Our coverage for the Recent Point of Sale Compromises
On December 19th, 2013, Target Corp announced that it fell victim to a very sophisticated cyber-attack that took place around the Thanksgiving holiday. This led to the theft of information pertaining to over 40 million credit and debit accounts used at their stores. As many peop
Fiesta Exploit Kit, is no party
Recently, when our Cisco TRAC team contacted us about some work that we did concerning the Fiesta Exploit Kit for an article they were writing, we were happy to work with them. As discussed in the recent Cisco Annual Security Report, exploit kits have been very pervasive in the
Microsoft Update Tuesday: January 2014, fix for the XP/2003 0-day vulnerability
The first Microsoft Update Tuesday of 2014 is here and it’s a very light month this time around. We’ve got 4 bulletins covering 6 CVEs. What’s remarkable is that there’s no Internet Explorer bulletin this month. There are also no bulletins that are marked critical, all 4 bulletin
Microsoft Update Tuesday: December 2013, some 0-day fixes
Microsoft’s final update for the year brings us 11 bulletins covering 24 CVE issues. As is customary, there is the critical IE bulletin, MS13-097. This time it covers 7 CVE issues. As in other months, this includes a number of use-after-free issues that we’ve come to expect in
When an exploit kit is VERY simple
Ran across this "exploit kit" today. I'm holding up my hands with air quotes: Not really sure if it is an exploit kit, as so far, it is just a landing page with applet redirection to a jar file. The GoogleDocs.jar file that is mentioned above is a simple generate
A quick tutorial on ClamAV detection: Win.Adware.Bprotector
Bprotector is a fairly popular yet unexceptional family of adware. The thing that distinguishes it from other families is its prevalence. A specific sample, first seen in October 2013, has consistently been on top for detection rates on our FireAMP and Immunet products. The follo
I'm calling this Goon Exploit Kit, for now
We started seeing this exploit kit in our systems on November 21st. It has some similarities to Redkit and the Dotcache exploit kit. Cookiebomb redirection to: 192.168.0.58 1044 173.237.187.203 80 GET 173.237.187.203 /cnt.php?id=786629 Mozil
Microsoft Update Tuesday November 2013: HyperV vulnerability and fix for 0day
We have a relatively light Update Tuesday this month: 8 bulletins covering 19 CVEs, 3 of which are marked critical. The most interesting vulnerability this month is actually in the non-critical ones: a vulnerability in Hyper-V (MS13-092). We’re also getting a fix for a 0-day vuln
Exploit kits, they sure do like to change ports
Since the arrest of Paunch, (the author of the Blackhole and Cool exploit kits, that I talked about in my last post), exploit kits are clamoring for who will be number one. So I come with a status update of sorts, as of the writing of this blog post, Magnitude, aka, Popads seems