Criminals are very interested in retailers’ Point of Sale (PoS) machines. Recently, a new type of malware has been found that specifically tries to break into PoS machines, called Win32/BrutPOS.A.
[Part 3 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.] Do You Need Administrative Privileges? Included for completists, though I don't think I've added anything here to the original blog. I think it's
There has been quite a lot of traffic in the last few weeks about the doc.media.newPlayer vulnerability referenced in the CVE database as CVE-2009-4324. The following Adobe articles refer: http://www.adobe.com/support/security/advisories/apsa09-07.html http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html http://blogs.adobe.com/psirt/2009/12/security_advisory_apsa09-07_up.html Today's article at the Internet Storm Center by Bojan Zdrnja (http://isc.sans.org/diary.html?storyid=7867) gives a lot of detail on a particularly inventive exploit of the
Well, Adobe are still not speaking to me: I’ve had no information about updates to address the recent Acrobat vulnerability/exploits to either of the addresses I subscribed to its Security Notification Service. (See PPPS below.) However, something positive is happening out there in the old clay homestead: updates have arrived for a machine on which
Further to our blog last week on targeted attacks exploiting a vulnerability found in a number of Excel versions including Mac versions, viewers, and the Open XML File Format Converter for Mac. While we already have a specific detection for the threat we call X97M/TrojanDropper.Agent.NAI, we also have generic detection for the exploit, flagged as X97M/Exploit.CVE-2009-0238.Gen. This detection
Log on to your computer with an account that doesn’t have “Administrator” privileges, to reduce the likelihood and severity of damage from self-installing malware. Multi-user operating systems (and nowadays, few operating systems assume that a machine will be used by a single user at a single level of privilege) allow you to create an account