Microsoft rushed out an emergency security fix for Internet Explorer, to fix a flaw which hackers had already exploited - affecting IE versions 6 to 11 on several versions of Windows.
Search results for: "zero trust"
we provide more detail on the most exploited applications and advise a few steps users can (and should) take to further strengthen their defenses.
Security researchers from Autodesk, along with Microsoft, announced new features in AutoCAD to prevent malware in a presentation at Virus Bulletin 2013 in Berlin. We look at how a simple prompt can help keep users safe.
Internet Explorer users will be a great deal safer from Tuesday onwards, after Microsoft announced a patch for a vulnerability that has been exploited by attackers “for months” according to some reports.
Malware, phishing and ID thieves are everywhere - but you don’t have to be paranoid, or hang back, or stop yourself enjoying the best the web has to offer. Our tips should help you browse with confidence.
Microsoft has released an emergency fix for a vulnerability in all versions of Internet Explorer - warning that targeted attacks are already attempting to exploit it.
“Hardware Trojans” could be baked invisibly into circuits by attackers, allowing them to grab secret keys from computer components without fear of detection - even by advanced inspection systems using optical microscopes.
Win32/Gataka is an information-stealing banking Trojan that can read all of your web traffic and alter the balance displayed on your online banking page to hide fraudulent transfers. It exhibits a modular architecture similar to that of SpyEye, where plugins are required to achieve most of the malware functionality. In our previous blog post, we
If you are a Mac user and you have Java installed on your Mac, then right now would be a good time to run Software Update… from the Apple menu to make sure you have installed the latest Java for Mac OS X update. Installing this update will help protect your Mac from a malicious
The Blackhole exploit kit has been updated to version 1.2.3 and includes a new exploit for the Java CVE-2012-0507 vulnerability, which ESET calls Java/ Exploit.CVE-2012-0507
A new TDL4 sample includes novel privilege escalation mechanisms in the dropper and changes to the hidden storage system.
ESET researchers examine the evolution of bootkit threats targeting 64-bit Windows over 2011.
Old hoaxes never die. They just get transplanted to Facebook.
On Wednesday we heard additional documents had been leaked from the Arizona Department of Public Safety (DPS). “Will this ever end?” has to be the most commonly-asked question in Arizona nowadays at the DPS. The original attacks last week were claimed by the group LulzSec, which was making the rounds exposing private information through hacking
Yeah, usually these things are titled “for Dummies”, but you’re not a dummy if you don’t understand, you’re normal. This is related to the program “Firesheep” and I will attempt to make it very easy to understand the problem. The solution is a bit more complex. It all comes down to trust and discretion. Unfortunately
Adobe Flash is, in my opinion, the most ubiquitous spyware in the world and no products detect it as such. The reason it goes undetected is that it also has numerous legitimate uses, however, there is growing evidence that indicates significant abuse. This will be the first in a series of blogs in which I
September 2009 saw some key security analysis raining directly onto the Adobe PDF platform, particularly with SANS pointing towards remote code execution within PDFs as one of the top threat vectors: Adobe Acrobat, Reader, and Flash Player Remote Code Execution Vulnerability (CVE-2009-1862) Adobe Reader Remote Code Execution Vulnerability (CVE-2009-1493) Kudos to Adobe for patching these
So how bad was the roll out of Google Buzz? Let’s start with a little bit of history first. Either before or after you read this blog, I would appreciate your impressions of how Google rolled out buzz. I have a survey up at http://www.surveymonkey.com/s/JSS79XJ Several years ago, Microsoft initiated their SDL, Security Design Lifecycle
[Part 9 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series is now available as a white paper at http://www.eset.com/download/whitepapers.php.] Be Wireless, not Careless Don’t connect to just any “free Wi-Fi” access point: it might alter your DNS queries or be the “evil twin” of
I’ve mentioned here before that targeted malware, often delivered by “spear phishing” carried by apparently “harmless” documents such as PDFs, .DOCs and spreadsheets rather than overt programs, can have much more impact than the raw numbers of such attacks suggest. In fact, some sources now use the term “whaling” rather than “spear phishing” to reflect the