tag
exploit

Attack ‘bypasses’ Microsoft’s zero-day protection tool

Researchers have demonstrated an attack that completely bypasses the protections offered by EMET – a Microsoft toolkit used to provide safeguards against zero-day attacks, according to Ars Technica.

Windows exploitation in 2013

The year 2013 was notable for the appearance of 0-day vulnerabilities that were primarily used in targeted attacks. In this case, criminal hackers worked on developing exploits, only not for random propagation of malicious code, but rather for use in attacks on specific users.

Here be dragons: Explorer “in dangerous territory” after public IE exploit release?

An exploit for a vulnerability which affects all versions of Microsoft’s Internet Explorer has been released as a module for the popular penetration testing tool Metasploit – sparking fears of a new wave of attacks.

Java vulnerability confirmed by US Department of Homeland Security

A Java vulnerability seemingly discovered by a French researcher has been confirmed by the US Government.

Vulnerable WordPress Leads to Security Blog Infection

Even visiting security-oriented websites can sometimes be risky. If you’ve visited the security blog zerosecurity.org this month and you’re also a user of ESET’s security products, you might have encountered an anti-virus alert such as this one: The detection names may vary. Different variants of the following “generic families” were detected on the compromised websites on

Top exploits 2011

Todos los años el laboratorio independiente, Virus Bulletin, celebra el evento más importante del año para la comunidad de investigadores de la industria antivirus, la Virus Bulletin Conference. En esta conferencia participan los principales investigadores de los laboratorios antivirus, entre ellos ESET, presentando las principales tendencias en lo que respecta al mundo del malware y

Spearphishing APT-itude Test

My latest blog for SC Magazine's Cybercrime Corner looked at the recent APT (Advanced Persistent Threat) attack on RSA, in the light of Uri Rivner's blog on the implementation of the attack.  Unfortunately, the exact nature of the target and damage remains somewhat obscure, so while I certainly consider Rivner's blog worth reading, I also found myself

Arrested for Cheating the Cheaters

Picture from https://secure.wikimedia.org/wikipedia/en/wiki/File:Casino_slots.jpg This is a really bizarre computer crimes case. A man knows of a bug in a gambling machine at casinos. He goes into the casinos, uses the machines with complete authorization, at least in some cases, if not all, asks casino staff to modify the machines and they willingly do so. The

Java es más explotado que Adobe

El pasado lunes el centro de Microsoft Malware Protection, publicó en su blog un informe estadístico relacionado a la explotación de vulnerabilidades y las plataformas. En el mismo, se destaca el aumento de ataques hacia Java, superando así notablemente a Adobe, que en estos últimos tiempo ha sido blanco habitual de ataques . En el

Save your work! Microsoft Releases Critical Security Patch

As expected, Microsoft has released a critical out-of-band patch for the LNK shortcut file vulnerability which received attention last month. As a critical patch, this update will be delivered through Windows’ Automatic Update service, as well as being directly available for download from Microsoft’s site without a Windows Genuine Advantage check. A reboot is required for the

More LNK exploiting malware, by Jove!*

Pierre-Marc and I reported a few days ago that we were seeing both new malware and older families starting to incorporate the same .LNK exploit used by Win32/Stuxnet. We also predicted that “…more malware operators will start using this exploit code in order to infect host systems and increase their revenues.” Well, that was a pretty safe bet.

A few facts about Win32/Stuxnet & CVE-2010-2568

We realize there have been a lot of articles in the blog now about the Win32/Stuxnet malware and its new vector for spreading, but when vulnerabilities emerge that can be widely exploited, it is important to share information so that people can protect themselves from the threat. Detection for Win32/Stuxnet and the shortcut (LNK) files

It Wasn’t an Army

As I mentioned in a previous blog, Wired Magazine reported it would take a Nation State to pull off a takedown of the electric grid. Actually, Mother Nature, back hoes, and potentially a worm have had major impacts in the past, but the recent use of the LNK file vulnerability shows it doesn’t take the

Win32/Stuxnet Signed Binaries

On July 17th, ESET identified a new malicious file related to the Win32/Stuxnet worm. This new driver is a significant discovery because the file was signed with a certificate from a company called "JMicron Technology Corp".  This is different from the previous drivers which were signed with the certificate from Realtek Semiconductor Corp.  It is

Which Army Attacked the Power Grids?

The hot news http://blog.eset.com/2010/07/17/windows-shellshocked-or-why-win32stuxnet-sux is of a zero-day vulnerability that has been used to attack SCADA systems. This comes hot on the heels of an article on the Wired web site titled “Hacking the Electric Grid – You and What Army” http://www.wired.com/dangerroom/2010/07/hacking-the-electric-grid-you-and-what-army/. So clearly Wired had already predicted the origins, at least vaguely, of Win32/Stuxnet.

iPad jailbreaking meets Dr. Who and Inspector Gadget

[Update: it appears that the information I had earlier was incorrect or out-of-date, and there has been loss of life. There's also a report from TechHerald suggesting early exploitation of the incident for SEO poisoning leading to fake AV. However, a quick scan currently (Monday evening) shows news items from such known malefactors as the

Reporte de amenazas de Marzo

La tasa de propagación e infección de códigos maliciosos continúa creciendo y los atacantes cuentas con cada vez más alternativas para robar información sensible y privada tanto de usuarios como de organizaciones. Por tal motivo, es necesario conocer cuáles son las amenazas que se encuentran activas (In-the-Wild). A continuación exponemos los temas más relevantes en

Run! It’s the Fuzz!

Unfortunately, I'm not able to attend the CanSecWest 2010 conference in Vancouver this week, though I think Pierre-Marc will be there. I would have been more than a little interested in Charlie Miller's presentation on fuzzing Mac applications: that is, “…a method for discovering faults in software by providing unexpected input and monitoring for exceptions.” 

Masiva campaña de infección a través de archivos PDF

En más de una oportunidad hemos explicado la importancia de implementar las actualizaciones de seguridad, tanto las del sistema operativo como las de las aplicaciones instaladas en este, ya sea en ambientes hogareños o corporativos. En el segundo caso el tema es crítico debido a la envergadura de las posibles perdidas económicas que una empresa

Adobe, Javascript, and the CVE-2009-4324 Exploit

There has been quite a lot of traffic in the last few weeks about the doc.media.newPlayer vulnerability referenced in the CVE database as CVE-2009-4324. The following Adobe articles refer: http://www.adobe.com/support/security/advisories/apsa09-07.html http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html http://blogs.adobe.com/psirt/2009/12/security_advisory_apsa09-07_up.html Today's article at the Internet Storm Center by Bojan Zdrnja (http://isc.sans.org/diary.html?storyid=7867) gives a lot of detail on a particularly inventive exploit of the

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

6 articles related to:
Hot Topic
25 Feb 2014
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.