As expected, Microsoft has released a critical out-of-band patch for the LNK shortcut file vulnerability which received attention last month. As a critical patch, this update will be delivered through Windows’ Automatic Update service, as well as being directly available for download from Microsoft’s site without a Windows Genuine Advantage check. A reboot is required for the

UK journalist Kevin Townsend has blogged today on what sounds like two support scam phone-calls of a type I’ve mentioned here a few times since a colleague at another company drew my attention to it last month.

We realize there have been a lot of articles in the blog now about the Win32/Stuxnet malware and its new vector for spreading, but when vulnerabilities emerge that can be widely exploited, it is important to share information so that people can protect themselves from the threat. Detection for Win32/Stuxnet and the shortcut (LNK) files

Kim Zetter’s article for Wired tells us that “SCADA System’s Hard-Coded Password Circulated Online for Years” – see the article at http://www.wired.com/threatlevel/2010/07/siemens-scada/#ixzz0uFbTTpM0 for a classic description of how a password can have little or no value as a security measure. Zetter quotes Lenny Zeltser of SANS as saying that ““…anti-virus tools’ ability to detect generic versions of

On July 17th, ESET identified a new malicious file related to the Win32/Stuxnet worm. This new driver is a significant discovery because the file was signed with a certificate from a company called "JMicron Technology Corp".  This is different from the previous drivers which were signed with the certificate from Realtek Semiconductor Corp.  It is

…But that doesn’t mean that this particular attack is going to vanish any time soon, AV detection notwithstanding. Now that particular vulnerability is known, it’s certainly going to be exploited by other parties, at least until Microsoft produce an effective fix for it, and it will affect some end users long after that…

In May it was reported that IBM handed out some USB drives that were infected. A month later I spoke at a security conference that I will not name. I gave the AV (audio/visual) technician a USB key with my presentation on it to copy to the laptop they were using for the presentations. About

The individual concerned had received a phone call from someone claiming to be from Microsoft, and informing him that notification had been received concerning a virus infection on his PC, and offering to help him to install antivirus software. When asked what antivirus software was being offered, the caller claimed that it was ESET’s.

Microsoft Hotmail has a new feature: Out of Band Authentication via cell phone SMS Text. They call it ‘single-use codes’: Single-use codes This new security feature is designed to further protect you when you sign in from a public computer, such as those found in internet cafés, airports, and coffee shops. When you request a

I find it hard to not be shocked at a headline like this… Then I remembered the recent top cybercrime city survey conducted by one of our competing software vendors which had Boston ranked the SECOND HIGHEST risk city in the entire United States. I’m also not one to simply lie down and let cybercriminals