Microsoft plans to release four updates for critical, six updates for important, and two updates for moderate vulnerabilities 12 October 2010. More information in Microsoft Security Bulletin Advance Notification for October 2010.
Introduction The term Man-in-the-middle in a security context refers to an attack where someone/-thing is inserted between two endpoints and intercepts the communication between those. The intent is usually to obtain information and use this for illegitimate purposes. Recently the term Man-in-the-mobile, abbreviated as Mitmo, emerged. New functionality in the ZeuS/Zbot malware Overview The Man-in-the-mobile term
[continue reading...]
Microsoft has released an out-of-band security update for an important vulnerability in ASP.NET. Exploits that utilize this vulnerability have been reported in-the-wild. Important is Microsoft’s second highest vulnerability serverity. More information is available in Microsoft’s Security Bulletin MS10-070. Note that this security update will initially only be available as a download from Microsoft Download Center. According to Microsoft the
[continue reading...]
Introduction Computer software evolves, and popular interpretation is to introduce new generations whenever fundamental changes arrive. If one looks at malware in the same manner, one may also classify different types into various generations. One such classification might be based on the motivations to those who are the initiators of the malware. If we use this approach,
[continue reading...]
Introduction Last week in our article Ways to use botnets, we discussed among other issues, botnets for hire. One example we mentioned in our article was the company Aiplex Software, which was hired to try stop illegal distribution of copyrighted material. Aiplex Software used some unorthodox means to accomplish this, including Distributed Denial of Service (DDoS) technology to disrupt the
[continue reading...]
Introduction A “bot” is an abbreviation for “robot”. Bots are the many single computers that participate in a “botnet”. A botnet is controlled through a command and control center, by other bots and/or by an individual/organization. The bots in a botnet are usually “recruited” through infection techniques, and the computer owners are normally not aware of
[continue reading...]
In its security bulletin summary for September 2010 Microsoft has published four updates for critical and five updates for important vulnerabilities in its operating systems / applications. Critical is Microsoft’s highest vulnerability rating. A summary describing briefly the vulnerabilities is available from Microsoft’s Security Bulletin Summary for September 2010. From this page you will also find
[continue reading...]
A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions. Adobe Reader and Acrobat version 9.3.4 and earlier versions are also vulnerable. This is another vulnerability than the one reported last week – see our Security advisory 9 September. Critical is Adobe’s highest vulnerability rating and could when exploited allow malicious native-code to execute,
[continue reading...]
Introduction Fake antimalware software has become an increasing problem for end users and corporations. The creators of these rogue applications are able to earn easy money and are constantly searching for new ways to exploit their victims. A new technique has recently been seen. We shall look at this in more detail in this security
[continue reading...]
Microsoft plans to release four updates for critical vulnerabilities and six updates for important vulnerabilities 14 September 2010. More information in Microsoft Security Bulletin Advance Notification for September 2010.