Google defines disclosure timeline for actively exploited bugs
The debate regarding responsible vulnerability disclosure and full vulnerability disclosure has been started many times in the past, and it’s an issue that will continue …
Ruby on Rails bug is being exploited in the wild, researcher warns
Administrators of servers running Ruby on Rails are advised once again to upgrade to the latest versions of the framework (3.2.11, 3.1.10, 3.0.19, and 2.3.15), as a …
Microsoft releases Fix it for critical IE8 0-day
Microsoft has released a one-click Fix it for mitigating the effect of the IE 8 zero-day vulnerability that is being used in watering hole attacks in the wild. Given that a …
Multi-stage exploit attacks for more effective malware delivery
Most drive-by exploit kits use a minimal exploit shellcode that downloads and runs the final payload. This is akin to a two-stage ICBM (InterContinental Ballistic Missile) …
Sophisticated Apache backdoor in the wild
ESET researchers, together with web security firm Sucuri, have been analyzing a new threat affecting Apache webservers. The threat is a highly advanced and stealthy backdoor …
Exploit for recently patched Java flaw added to CrimeBoss exploit kit
If you are still using Java, you insist on updating in manually and you haven’t gotten around to installing the latest Critical Patch Update released a week ago, you are …
Financial malware hijacking Twitter accounts
Researchers have discovered another active spamming campaign targeting Twitter users. “The malware launches a Man-in-the-Browser attack through the browser of infected …
Spamhaus-themed ransomware delivered through exploit kits
It seems that users are starting to recognize ransomware accompanied with fake notifications by copyright enforcement and law enforcement agencies for what it is, and cyber …
Researcher sets up honeypot to counterattack, identifies attackers
I believe that most infosec professionals have, at one time or other, wished they could fight back when some of the resources they are tasked with protecting came under attack …
Security firm publishes details about Java issue, asks for second opinion
Making good on their promise, Security Exploration has published technical details about a Java issue that they consider to be a security vulnerability, but Oracle has …
Seagate blog compromised, leads to Blackhole and malware
A blog of well-known hard disk drive manufacturer Seagate has been compromised to contain malicious iFrame injections that redirect users to websites hosting the Blackhole …
MiniDuke does not come only via email
Researchers from Kaspersky and CrySyS Lab continue to analyze the MiniDuke backdoor and have discovered two previously unknown infection mechanisms. Recently discovered to …