MHTML vulnerability under active exploitation !

We've noticed some highly targeted and apparently politically motivated attacks against our users. We believe activists may have been a specific target. We've also seen attacks against users of another popular social site. All these attacks abuse a publicly-disclosed MHTML vulnerability for which...

Of Night Dragons and Silver Bullets

Reading the headlines today one could not help but notice the latest installment of “scary Chinese hacker press” making the headlines. And who can blame the news media for latching on to this story as it has all the right ingredients: foreign governments targeting U.S. interests, catchy nicknames...

New Remotely Exploitable Bug Found in Internet Explorer

Another serious remotely exploitable bug in Internet Explorer has cropped up, this one related to the way that IE handles a specific DLL library on pages that reference CSS files. There also is publicly available exploit code for the new bug. The vulnerability was disclosed initially on the Full...

9) Meet the new spam, same as the old spam

As in life in general, if something works, you stick with it. How else to explain the continued popularity and prevelance of e-mail based spam and phishing attacks, even though everyone knows that e-mail is so “1998”? Alas, the truth is that attacks embedded as links or malicious attachments in...

New Bug in Internet Explorer Used in Targeted Attacks

There’s a new flaw in all of the current versions of Internet Explorer that is being used in some targeted attacks right now. Microsoft has confirmed the bug and said it is working on a fix, but has no timeline for the patch release yet. The company did not rule out an emergency out-of-band patch...

Researchers: Google Aurora Attackers Back in Business?

Just when you thought it was safe to go back in your e-mail…Researchers say a new round of targeted attacks appear to come from the same group responsible for attacks against Google and other top U.S. firms. Writing on the Symantec Security blog...

Botnet Targets SSH Servers Via Brute Force

The ddssh bot is currently responsible for an increase in brute force attacks on SSH connections. Botnet herders are apparently injecting the script via a phpMyAdmin vulnerability and using the compromised computers for targeted SSH attacks. Read the full article. The H Security...

Persistent, Covert Malware Causing Major Damage

LAS VEGAS–Security technology and practice have advanced quite a bit in the past few years, but one thing that has become clear is that whatever gains have been made are just not keeping pace with the innovation of attackers. The advances being made by malware authors and crimeware gangs are...

Eddie Schwartz on Advanced Threats

Dennis Fisher talks with Eddie Schwartz, CSO of NetWitness, about a new study the company did on the level of awareness of advanced threats in the enterprise and what organizations are doing to respond to the latest targeted attacks. Podcast audio courtesy of sykboy65 Subscribe to the Digital...

Why the Disclosure Debate Doesn't Matter

As the events of recent weeks have shown, there is no better way to start a dumpster fire of an argument among a group of security people than to bring up the hideous, threadbare topic of full disclosure. No one is ambivalent about it; everyone has an opinion, and usually a strong one. But what’s...

Mike Mimoso on Targeted Attacks and the Google-Microsoft Controversy

Dennis Fisher talks with Mike Mimoso of SearchSecurity.com and Information Security magazine about the current spate of highly targeted attacks, the silliness of the term cyberwar and the controversy surrounding the disclosure of the Windows Help Center flaw. Podcast audio courtesy of sykboy65...

Lab Matters: Inside Targeted Attacks

Kaspersky Lab anti-malware researchers Costin Raiu and Magnus Kalkuhl field questions on targeted attacks, how they work and how businesses can protect themselves...

The Economics of Targeted Attacks

CAMBRIDGE–Researchers and security vendors have been telling us for years now that attackers have developed sophisticated, targeted attacks designed to separate victims from their money as quickly and cleanly as possible. If that’s so, why aren’t all of us being compromised on a regular basis? A...

Ten Years After the LoveBug Worm

The LoveBug worm, a simple email that spread a virus to millions of computers a decade ago, paved the way for many of today’s social engineering and targeted cyber attacks. Read the full article. CSO...

Researcher Demos PDF Counter Attacks

Targeted attacks might be tough to prevent, but what if you could fight back against the attacker once he’s infiltrated your network? A researcher has come up with a proof-of-concept PoC that does just that by finding vulnerabilities in the attacker’s malware and using it against him. Read the fu...

Gunter Ollmann on Opt-In Botnets and Targeted Attacks

Dennis Fisher talks with Gunter Ollmann, VP of research at Damballa, about the new generation of hacktivism and opt-in botnets, as well as the trend toward targeted attacks in corporate environments. Podcast audio courtesy of sykboy65 Subscribe to the Digital Underground podcast on...

Microsoft Plugs IE Drive-By Download Flaws

Microsoft today shipped a cumulative Internet Explorer update with patches for 10 security holes, including a drive-by download vulnerability that’s already being used in malware attacks. The critical MS08-018 update patches security holes that could lead to code execution attacks on all versions...

The Future of Botnets

A lot of people in the security industry are paid to think like attackers: pen testers, security consultants, software security experts. But some of these people have never met an actual black hat, so much of their work is necessarily based on what they think attackers might do in a given...

Exploit Code Published for Latest IE Zero-Day

Using obvious clues from a McAfee blog post, an Israeli hacker was able to pinpoint the latest Internet Explorer zero-day vulnerability and create working exploit code. The exploit code, which provides a clear roadmap to launch drive-by download attacks against IE 6 and IE 7 users, is being fitte...

Operation Aurora Still Out There

The targeted attacks that hit Google, Adobe, and other U.S. organizations are still ongoing and have affected many more companies than the original 20 to 30 or so reported by Google and others. One researcher believes they are close to naming the suspected coder. Read the full article. Dark Readi...