Scarcely had we got our breath back mainly after Microsoft addressed a serious vulnerability in handling .LNK (shortcut) files, before researcher HD Moore made public a serious security failure in the dynamic loading of libraries in Windows that came to light when he was investigating the .LNK issue.
Adobe has just released an update for 20 vulnerabilities in Shockwave Player, most of which could allow an attacker to execute malicious code. The bulletin APSB10-20 – Security update available for Shockwave Player – refers. According to Jeremy Kirk's Macworld report and the Adobe advisory, the vulnerabilities affect both Windows and OS X versions up to
The problem with preventing such scams is that social engineering is very lo-tech in nature, requiring little in the way of technical resources and investment. Scammers are relying on the victims naivety, to grant them access to their computer and credit card details, so there’s very little a security company can do to prevent them,
Urban Schrott, IT Security & Cybercrime Analyst, ESET Ireland, contributed an article to ESET's July ThreatSense report about support scams. Since this is an issue that is still being under-reported, we thought it was worth reproducing, with the urbane Mr. Schrott's permission, on the blog. While we're on that topic, there's a video worth watching
The survey asked just two questions:
1.Does your organization have a formal/written social media acceptable use policy?
2.What level of access does your organization allow to each of the follwoing social media sites: Twitter, Facebook, YouTube, LinkedIn, Blogs, and Other?
…criminals are making use of the fact that Quicktime Player 7.6.6 allows movie files to trigger file downloads…the volume of reports picked up our ThreatSense.Net® telemetry suggests the likelihood of significant prevalence, though by no means an epidemic right now…
My Spanish colleague Josep Albors has also commented on recent Facebook security issues. Mistakes in translation and interpretation are, as always, mine. The world's largest social network is a nearly inexhaustible news source: not only because it has reached 500 million users, or because it's the subject of a forthcoming film. It is also making
Despite all those people who honoured May 31st 2010 as Quit Facebook Day – well, 31,000 people, maybe not an enormous dent in the 500 million users Facebook recently claimed – Facebook marches on. Clearly they're doing something right. But what? It's probably not the personal charm of founder Mark Zuckerberg, who when he's not
All this is potentially frightening and inconvenient (or worse) for a home user. And if it happens in a corporate environment, it can be very, very expensive to remedy. So while some of the public comments we see in the wake of such incidents may seem over the top, “FP rage” is certainly understandable.
Pierre-Marc and I reported a few days ago that we were seeing both new malware and older families starting to incorporate the same .LNK exploit used by Win32/Stuxnet. We also predicted that “…more malware operators will start using this exploit code in order to infect host systems and increase their revenues.” Well, that was a pretty safe bet.
Perhaps you're getting as tired of this thing as I am (though with the information still coming in, I'm not going to be finished with this issue for a good while, I suspect). But without wishing to hype, I figure it's worth adding links to some further resources. There's a very useful comment by Jake
Kim Zetter’s article for Wired tells us that “SCADA System’s Hard-Coded Password Circulated Online for Years” – see the article at http://www.wired.com/threatlevel/2010/07/siemens-scada/#ixzz0uFbTTpM0 for a classic description of how a password can have little or no value as a security measure. Zetter quotes Lenny Zeltser of SANS as saying that ““…anti-virus tools’ ability to detect generic versions of
Our colleagues in Bratislava have issued a press release which focuses on the clustering of reports from the US and Iran, and also quotes Randy Abrams, whose follow-up blog also discusses the SCADA-related malware issue at length. The Internet Storm Center has, unusually, raised its Infocon level to yellow in order to raise awareness of
…But that doesn’t mean that this particular attack is going to vanish any time soon, AV detection notwithstanding. Now that particular vulnerability is known, it’s certainly going to be exploited by other parties, at least until Microsoft produce an effective fix for it, and it will affect some end users long after that…
You may have noticed that the blog has undergone some changes. While some may think that all the extra mugshots of yours truly are a bit over the top, I hope you approve of the somewhat livelier presentation. My thanks to everyone who worked on it. David Harley CITP FBCS CISSP ESET Senior Research Fellow