Last Friday, Tavis Ormandy published details about a vulnerability in the Java Deployment Toolkit. The vulnerability allows an attacker to download and execute arbitrary Java code on a vulnerable system. We released generic detection for attacks against this vulnerability, the exploitation code being detected as "JS/Exploit.JavaDepKit.A trojan". Since yesterday, we are starting to see this vulnerability

Mario Vuksan, Tomislav Pericin and Brian Karney have been talking…about vulnerabilities they’ve found in various compression formats … as well as their potential for steganographical use or misuse…. Perhaps the main problems here will not be technical vulnerabilitiese but careless users and social engineering attacks.

Technically it’s not SMS Phishing… but it’s close: Cybercriminals use the information requested on the web page to clone the smartphone for various uses, including stealing long-distance service from the subscriber or simply using a deniable, disposable smartphone for other criminal activities. In effect, the cybercriminals used phishing techniques to clone smartphones. The strength of

Since our April ESET news has already been dominated by Facebook and Koobface an updated Facebook best practices wrapup seemed in order. Facebook Newbie? Read This First While most of us involved with this blog are old hands at implementing security, sometimes it’s hard for others to process the do’s and don’ts. Michelle Green contributed

There has been a recent news story about researchers at Princetown University who are working on a new form of steganography that could allow information to be leaked out of an organization on compact disks (CDs) without being detected. Steganography takes one piece of information and hides it within another. Computer files (images, sounds recordings,

Clearly, anything which is posted online should be assumed to be eternal, written in stone tablets, and admissible for all time. For the early adopter (Internet, blogger, Friendster, etc.) this also operates as a reminder of the ever-powerful TOS change: just because the terms of service (TOS) say that your content is private now never

I've noticed a number of tests recently that seem to be intended to prove that free antivirus is as good as commercial AV. As it happens, I'm not against free AV in principle, as long as people are entitled to use it – commercial use of free AV is usually not permitted. And I'm overjoyed when

The front page of USA Today has a headline titled “Health coverage scams spread”. A common theme is that a company offers health insurance for a price that is much lower than what major, well known insurance companies charge. It’s the old “if it looks too good to be true…” scam all over again. In

According to FBI Cyber Division Director Chabinsky’s keynote speech last week the supporting elements of a somewhat clannish and tribal entity such as a cybercrime organization are also specialized and diverse in the 21st century:

After posting the article regarding this new legislature I continued my research into the objections which have been raised by many cyber activists. Some of the concern is about ‘Net Neutrality’ and the potential for abuse of power. Let’s look first at the issue of content-neutral or client-neutral packet routing. Net Neutrality – A Deeper