June 2012 -

Archives - June 2012

Win32/Gataka: a banking Trojan ready to take off?

We have been following the development of the Win32/Gataka banking Trojan for several months and can now share some details of its operation which includes facilitating fraudulent bank transfers. This first post will highlight some of its key features, while the second will detail several interesting, more technical aspects of this malware. This banking Trojan

How much will your driverless car know about you (and who will it tell)?

Following the flurry of press coverage surrounding the proposed next generation of driverless cars, privacy groups are asking questions about what will happen to the data the cars (necessarily) collect, which – in the wrong hands – might prove tempting for abuse. Other car manufacturers plan on rolling out real-time data streams of information about

ACAD/Medre.A Technical Analysis

For the story behind the suspected industrial espionage, where ACAD/Medre.A was used, refer to Righard Zwienenberg's blog post. For technical details from analysing the worm's source code, read on. ACAD/Medre.A is a worm written in AutoLISP, a dialect of the LISP programming language used in AutoCAD. Whilst we classify it as a worm, due to

CVE2012-1889: MSXML use-after-free vulnerability

As soon as Microsoft had released patches for security bulletin MS12-037 (which patched 13 vulnerabilities for Internet Explorer) Google published information (Microsoft XML vulnerability under active exploitation) about a new zero-day vulnerability (CVE-2012-1889) in Microsoft XML Core Services. Sometimes vulnerabilities are discovered at a rate that outpaces the patching process and so a temporary fix

Close call with a Caribbean cruise line scam

In the middle of working on a blog post about SMS phishing scams at my desk last night, I received a rather strange call.  The number displayed on the Caller ID was +1 (360) 474-3925.  I did not recognize the number, but since it was 7:10PM, I assumed it was a colleague trying to reach

Your Facebook account will be terminated – again

If the scary email or app notification–and subsequent webpage–is to be believed, you have only a few days to verify your Facebook account or you’ll be out of luck. But don’t worry, a few days later you will magically get a few more days to verify, and so the scam goes. A Twitter follower with

Guarding against password reset attacks with pen and paper

With the recent announcements of password breaches at LinkedIn, and warnings from Google about state-sponsored attacks on Gmail accounts, it seems like a good idea now to review some password security basics.  In this blog post, we’re going to take a look at a rather low-tech solution to a decidedly high-tech problem:  How to guard

LinkedIn security woes – and what to do about it

This morning when I logged into LinkedIn I was greeted with several front page references to the reported hacking of the site, and instructions for changing my password, which I did immediately. This is a good time to change all of your social media passwords, making sure you create a fresh password that is hard

You've Got (Nation State Hacked) Mail

We read in the New York Times that Google is rolling out a service that will attempt to alert users when it thinks their accounts might be subject to hacking by a government, hoping the user will take precautions after getting a notice that says “Warning: We believe state-sponsored attackers may be attempting to compromise