tag
Vulnerability

Could new malware steal data from INSIDE your SD card? Researchers claim even solid-state PC drives could be at risk

Two researchers have demonstrated an attack that could alter and steal data direct from MicroSD cards, using tiny microcontrollers on the cards themselves. The attack could be used to copy or steal data – and even modify sensitive data such as encryption keys.

Grim warning for bounty hunters – Yahoo pays out paltry $12.50 per vulnerability

Finding vulnerabilities can be a profitable business – even if you work for the right side of the law. Last month, Facebook paid out $12,500 to a researcher for finding a bug – this month, Yahoo! paid out … $12.50.

“Bug bounties” are cheap way to keep companies secure, Berkeley study finds

“Bug bounties” paid out for finding and reporting bugs and vulnerabilities are a cheap and effective way for companies to bolster their security, an independent study by UC Berkeley researchers has found.

U.S. and China plan to “work together” on cybersecurity

China and the U.S. have agreed to work together on cyber security, with the two countries setting up a working group to deal with the issue, U.S Secretary of State John Kerry said on Saturday in Beijing.

Call for new cyber laws after major U.S. banks knocked offline for 249 hours in six weeks

Representative Mike Rogers, Chairman of the Permanent Select Committee on Intelligence, said that Congress needs to act quickly, in an interview with NBC this week. The websites of major U.S. banks have been offline for 249 hours in the past six weeks, due to a series of sustained cyber attacks by an unknown foreign group.

Adobe and Microsoft release critical patches for March

Adobe and Microsoft have both released patches this week to address vulnerabilities in respective software applications and advise all users to apply the patches as soon as possible, if applicable to them.

The Dynamic Duo for Securing your Android: Common Sense and Security Software

On Thursday, September 12, Duo Security, a young-but-respected vendor of two-factor authentication devices, announced the preliminary results of a study of over 20,000 Android devices from a two month old study they performed. Based on the results, they calculated that over half of Android devices on the market have security vulnerabilities that are, as yet,

Instagram vulnerability can allow strangers access to your photos and more

Are you one of the 50 million users of Instagram, the photo-sharing service bought by Facebook in April for $1 billion? If so you need to look out for an Instagram update to fix a vulnerability that has just been published by Spanish security researcher Sebastián Guerrero. This vulnerability, which Guerrero has dubbed the "Friendship

Vulnerable WordPress Leads to Security Blog Infection

Even visiting security-oriented websites can sometimes be risky. If you’ve visited the security blog zerosecurity.org this month and you’re also a user of ESET’s security products, you might have encountered an anti-virus alert such as this one: The detection names may vary. Different variants of the following “generic families” were detected on the compromised websites on

Much Ado About Facebook, Part II

Since yesterday’s Much Ado About Facebook post in the ESET Threat Blog, we have written additional articles, received a few comments, and also received updated information on the “threat,” so it seems that now is a good time for a follow-up article.  Reports continue to come in of pornographic and violent imagery on Facebook, and

Where there’s smoke, there’s FireWire

Forensic software developer PassWare announced a new version of its eponymous software forensics kit on Tuesday. Already several news sources are writing about how the program can automatically obtain the login password from a locked or sleeping Mac simply by plugging in a USB flash drive containing their software and connecting it to another computer

Spearphishing APT-itude Test

My latest blog for SC Magazine's Cybercrime Corner looked at the recent APT (Advanced Persistent Threat) attack on RSA, in the light of Uri Rivner's blog on the implementation of the attack.  Unfortunately, the exact nature of the target and damage remains somewhat obscure, so while I certainly consider Rivner's blog worth reading, I also found myself

Stuxnet Resources Update

Added to the resources blog at http://blog.eset.com/2011/01/03/stuxnet-information-and-resources: Report of a Stuxnet-unrelated vulnerability in SCADA software A speculative cyberwar link Some links on Iranian post-Stuxnet "cybermilitia" recruitment. http://www.itworld.com/security/133469/iran-responds-stuxnet-expanding-cyberwar-militia http://blogs.forbes.com/jeffreycarr/2011/01/12/irans-paramilitary-militia-is-recruiting-hackers/?boxes=financechannelforbes David Harley CITP FBCS CISSP

Your Fantasy, A Criminal’s Dream

Fantasy sporting leagues have become very popular. A good friend of mine is into fantasy car racing teams. Other friends are into fantasy soccer (football elsewhere in the world). In the US a lot of people are into the fantasy NFL (National Football League –not soccer). Recently a researcher, Gary Rios, joined an ESPN sponsored

MouseOver, Game Over

In some computer programming languages there is an event called “mouseover”. This command is used to determine what happens when a user put the mouse over a specific object. When you put the mouse over a hyperlink and see where that link will take you, that is a “mouseover” command at work. When you place

Run! It’s the Fuzz!

Unfortunately, I'm not able to attend the CanSecWest 2010 conference in Vancouver this week, though I think Pierre-Marc will be there. I would have been more than a little interested in Charlie Miller's presentation on fuzzing Mac applications: that is, “…a method for discovering faults in software by providing unexpected input and monitoring for exceptions.” 

Operation Cyber ShockWave

While serving in the Marine Corps, one activity that I felt was effective in preparing both myself and my unit to be able to handle real-world scenarios, was getting as much experience as possible from military training exercises. In most cases multiple branches worked together or, as in the case with NATO exercises, multiple countries

Old MacDonald Bought the Farm IE IE 0-day

There is a vulnerability in Internet Explorer that Microsoft will patch tomorrow. Normally Microsoft releases patches on the second Tuesday of each month, but in the case Microsoft is making the patch available much sooner. The most probable reason for the “out of band” patch is that this vulnerability received a ton of attention as

Adobe, Javascript, and the CVE-2009-4324 Exploit

There has been quite a lot of traffic in the last few weeks about the doc.media.newPlayer vulnerability referenced in the CVE database as CVE-2009-4324. The following Adobe articles refer: http://www.adobe.com/support/security/advisories/apsa09-07.html http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html http://blogs.adobe.com/psirt/2009/12/security_advisory_apsa09-07_up.html Today's article at the Internet Storm Center by Bojan Zdrnja (http://isc.sans.org/diary.html?storyid=7867) gives a lot of detail on a particularly inventive exploit of the

September’s Global Threat Report

ESET released its Global Threat Report for the month of September, 2009, identifying the top ten threats seen during the month by ESET's ThreatSense.Net™ cloud.  You can view the report here and, as always, the complete collection is available here in the Threat Trends section of our web site.  While the report identifies a number

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2015 ESET, All Rights Reserved.