Microsoft Updates June 2014 – Almost 60 IE and GDI+/TrueType RCE
Microsoft fixes a smaller set of software product code this month for “Critical” vulnerabilities, and a handful for “Important” fixes with MS014-030 through MS014-036. But whoa, almost 60 remote code execution flaws exist in the six versions of Internet Explorer and the Microsoft components that render fonts on your system! Not only is that a […] more…Phishing Tale: An Analysis of an Email Phishing Scam
Phishing scams are always bad news, and in light of the Google Drive scam that made the rounds again last week, we thought we’d tell the story of some spam that was delivered into my own inbox because even security researchers, with well though-out email block rules, still get SPAM in our inboxes from time […] more…VirusTotal Uploader for OS X
VirusTotal Uploader is a popular utility in the tool-set of many malware fighters, it eases the task of submitting files to VirusTotal using Windows operating systems by just performing a right click on any file and selecting the pertinent option from the context menu. Over the years the Windows Uploader evolved, being able to also quickly […] more…Virtual Desktop Must-haves: Cost-effectiveness, Scalability and Security
Employees today expect to take their work anywhere and on any device. This BYOD mindset poses a dilemma for organizations that want to create a flexible workplace while ensuring security, control, and lower costs read more more…VirusTotal += Tencent URL scanner
Just recently my colleague Julio announced the introduction of Tencent as a new antivirus solution in VirusTotal’s file scanner. Today we are excited to announce that Tencent has broadened its collaboration and is also sharing its malicious URL dataset in order to enhance our URL scanner. This is a great addition as it will surely […] more…When Networks Turn Hostile
We’ve previously discussed how difficult it is to safely connect to networks when on the go. This is particularly true on vacations and holidays, where the availability of Internet access is one of the most important factors when looking for a place to stay. In fact, many holiday lodges and hotels today have made Wi-Fi access an […] more…Case Study: Analyzing the Origins of a DDoS Attack
Recently a client was experiencing a massive layer 7 DDOS attack, generating tens of thousands of random HTTP requests per second to the server. The architecture of the website included a cluster of three web servers responsible for handling all incoming traffic, which did little to alleviate the pressures brought about the attack. An interesting […] more…How to use Exploits From Exploit-Database
Q. what is an exploit ? a. An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). Such behavior frequently includes […] more…BOOK GIVEAWAY: Penetration Testing: A Hands-On Introduction to Hacking
Five will win. Enter the drawing today! read more more…The Russian Underground, Revisited
The Russian Underground has been around (in an organized manner) since 2004, and has been used both as a marketplace and an information exchange platform. Some well-known centers of the Russian underground include zloy.org, DaMaGeLab, and XaKePoK.NeT. Initially, these forums were used primarily to exchange information, but their roles as marketplaces have become more prominent. Many parts of the […] more…Newly Patched MS Word 0-Day Heuristically Detected by Deep Discovery
In between the end of support for Windows XP and the Heartbleed OpenSLL vulnerability, one good bit of news may not have been noticed: the Microsoft Word zero-day vulnerability (CVE-2014-1761) reported in late March was fixed. We have since looked into this attack and found that the exploit was created by an attacker with some skill, resulting in […] more…2013 Cyber Risk Report
The “Cyber risk report 2013 Executive summary” presents the major findings of HP Security Research’s comprehensive dive into today’s cyber vulnerability and threat landscape. read more more…End of the line for Windows XP
Support for Windows XP is ending: after today there will be no new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates. Is this a problem? After all, it’s a 12-year old operating system. It wouldn’t be, if it weren’t for the fact that there are still a lot […] more…Who’s Spying on You?
You’re aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against businesses by copying sophisticated malware and techniques used to target governments read more more…Looking Into The Cybercrime Underground
A key part of our cybercrime research focuses on the communities that cybercriminals form. These are used in much the same way that communities of other shared “interests” are – to socialize, to get together, and to buy and sell various items of interest. For security researchers, the activities of these underground communities – and […] more…HP unveils creepy app that stalks people as they shop
Hewlett Packard has unveiled a new mobile app that retailers can use to stalk people as they shop in order to send them targeted adverts and promotions. The iOS app, dubbed SmartShopper and unveiled at the Interop conference in Las Vegas today, has the ability to send location-based smartphone offers to customer’s iPhones in real […] more…More information
- Hadoop Buyer’s Guide
- #Fail to the chief: When tech trips up presidential candidates
- Opera rolls out AI-infused browser
- The analytics black hole for detecting internal security threats
- Looking for a Way to Fix Google Pixel Audio Issues? Install Latest Security Patch
- RSA finds phishing cost $687m in six months
- Unpatched Flaws Plague Sierra Wireless Industrial Gateways
- Central Person Registry (CPR) Infrastructure Security Patching
- WikiLeaks, Demonoid, and security site felled by crude (but potent) attacks
- ‘Dronejacking’ May be the Next Big Cyber Threat