As soon as Microsoft had released patches for security bulletin MS12-037 (which patched 13 vulnerabilities for Internet Explorer) Google published information (Microsoft XML vulnerability under active exploitation) about a new zero-day vulnerability (CVE-2012-1889) in Microsoft XML Core Services. Sometimes vulnerabilities are discovered at a rate that outpaces the patching process and so a temporary fix
Aleksandr Matrosov and Eugene Rodionov presented their research into â€œSmartcard vulnerabilities in modern banking malwareâ€ at PHDays’2012.
We have just completed fresh analysis of the malicious software known as Win32/Festi. While the "Festi" botnet created with this malware has been in business since the autumn of 2009 we can see that the software is frequently updated, as described in our analysis, and these updates mean Festi continues to be a potent threat
Aleksandr Matrosov notes a new exploit kit approach to hiding redirects using implicit iFrame injection. (NB Nuclear Pack, not Blackhole.)