5 posts categorized "ms"

About This Blog

The Content Security Research Team's Mission: Deliver security research and intelligence that educates, supports and strengthens the security community, and drives innovation in our eSafe solutions.

Learn More

Follow Us on Twitter

03/09/2011

Microsoft Security Bulletin - March 2011

Microsoft has released the March vulnerabilities patches:

 

Microsoft March Bulletin

11/04/2010

Weekly Security News – November 4, 2010

1. Police To Get Facebook Lessons
Read More

2.  Facebook discovers and "punishes" UID-selling developers
Read More

3. Guarding Your Business Against Social Networking Hacks
Read More

4. Spying app kicked out of Android Market
Read More

5. Russian-Armenian botnet suspect raked in $140,000 a month
Read More

6. Adobe Accelerates Patch Schedule for Critical Flash Bug
Read More

7. Turkey reinstates YouTube ban
Read More

8. Perverted Facebook hacker targeted women
Read More

9. Five LinkedIn privacy settings you need to know about
Read More

10. Police leak risks security catastrophe
Read More

11. Where did all the Viagra spam go?
Read More

12. Internet Explorer users warned of new zero-day attacks
Read More

13. DDOS Attack on Myanmar Takes the Country Offline
Read More

08/05/2010

Weekly Security News – August 5, 2010

1.   U.K. government nixes 'kill IE6' campaign
    Read Article

2.   Facebook's 500 millionth member highlights risks
  Read Article

3.   Summer holiday security checklist
  Read More

4.   63% consider international cyber-espionage acceptable
  Read More

5.   Hong Kong e-payment firm admits selling customer data
  Read More

6.   Seven myths about zero day vulnerabilities debunked
  Read More

7.   US Still Number One Malware Producer
  Read More

8.   Microsoft patches the critical Windows LNK vulnerability
  Read More

9.   Cyber War is not the Cold War
  Read More

10. China Called a Hacker's Marketplace
   Read More

11. Brothers admit spam campaign against college students
   Read More

12. DeepWater Horizon (BP oil spill) appears to be a control system cyber incident
   Read More

13. US at High Risk for Computer Attack
  Read More

14. Android wallpaper app stealing user data and sending it to China
   Read More

15. Turkish pranksters load Facebook Translate with swears
  Read More

08/03/2010

LNK vulnerability patch solves "the next big thing"?

Microsoft released a patch that solves the new LNK vulnerability: Microsoft Announcement.

We recommend installing this patch to ensure you are protected from the vulnerability.

Discovery of the new LNK vulnerability a few weeks ago created a lot of hype. All the security industry web sites were abuzz with talk about the new vulnerability, discovered by the Belorussian AV company VirusBlokADA.

The first incident of the vulnerability downloaded a Trojan targeting SCADA control systems, used to control power plants. Thereafter, other Trojans (e.g. Zeus) used the vulnerability to propagate themselves, causing experts in the content security field to start talking about “the next big thing".

Is it, or was it, really the next big thing? I don't think so. It reminds me of the "Swine Flu" scare we had last year. Everybody was talking about it, and how it was going to be the new smallpox epidemic. In the end, although there were many incidents of the virus, it certainly didn’t reach epidemic proportions…

This is the same case. Many organizations raised a flag that a new virus is on the rampage; people got scared, new security solutions were bought, and many individuals and organizations made a nice profit from it. But, is it really that bad? Well, no. Many users were infected with the new vulnerability, but not more than other vulnerabilities. Furthermore, there was a time gap between the discovery and the release of the patch.

This is not the end, though. Vulnerabilities will continue to be discovered in the future, and companies will once again talk about “the next big thing", but I think we need to keep everything in proportion. Although we should be on guard 24/7, we should also be more responsible, as security specialists, before frightening the public.

03/21/2010

New MS IE6/IE7 zero-day vulnerability

Microsoft has released an advisory regarding a new zero-day IE6 and IE7 vulnerability: http://www.microsoft.com/technet/security/advisory/981374.mspx eSafe will be able to detect the exploit from SV140 which is scheduled to be released today. Detection name: as JS.CVE-2010-0806 More information will be published later on.