolkit.
 

BlackHole exploit kit now available for free

May 24, 2011

A free copy of the BlackHole exploit kit is available on several file-sharing sites, lowering the cost of entry for budding cybercriminals, experts warned this week.
 

Industrial control systems at risk, ICS-CERT warns

May 12, 2011

Software products used to manage critical infrastructure facilities contain a vulnerability that could allow an attacker to take control of affected systems, the ICS-CERT warned.
 

Zeus source code open for inspection, use

May 10, 2011

As if Zeus wasn't already a torment, the insidious banking trojan may become even more prolific now that its source code has been leaked on at least two underground forums, according to researchers at Denmark-based CSIS. Peter Kruse, writing on the company's blog, said the source code for the Zeus toolkit is "freely available for inspection, inspiration or perhaps to be compiled and used in future attacks." He expects the leakage to cause the trojan to become more pervasive. One likely can expect the price to fall too. McAfee researchers in September said the Zeus builder toolkit was going for between $700 and $1,500.
 

Adobe fixes Reader, Acrobat issues early

April 21, 2011

Adobe has sped up the planned release of updates to its Reader and Acrobat software, good news for customers now that reports of public exploits have emerged. The updates, released Thursday but not expected until next week, shore up two critical vulnerabilities, one of which has been leveraged in in-the-wild attacks, according to a revised bulletin. Reader X for Mac and Acrobat X for Windows and Mac received updates, as did Reader/Acrobat 9.4.3 for Windows and Mac. Reader X for Windows won't receive a new version until June 14, a scheduled quarterly update, because the "Protected Mode" capability prevents against exploit. The flaw being used in attacks also was present in Flash Player, but that software was patched last week.
 

Number of reported vulnerabilities spiked in 2010

April 06, 2011

System flaws and exploits dramatically jumped last year, but the news is not all bad, as many of the bugs were discovered by their creators.
 

Attack toolkits to pose bigger problem for businesses

April 05, 2011

Attack toolkits have been refined to the point where they are producing high success rates for their criminal users.
 

New Google Chrome version notifies of unpatched plug-ins

April 01, 2011

Google's latest version of Chrome warns users if they are attempting to run a plug-in that is out of date.
 

Unwitting accomplices and complicit security teams

Anup Ghosh, founder and chief scientist, Invincea February 25, 2011

End-users may be the weakest link, but technology exists to take security out of their hands.
 

Google quickly shores up Gmail spam flaw

November 22, 2010

Google has fixed what is being described as a serious security flaw that allowed a hacker to harvest Gmail addresses and send spam from the search giant's servers.
 

Microsoft warns of "unprecedented" Java exploitation

October 18, 2010

The number of attacks on vulnerable Java code spiked during the third quarter of the year and have reached "unprecedented" levels, a Microsoft malware expert said on Monday.
 

Twitter hit with exploit attack

September 21, 2010

The popular social networking website Twitter has fallen victim to an exploit that enables attackers to insert pop-up ads and open unwanted websites on a user's browser. As reported on Graham Cluley's blog, the exploit is apparently merely being used mischievously at this point, but points the way to cybercriminals using the flaw to redirect users to websites loaded with malware in addition to spam ad pop-ups. Cluley says Twitter is aware of the exploit and intends to soon issue a patch. - GM
 
Popular Topics
4G-war Advanced Persistent Threat Adware AMTSO Anonymous Botnets Cyber Attacks Cyber Crime Data Breach Data Breaches Encryption Hackers Hacktivism Health Care IT Security Java Malware Mobile Devices Phishing Risk Management Social Security Numbers Stolen Information Survey Trojans Vulnerabilities & Flaws