Boston Marathon Bombing Links May Hide Java-Based Exploits

PCMag: My social media accounts and email inbox are full of links to stories about the horrific incident in Boston earlier this week. I am reading about the victims, the bystanders and first responders that rushed to help, and looking for updates on the investigation. It turns out I should be careful about what links I click on, as cyber-criminals have already started exploiting the tragedy for their own nefarious purposes, security experts told SecurityWatch....

April 17, 2013 路 3 min 路 629 words

New Adobe Vulnerabilities Being Exploited in the Wild

Adobe posted a vulnerability report warning that vulnerabilities in Adobe Reader and Acrobat XI (11.0.1) and earlier versions are being exploited in the wild. Adobe is currently investigating this issue. According to the FireEye blog posted earlier today, the malicious file arrives as a PDF file. Upon successful exploitation of the vulnerabilities, two malicious DLL files are dropped. Symantec detects the malicious PDF file as Trojan.Pidief and the two dropped DLL files as Trojan Horse....

February 14, 2013 路 1 min 路 176 words

LinkedIn spam, exploits and Zeus: a deadly combination ?

Is this the perfect recipe for a cybercriminal ?: Hacking LinkedIn鈥檚 password (and possibly user-) database. Sending an email to all obtained email addresses, which is urging you to check your LinkedIn inbox as soon as possible. A user unawarely clicking on the link. An exploit gets loaded. Malware gets dropped. Malware gets executed. User鈥檚 computer is now a zombie (part of a botnet). I would definitely say YES. A reader of my blog contacted me today, he had received an email from LinkedIn which was looking phishy....

June 14, 2012 路 2 min 路 300 words

Fake BBC Website Serves Exploits and Work From Home Offers

GFI Wrote: In September, our friends at Sophos wrote about a fake BBC website offering up the 鈥渃hance鈥 to work from home for predictably large sums of money. No more than a day later, we were covering fake BBC video posts targeting Facebook users. Today we鈥檙e looking at a fake BBC URL which drops the end-user onto a 鈥渨ork from home and earn $10,000+ a month鈥 fake news site, but not before it鈥檚 attempted to load up the PC with malware via a rather nasty collection of exploits....

May 21, 2012 路 3 min 路 436 words

PHP 5.4 Remote Exploit PoC in the wild

ISC Diary: There is a remote exploit in the wild for PHP 5.4.3 in Windows, which takes advantage of a vulnerability in the com_print_typeinfo function. The php engine needs to execute the malicious code, which can include any shellcode like the the ones that bind a shell to a port. Since there is no patch available for this vulnerability yet, you might want to do the following: Block any file upload function in your php applications to avoid risks of exploit code execution....

May 19, 2012 路 1 min 路 141 words

Android smartphones infected via drive-by exploit

At the RSA Conference 2012, former McAfee executives George Kurtz and Dmitri Alperovitch have presented a Remote Access Tool (RAT) that infects Android smartphones (version 2.2). They used an as-yet unpatched bug in Android鈥檚 WebKit browser to inject the malware. The researchers say that they bought the vulnerability information, and a range of other tools, on the black market. The finished exploit is based on 20 components that apparently cost a total of $1,400 on the black market....

March 2, 2012 路 2 min 路 415 words

Blackhole Exploit Targeting Steve鈥檚 Death

Symantec: The sad news making the rounds these days is the death of Steve Jobs, Apple Co-founder and former CEO. His death has been a terrible loss to both Apple and Apple fans everywhere. Spammers are capitalizing on this incident by sending malicious links related to the news of Steve Jobs鈥 death. Below is a screenshot of one such spam email containing a malicious link: More malicious links found relating to death spam are:...

October 8, 2011 路 1 min 路 199 words

Popular sites (including YouPorn) caught sniffing user browser history

The Register: YouPorn nabbed in real-world privacy sting Boffins from Southern California have caught YouPorn.com and 45 other sites pilfering visitors鈥 surfing habits in what is believed to be the first study to measure in-the-wild exploits of a decade-old browser vulnerability. YouPorn, which fancies itself the YouTube of smut, uses JavaScript to detect whether visitors have recently browsed to PornHub.com, tube8.com and 21 other sites, according to the study. It tracked the 50,000 most popular websites and found a total of 46 other offenders, including news sites charter....

December 7, 2010 路 3 min 路 436 words

Brand new 0-day Exploit. The world is going to end! Yet again鈥

Sigh鈥 The latest 鈥渆xploit鈥 that affects hundreds of programs and will be the end of the world as we currently know it is actually a well documented feature of Windows. It has actually been around since the DOS days. In the old days we used to call these Companion viruses. It worked by using a different file extension that will be executed before the real executable. For example if you had a 鈥済wbasic....

August 27, 2010 路 3 min 路 440 words