Microsoft roundup: patch expected, tools extended, browser bested December 2011 | Derek Parkinson | Leave a comment Microsoft is widely expected to include a patch for the notorious Duqu malware as part of a comprehensive security update on Tuesday. Although Duqu isn’t mentioned specifically, the company says it will fix 20 vulnerabilities in Windows, Office, Internet Explorer, … Continue reading → Tweet
Duqu malware update: all eyes on Microsoft November 2011 | Derek Parkinson | Leave a comment Microsoft is under the spotlight following the discovery that the Duqu “son of Stuxnet” malware infects machines by exploiting a zero-day vulnerability in Windows. Further investigations by CrySyS, the Hungarian team that first spotted the malware in the wild, and … Continue reading → Tweet
Qakbot – malware under the microscope May 2011 | Redaction | Leave a comment Microsoft researchers have released the latest findings from their analysis of Qakbot, malware which is unusually sophisticated, being purpose-built to steal banking information from high-value targets. From e-zine to enterprise The research is timely given recent spikes in observed infections, … Continue reading → Tweet
Sunspot trojan reveals details of malware evolution May 2011 | Redaction | Comments (4) More details are emerging about the Sunspot trojan, which is designed to steal banking details and appears able to evade detection by leading anti-virus products, according to Trusteer. Sunspot affects 32-bit and 64-bit Windows platforms from Windows XP onwards, and … Continue reading → Tweet
IPV6: tackling the rogue RAs April 2011 | Redaction | Leave a comment Rogue http://community.securityvibes.com/community/en/blog/2011/01/26/ipv6-addressing-the-security-issuesRAs can be a nuisance, soaking up valuable network resources, or they can be more sinister, being used to launch a version of the man-in-the-middle (MITM) attack. So it was with interest that SecurityVibes spotted this posting about what … Continue reading → Tweet
Firefox 4 and the state of browser security – the expert view March 2011 | Redaction | Leave a comment The release in March of Firefox 4 and Microsoft’s IE9 has reignited talk of the “battle of the browsers”, sparking claims and counter-claims about the numbers downloaded within the first hours of release. It is a good time to take … Continue reading → Tweet
OWASP draws up XSS battle plan February 2011 | Redaction | Leave a comment Web browsers, cross-site scripting (XSS), and vendor-neutral approaches to the security of enterprise applications will be the key areas of work at the upcoming OWASP Global Summit in Lisbon. A working group on browser security will include representatives from Mozilla, … Continue reading → Tweet
IPv6: addressing some security issues January 2011 | Redaction | Leave a comment As reserves of IPv4 addresses finally dry up efforts are underway to speed up migration to IPv6. This brings new issues for IT security professionals to deal with, particularly network administrators and engineers. For most there will be a phased … Continue reading → Tweet
Microsoft vulnerability disclosure battle continues July 2010 | Redaction | Leave a comment Google employee Tavis Ormandy in June released exploit code for a Windows Help Center vulnerability just five days after advising Microsoft. Microsoft had not managed to patch the flaw at the time Ormandy released the code.Ormandy is understood to be … Continue reading → Tweet
Google and Microsoft at daggers drawn over exploit June 2010 | Redaction | Leave a comment Frictions between Google and Microsoft have ramped up following the release by a Google security engineer of exploit code for an unpatched Microsoft vulnerability. Tavis Ormandy publicly released code that could be used to exploit a flaw in Windows Help … Continue reading → Tweet
