It’s one thing to have a security hole that relies upon users visiting an infected website, or opening a dodgy attachment – but it’s quite a different level of threat when simply *previewing* a message in your email client infects your computer.
If computers continue to run Windows XP, and don’t receive any more security patches. they are not just putting themselves and the data they carry at risk, they are endangering all of us who use the internet.
Microsoft will cease providing security updates for the Windows XP operating system on April 8, 2014. If you cannot get away from Windows XP yet, there are still a few things you can do to keep yourself safe.
Researchers have demonstrated an attack that completely bypasses the protections offered by EMET – a Microsoft toolkit used to provide safeguards against zero-day attacks, according to Ars Technica.
Banks around the world face a looming deadline to upgrade their ATMS – 95% of machines worldwide run Windows XP, which Microsoft will cease to support on April 8. Just 15% of America’s ATMs are expected to upgrade by that point.
[UPDATE #1: (21 Dec 2012, 5:30PM) ESET Researcher Cameron Camp has just published the second part of this series on securing your Android device. Read it here on the ESET Threat Blog at Securing Your Holiday Tech Gifts, Part 2: Android Guide. AG] December is upon us, and whether you have a Christmas tree, menorah,
Una de las cosas que tratamos de hacer especial hincapié es la importancia de mantener actualizados a todo momento tanto el sistema operativo que maneje, ya sea Windows, GNU Linux o Mac, así como también los programas que posean. Esto es porque muchas veces son descubiertas nuevas vulnerabilidades que son aprovechadas por los creadores de
Todos los años el laboratorio independiente, Virus Bulletin, celebra el evento más importante del año para la comunidad de investigadores de la industria antivirus, la Virus Bulletin Conference. En esta conferencia participan los principales investigadores de los laboratorios antivirus, entre ellos ESET, presentando las principales tendencias en lo que respecta al mundo del malware y
Aryeh Goretsky posted a blog about a trojan program in a Microsoft catalog update. I thought it might be a little interesting to know how this can happen and why it doesn’t happen more often. As it turns out, it was once my job to make sure that Microsoft did not release infected software. Initially
Las vulnerabilidades en los sistemas operativos son unos de los principales vectores de ataques utilizados por los creadores de códigos maliciosos. En este caso les presentamos una vulnerabilidad critica en varios de los sistemas operativos de Microsoft. El pasado martes 4 de enero, Microsoft comunico a los usuarios de su sistema operativo la existencia de
Our interim analysis of a version of the malware we detect as Java/Boonana.A or Win32/Boonana.A (depending on the particular component of this multi-binary attack) differs in some characteristics from other reports we've seen. The most dramatic difference is in the social engineering hook used in messages sent to an infected user's friends list. Other reports
Will I no longer be able to blog from my Netbook, or my antique iBook or Lifebook? Will I have to tear up my addressbook and insert appropriate spaces into the title page of the Handbook of Computer Security, to which I was a contributor? If I don’t do all these things, will Facebook go after my chequebook?
Adobe has just released an update for 20 vulnerabilities in Shockwave Player, most of which could allow an attacker to execute malicious code. The bulletin APSB10-20 – Security update available for Shockwave Player – refers. According to Jeremy Kirk's Macworld report and the Adobe advisory, the vulnerabilities affect both Windows and OS X versions up to
As expected, Microsoft has released a critical out-of-band patch for the LNK shortcut file vulnerability which received attention last month. As a critical patch, this update will be delivered through Windows’ Automatic Update service, as well as being directly available for download from Microsoft’s site without a Windows Genuine Advantage check. A reboot is required for the
We realize there have been a lot of articles in the blog now about the Win32/Stuxnet malware and its new vector for spreading, but when vulnerabilities emerge that can be widely exploited, it is important to share information so that people can protect themselves from the threat. Detection for Win32/Stuxnet and the shortcut (LNK) files
On July 17th, ESET identified a new malicious file related to the Win32/Stuxnet worm. This new driver is a significant discovery because the file was signed with a certificate from a company called "JMicron Technology Corp". This is different from the previous drivers which were signed with the certificate from Realtek Semiconductor Corp. It is
The hot news http://blog.eset.com/2010/07/17/windows-shellshocked-or-why-win32stuxnet-sux is of a zero-day vulnerability that has been used to attack SCADA systems. This comes hot on the heels of an article on the Wired web site titled “Hacking the Electric Grid – You and What Army” http://www.wired.com/dangerroom/2010/07/hacking-the-electric-grid-you-and-what-army/. So clearly Wired had already predicted the origins, at least vaguely, of Win32/Stuxnet.