No dia 26 de novembro foram publicadas atualizações para o Adobe Flash Player para Windows, Macintosh e Linux, relacionadas à vulnerabilidade CVE-2014-8439. Um patch para essa vulnerabilidade já tinha sido publicado no dia 14 de outubro, mas ao parecer existia um exploit que ainda funcionava, e portanto a falha teve que ser corrigida uma vez
Microsoft has uncovered a flaw in all supported versions of Microsoft Windows that could allow hundreds of millions of computers to be taken over by a remote attacker, International Business Times reports.
Se tem algo que quase todos os administradores de sistemas Windows devem saber, é que na segunda terça-feira de cada mês eles terão que revisar o relatório de patches de segurança da Microsoft e atualizar as plataformas correspondentes para corrigir falhas e vulnerabilidades. Embora em setembro os patches tenham sido poucos, em outubro são nove.
Com o lançamento do Mac OS X Mavericks 10.98 e o iOS 8, a Apple publicou uma lista de sete patches de segurança e solucionou mais de 40 vulnerabilidades que afetavam componentes como o Núcleo (Kernel), o Bluetooth e o endereço MAC, entre outros. Assim, a empresa atualizou muitos dos seus produtos e resolve problemas
Microsoft rushed out an emergency security fix for Internet Explorer, to fix a flaw which hackers had already exploited – affecting IE versions 6 to 11 on several versions of Windows.
If your system administrator looks a little frazzled this week, be nice to him or her and don’t grumble too much about the photocopier being jammed. It may be that they have more serious issues on their mind.
An exploit for a vulnerability which affects all versions of Microsoft’s Internet Explorer has been released as a module for the popular penetration testing tool Metasploit – sparking fears of a new wave of attacks.
Microsoft has taken the unusual step of announcing a patch for an Internet Explorer vulnerability just a week after its traditional patch Tuesday announcements.
[UPDATE #1: (21 Dec 2012, 5:30PM) ESET Researcher Cameron Camp has just published the second part of this series on securing your Android device. Read it here on the ESET Threat Blog at Securing Your Holiday Tech Gifts, Part 2: Android Guide. AG] December is upon us, and whether you have a Christmas tree, menorah,
Introduction Mobile World Congress 2012 is almost upon us, and one of the most hotly-anticipated topics is the next generation of Microsoft’s smartphone operating system Windows Phone 8, which has been kept under wraps far more tightly than its PC counterpart, Windows 8. While Microsoft was an early adopter in the creation of smartphones with
My latest blog for SC Magazine's Cybercrime Corner looked at the recent APT (Advanced Persistent Threat) attack on RSA, in the light of Uri Rivner's blog on the implementation of the attack. Unfortunately, the exact nature of the target and damage remains somewhat obscure, so while I certainly consider Rivner's blog worth reading, I also found myself
Aryeh Goretsky posted a blog about a trojan program in a Microsoft catalog update. I thought it might be a little interesting to know how this can happen and why it doesn’t happen more often. As it turns out, it was once my job to make sure that Microsoft did not release infected software. Initially
UPDATE #1 Randy Abrams has posted a follow-up article, Anatomy of a Biting Bunny – The Infected Microsoft Catalog Update with additional information about how update services work, why they might distribute third-party code and what might be done to prevent malware from being distributed on services like Microsoft's Windows Update in the future. 7-FEB-2011. Last
Just a quick follow up on the Microsoft Security Advisory (2501696) post that my colleague Randy Abrams wrote about on January 28th regarding Microsoft's recent MHTML vulnerability, which is listed by ESET as HTML/Exploit.CVE-2011-0096.A in our signature database. Although reports remain low so far, any vulnerability in a particular version of Microsoft Windows
There is a new vulnerability that affects all supported versions of Windows and some unsupported versions. For you techies the “Vulnerability in MHTML Could Allow Information Disclosure” advisory is at https://www.microsoft.com/technet/security/advisory/2501696.mspx. If you are not a techie you might want to take a look and see how much you can understand. By reading the security
As expected, Microsoft has released a critical out-of-band patch for the LNK shortcut file vulnerability which received attention last month. As a critical patch, this update will be delivered through Windows’ Automatic Update service, as well as being directly available for download from Microsoft’s site without a Windows Genuine Advantage check. A reboot is required for the
We realize there have been a lot of articles in the blog now about the Win32/Stuxnet malware and its new vector for spreading, but when vulnerabilities emerge that can be widely exploited, it is important to share information so that people can protect themselves from the threat. Detection for Win32/Stuxnet and the shortcut (LNK) files