Author Archives:

Microsoft issues 6 security bulletins on ‘Patch Tuesday’

April 12, 2012 – 3:22 pm

By Dancho Danchev On Tuesday, Microsoft issued 6 security bulletins, 4 of them critical, and 2 important updates. The bulletins fix a total of 11 vulnerabilities in Windows, Microsoft Office, and Internet Explorer. According to Microsoft, the company has already observed targeted malware attacks taking advantage of the MS12-027 vulnerability. In order to mitigate the risks [...]

Posted in Exploits, malware, Targets | Leave a Comment

Adobe plans to issue Acrobat Reader ‘security update’ next week

April 6, 2012 – 12:35 pm

By Dancho Danchev According to the latest prenotification security advisory from Adobe, next week, the company plans to issue a ‘security update’ for Adobe Reader X (10.1.2) running on Windows, Linux and Macintosh. Adobe’s products are under permanent fire from malicious cybercriminals, exploiting known vulnerabilities in Adobe’s products, who succeed, primarily relying on the fact that end [...]

Posted in Exploits | Leave a Comment

Google’s Chrome patches 12 ‘high risk’ security vulnerabilities

April 6, 2012 – 10:32 am

By Dancho Danchev Yesterday, Google updated its Chrome browser to 18.0.1025.151 on Windows, Mac, Linux and Chrome Frame. Next to patching multiple usability bugs, the latest update has also patched numerous vulnerabilities reported through  Google’s security bugs bounty program. More details:

Posted in Exploits, Google Chrome | Comments (1)

New underground service offers access to hundreds of hacked PCs

April 5, 2012 – 9:50 pm

By Dancho Danchev Want to buy anonymous access to hacked PCs, spam-free SMTP servers (Simple Mail Transfer Protocol), or compromised bank accounts? A newly launched underground Web service, is currently offering access to hundreds of hacked PCs, SMTP servers, and hacked bank accounts. Let’s take a deeper look:

Posted in Downloaders, Keyloggers, malware, Passwords, Threat Research, Trojans | Comments (2)

Spamvertised ‘US Airways’ themed emails serving client-side exploits and malware

April 3, 2012 – 12:07 pm

By Dancho Danchev Cybercriminals are currently spamvertising yet another social-engineering driven malicious email campaign, this time impersonating U.S Airways. Upon clicking on the malicious links found in the emails, end and corporate users are exposed to client-side exploits courtesy of the BlackHole web malware exploitation kit. More details:

Posted in Downloaders, Enterprises, Exploits, Keyloggers, malware, Passwords, social engineering, spam, Threat Research, Trojans | Leave a Comment

Email hacking for hire going mainstream – part two

April 2, 2012 – 1:44 pm

By Dancho Danchev Remember the email hacking for hire service which Webroot extensively profiled in this post “Email hacking for hire going mainstream“? Recently, I stumbled upon another such service, advertised at cybercrime-friendly web forums, offering potential customers the opportunity to hack a particular Mail.ru and Gmail.com email address, using a variety of techniques, such [...]

Posted in Passwords, phishing, social engineering, spam | Leave a Comment

Adobe patches critical security flaws, introduces auto-updating mechanism

April 2, 2012 – 8:13 am

By Dancho Danchev Last week Adobe released the APSB12-17 Flash Player update. The update patches two critical security flaws — CVE-2012-0772 and CVE-2012-0773 – in the Adobe Flash player, and also, for the first time ever, introduces auto-patching mechanism. The update affects the following operating systems - Windows, Mac OS X, Linux and Solaris. More details:

Posted in Exploits, malware | Leave a Comment

Spamvertised ‘Scan from a Hewlett-Packard ScanJet’ emails lead to client-side exploits and malware

March 31, 2012 – 7:53 am

By Dancho Danchev Security researchers from Webroot have intercepted a currently spamvertised malicious campaign, impersonating Hewlett Packard, and enticing end and corporate users into downloading and viewing a malicious .htm attachment. More details:

Posted in Downloaders, Exploits, Keyloggers, malware, Passwords, spam, Threat Research, Trojans | Leave a Comment

Spamvertised Verizon-themed ‘Your Bill Is Now Available’ emails lead to ZeuS crimeware

March 29, 2012 – 11:16 am

By Dancho Danchev Cybercriminals newest spamvertised malware campaign is brand-jacking Verizon Wireless in an attempt to trick end users into clicking on the malicious links embedded in the email. More details:

Posted in Downloaders, Exploits, Keyloggers, malware, Passwords, spam, Threat Research, Trojans | Comments (1)

Tens of thousands of web sites affected in ongoing mass SQL injection attack

March 26, 2012 – 9:07 am

By Dancho Danchev Hundreds of thousands of legitimate web sites are currently affected in a a mass SQL injection attack that has been ongoing for the past several months. The ongoing mass SQL injection attacks, are directly related to last year’s scareware-serving Lizamoon mass SQL injection attacks. The cybercriminals behind it, are automatically exploiting the [...]

Posted in Blackhat SEO, mal-effects, malware, Threat Research | Comments (5)
Follow

Get every new post delivered to your Inbox.

Join 609 other followers