As soon as Microsoft had released patches for security bulletin MS12-037 (which patched 13 vulnerabilities for Internet Explorer) Google published information (Microsoft XML vulnerability under active exploitation) about a new zero-day vulnerability (CVE-2012-1889) in Microsoft XML Core Services. Sometimes vulnerabilities are discovered at a rate that outpaces the patching process and so a temporary fix

The Blackhole exploit kit has been updated to version 1.2.3 and includes a new exploit for the Java CVE-2012-0507 vulnerability, which ESET calls Java/ Exploit.CVE-2012-0507

If you're interested in the "APT: Real Threat or Just Hype" keynote session I took part in during the recent Infosecurity Virtual Conference, you can now hear and see the presentations and Q&A  (and the other panel sessions from the conference). Register here. Here are the details for that keynote session, chaired by Steve Gold,

David Harley is taking part in the keynote session (11.00-12.00 EST) on “APT: Real Threat or Just Hype” at US Infosecurity’s Virtual Conference on November 8th.

In fact, the real interest of the document lies in the extensive overview (12 closely-typed pages without graphics and such) of the DHS view of its own cybersecurity mission.

You don't need more advice from me on avoiding phishing following the Epsilon fiasco: Randy, among others has posted plenty of sound advice, and I put some links to relevant articles here, though I don't know of anyone who's published a list of the whole 2,500 or so companies that are apparently Epsilon's customers, though comment threads

… albeit more slowly than previously. Added to the resources page at http://blog.eset.com/2011/01/23/stuxnet-information-and-resources-3 today: A nice article by Mark Russinovich on Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1. Though I don't think Stuxnet is universally acknowledged as the most sophisticated malware ever. See, for instance, http://gcn.com/articles/2011/01/18/black-hat-stuxnet-not-superworm.aspx. (Hat tip to Security Garden for the pointer.)

On July 17th, ESET identified a new malicious file related to the Win32/Stuxnet worm. This new driver is a significant discovery because the file was signed with a certificate from a company called "JMicron Technology Corp".  This is different from the previous drivers which were signed with the certificate from Realtek Semiconductor Corp.  It is

R.I.P. IE6 Targeted and sophisticated attacks against Google, Adobe, and Juniper used an unpatched vulnerability in Internet Explorer to breach computers. These incidents are receiving a lot of attention from the media much due to the size and notability of the companies affected. France, Germany and now Australia have issued guidelines and urged users to

Microsoft’s advisory on the SMB driver issue is now available. As expected, it includes some comments on mitigation, but they’re rather fluffy. It advocates "Firewall best practices and standard default firewall configurations", which "can help protect networks from attacks that originate outside the enterprise perimeter,"  and suggests exposing a "minimal number of ports". Well, duh… I’d expect any firewall