Archive for the ‘Exploit/Vulnerability’ Category
Tuesday, July 28th, 2009
Microsoft released two out of band patches today. MS09-034 resolves an issue that crept up as a zero-day threat just before Patch Tuesday a few weeks back. And apparently in trying to fix that vulnerability either 1) a light bulb went off somewhere or 2) someone showed them the light, ...
Posted in Exploit/Vulnerability, Patches | No Comments »
Thursday, May 14th, 2009
If you're running antivirus software and you see the dreaded virus detection notice, take heed and be paranoid. Many drive-by infections will throw a host of exploits at a possible victim in their attempts to optimize the ratio of "visitors" and successful infections. With malware variants, polymorphism and obfuscation, antivirus ...
Posted in Awareness, Exploit/Vulnerability | No Comments »
Monday, March 30th, 2009
Conficker, aka Downadup, is a worm that grew to prominence thanks to the vulnerability patched in MS08-067 last October. It's getting widespread popularity in the media these days and deservedly so; a large botnet is always a source of concern and I wish the media paid more attention to the ...
Posted in Awareness, Exploit/Vulnerability | No Comments »
Saturday, January 31st, 2009
I've been tracking the rash of fake A/V scamware since last fall and while most of these are probably out of commission, the list below provides a glimpse into the creative (or lack thereof) domain names that are popping up daily. I've not had a chance to cross-reference this list ...
Posted in Awareness, Exploit/Vulnerability | No Comments »
Thursday, April 10th, 2008
April is a good month to take some time to get up to date on your patching. There was a healthy dose of Black Tuesday Microsoft patches (Microsoft/SANS) and a Flash exploit that was a prize winner in a recent hacking contest was patched. There have also been recent updates ...
Posted in Exploit/Vulnerability, Patches | No Comments »
Wednesday, March 12th, 2008
Sunbelt Software has a good write-up on a recent spike in 3d screen saver spam. It's a free screen saver that comes at a price. The malware has been tracked back to a re-emerging malware gang and is a gift that keeps on giving. Looks like Sunbelt is pursuing them ...
Posted in Awareness, Exploit/Vulnerability | No Comments »
Tuesday, March 11th, 2008
The latest dose of monthly medicine from Microsoft includes 4 critical patches for Microsoft Office. You can get the Microsoft details or the SANS Internet Storm Center Handler's Diary always provides a simplified view highlighting the most serious of the patches with their own ratings. Of this month's releases, MS08-14 ...
Posted in Exploit/Vulnerability, Patches | No Comments »
Thursday, March 6th, 2008
The Register, among others, reported the release of a tool that allows easy access to a locked workstation. The caveat is that it requires physical access to the Windows computer and is executed by connecting a Linux device to a Windows computer via firewire. The vulnerability has been documented since ...
Posted in Awareness, Exploit/Vulnerability | No Comments »
Wednesday, March 5th, 2008
CA has a nice writeup from last month (thanks for the tip Brian) on a jsp vulnerability recently toyed with on the PayPal site. It's a fine example of good disclosure; identifying a vulnerability, reporting it effectively, receiving prompt resolution and then documenting how it works in an informed and ...
Posted in Awareness, Exploit/Vulnerability | No Comments »
Friday, February 22nd, 2008
Cult of the Dead Cow (cDc, famous for the backdoor suite Back Orifice) enter the news again bringing attention this time to using Google as a tool for reconnaissance and assessment with the release of Gulag. While this hacking technique isn't new - Google Hacking has been well documented by ...
Posted in Awareness, Exploit/Vulnerability | No Comments »
