Researchers have demonstrated an attack that completely bypasses the protections offered by EMET – a Microsoft toolkit used to provide safeguards against zero-day attacks, according to Ars Technica.
The year 2013 was notable for the appearance of 0-day vulnerabilities that were primarily used in targeted attacks. In this case, criminal hackers worked on developing exploits, only not for random propagation of malicious code, but rather for use in attacks on specific users.
An exploit for a vulnerability which affects all versions of Microsoft’s Internet Explorer has been released as a module for the popular penetration testing tool Metasploit – sparking fears of a new wave of attacks.
A Java vulnerability seemingly discovered by a French researcher has been confirmed by the US Government.
Even visiting security-oriented websites can sometimes be risky. If you’ve visited the security blog zerosecurity.org this month and you’re also a user of ESET’s security products, you might have encountered an anti-virus alert such as this one: The detection names may vary. Different variants of the following “generic families” were detected on the compromised websites on
Todos los años el laboratorio independiente, Virus Bulletin, celebra el evento más importante del año para la comunidad de investigadores de la industria antivirus, la Virus Bulletin Conference. En esta conferencia participan los principales investigadores de los laboratorios antivirus, entre ellos ESET, presentando las principales tendencias en lo que respecta al mundo del malware y
My latest blog for SC Magazine's Cybercrime Corner looked at the recent APT (Advanced Persistent Threat) attack on RSA, in the light of Uri Rivner's blog on the implementation of the attack. Unfortunately, the exact nature of the target and damage remains somewhat obscure, so while I certainly consider Rivner's blog worth reading, I also found myself
Picture from https://secure.wikimedia.org/wikipedia/en/wiki/File:Casino_slots.jpg This is a really bizarre computer crimes case. A man knows of a bug in a gambling machine at casinos. He goes into the casinos, uses the machines with complete authorization, at least in some cases, if not all, asks casino staff to modify the machines and they willingly do so. The
El pasado lunes el centro de Microsoft Malware Protection, publicó en su blog un informe estadístico relacionado a la explotación de vulnerabilidades y las plataformas. En el mismo, se destaca el aumento de ataques hacia Java, superando así notablemente a Adobe, que en estos últimos tiempo ha sido blanco habitual de ataques . En el
As expected, Microsoft has released a critical out-of-band patch for the LNK shortcut file vulnerability which received attention last month. As a critical patch, this update will be delivered through Windows’ Automatic Update service, as well as being directly available for download from Microsoft’s site without a Windows Genuine Advantage check. A reboot is required for the
Pierre-Marc and I reported a few days ago that we were seeing both new malware and older families starting to incorporate the same .LNK exploit used by Win32/Stuxnet. We also predicted that “…more malware operators will start using this exploit code in order to infect host systems and increase their revenues.” Well, that was a pretty safe bet.
We realize there have been a lot of articles in the blog now about the Win32/Stuxnet malware and its new vector for spreading, but when vulnerabilities emerge that can be widely exploited, it is important to share information so that people can protect themselves from the threat. Detection for Win32/Stuxnet and the shortcut (LNK) files
As I mentioned in a previous blog, Wired Magazine reported it would take a Nation State to pull off a takedown of the electric grid. Actually, Mother Nature, back hoes, and potentially a worm have had major impacts in the past, but the recent use of the LNK file vulnerability shows it doesn’t take the
On July 17th, ESET identified a new malicious file related to the Win32/Stuxnet worm. This new driver is a significant discovery because the file was signed with a certificate from a company called "JMicron Technology Corp". This is different from the previous drivers which were signed with the certificate from Realtek Semiconductor Corp. It is
The hot news http://blog.eset.com/2010/07/17/windows-shellshocked-or-why-win32stuxnet-sux is of a zero-day vulnerability that has been used to attack SCADA systems. This comes hot on the heels of an article on the Wired web site titled “Hacking the Electric Grid – You and What Army” http://www.wired.com/dangerroom/2010/07/hacking-the-electric-grid-you-and-what-army/. So clearly Wired had already predicted the origins, at least vaguely, of Win32/Stuxnet.
[Update: it appears that the information I had earlier was incorrect or out-of-date, and there has been loss of life. There's also a report from TechHerald suggesting early exploitation of the incident for SEO poisoning leading to fake AV. However, a quick scan currently (Monday evening) shows news items from such known malefactors as the
La tasa de propagación e infección de códigos maliciosos continúa creciendo y los atacantes cuentas con cada vez más alternativas para robar información sensible y privada tanto de usuarios como de organizaciones. Por tal motivo, es necesario conocer cuáles son las amenazas que se encuentran activas (In-the-Wild). A continuación exponemos los temas más relevantes en
Unfortunately, I'm not able to attend the CanSecWest 2010 conference in Vancouver this week, though I think Pierre-Marc will be there. I would have been more than a little interested in Charlie Miller's presentation on fuzzing Mac applications: that is, “…a method for discovering faults in software by providing unexpected input and monitoring for exceptions.”
En más de una oportunidad hemos explicado la importancia de implementar las actualizaciones de seguridad, tanto las del sistema operativo como las de las aplicaciones instaladas en este, ya sea en ambientes hogareños o corporativos. En el segundo caso el tema es crítico debido a la envergadura de las posibles perdidas económicas que una empresa
There has been quite a lot of traffic in the last few weeks about the doc.media.newPlayer vulnerability referenced in the CVE database as CVE-2009-4324. The following Adobe articles refer: http://www.adobe.com/support/security/advisories/apsa09-07.html http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html http://blogs.adobe.com/psirt/2009/12/security_advisory_apsa09-07_up.html Today's article at the Internet Storm Center by Bojan Zdrnja (http://isc.sans.org/diary.html?storyid=7867) gives a lot of detail on a particularly inventive exploit of the