Stupid CSS Tricks
As has been well-demonstrated by the Blackhole Exploit Kit's "Loading, Please Wait..." page, people browsing the web are most likely to allow a malicious page to complete whatever action it is attempting to execute when they see no signs of strange activity on that
Phishing Games
It's no surprise that, as the 2012 London Olympic games approach, cybercriminals are using the event as bait for a variety of scams. Sure, there are plenty of 419 scams revolving around the games - but we'll assume that none of the readers of this blog are dumb enough to
The Power of Open Source Intelligence
Last week, an email came into the main VRT email account, entitled "New Malicious Javascript." The note inside was from Mr. Brett C., a Sourcefire customer who'd stumbled across an interesting chunk of heavily obfuscated JavaScript that was the first page in a chain
CVE-2012-1723: New Java Attack Added to Blackhole
Word began to emerge last week of the addition of a new vulnerability to the Blackhole Exploit Kit. The bug in question - CVE-2012-1723 - is a complex Java issue, which thankfully has patches available from Oracle already. Of course, just because a patch is available doesn't
Microsoft In-The-Wild Coverage - CVE-2012-1889 and CVE-2012-1875
As a security professional, there's very little I hate more than Microsoft vulnerabilities announced after patches are sent out each Microsoft Tuesday. Not only do they mean that folks like me have to scramble to address them - since invariably bugs released outside the stand
Compromised WordPress Blogs: A Phisher's Paradise
One of the ongoing trends in the phishing attacks the VRT monitors is the use of poorly secured WordPress blogs as staging points for exploit kits. Every time I hover over a link in the latest "UPS Tracking" or "Airline Ticket Confirmation" email, I'm look
MySQL Authentication Brute Force Attack
Before you read this, go and make sure your MySQL servers are patched and up-to-date. This is serious, nasty 0-day, and while there is some mitigation in terms of impacted platforms, the newest MySQL bug is so trivial to exploit that it's worth a couple of minutes just to che
Web Shell Poses As A GIF
One of the most actively scanned-for vulnerabilities on the Internet these days is the TimThumb remote file include, an attack released in August of 2011 that targets the popular WordPress module. People scan for it so heavily because doing so is cheap and easy, from a bandwidth
Flame Malware, Targeted Attacks, and You
It seems no good holiday goes by without some quality new malware being dropped, and this year's Memorial Day was no exception. Announced in posts by Kaspersky, Symantec, the Iranian National CERT and the Budapest University of Technology and Economics, a targeted piece of ma