Weaponized Powerpoint in the Wild
This post was written by Jaeson Schultz. On October 14th information related to a new Windows vulnerability, CVE-2014-4114, was published. This new vulnerability affects all supported versions of Microsoft Windows. Windows XP, however, is not affected by this vulnerability. The
POODLE and The Curse of Backwards Compatibility
This post was written by Martin Lee Old protocol versions are a fact of life. When a new improved protocol is released, products still need to support the old version for backwards compatibility. If previous versions contain weaknesses in security, yet their continued support i
Microsoft Update Tuesday October 2014: Fixes for 4 0-day Vulnerabilities
This post was authored by Yves Younan Microsoft Tuesday is here once again and this month they are releasing a total of eight bulletins. Three of which are rated as critical, while the remaining five are rated as important. There’s a total of 24 CVEs this month, 20 of which were
Threat Spotlight: Group 72
This post is co-authored by Joel Esler, Martin Lee and Craig Williams. Everyone has certain characteristics that can be recognised. This may be a way of walking, an accent, a turn of phrase or a style of dressing. If you know what to look for you can easily spot a friend or acqua
Evolution of the Nuclear Exploit Kit
This post is co-authored by Alex Chiu, Martin Lee, Emmanuel Tacheau, and Angel Villegas. Exploit kits remain an efficient mechanism for cyber criminals to distribute malware. Such kits include exploits for multiple vulnerabilities within a single malicious webpage. Criminals can
Shellshock Exploits in the Wild
This post was authored by Joel Esler & Martin Lee. The recently discovered Bash vulnerability (CVE-2014-6271) potentially allows attackers to execute code on vulnerable systems. We have already blogged about the issue and provided more technical detail in a further blog. The
Shellshock - Update Bash Immediately!
Shellshock is a serious vulnerability. Bash, arguably the most widely distributed shell on Linux systems, fails to correctly parse environment variables with function declarations. Why the fuss over environment variables? Because these variables are often set by programs that han
Another Major Vulnerability Bashes Systems
Vulnerabilities that permit remote network attacks against ubiquitous software components are the nightmares of security professionals. On 24 September the presence of a new vulnerability, CVE-2014-6271 in Bash shell allowing remote code execution was disclosed. The Bash shell
Threat Spotlight: “Kyle and Stan” Malvertising Network 9x Larger Than Expected
This post was authored by Armin Pelkmann. On September 8th, Cisco's Talos Security Intelligence & Research Group unveiled the existence of the "Kyle and Stan" Malvertisement Network. The network was responsible for placing malicious advertisements on big websit