Paranoia and the rise of fake antivirus
This weekend I got a call from my father, who wanted my advice as the computer security guy in the family. It seems that my younger sister's laptop had become infected with a nasty little virus called Block Watcher, which had popped up a series of messages telling her that he
Rule release for today - October 22nd, 2009
A few modifications in this release, most notably a fix for a false positive issue that raised it's ugly head from the Microsoft Tuesday release. Microsoft Security Advisory (MS09-059): A vulnerability in the Microsoft Local Security Authority Subsystem Service (LSASS) may a
Snort 2.8.5.1 Release
Hot on the heels of the Snort 2.8.5 release, a new Snort tarball is now available that fixes a few issues: * Fixed syslog output when running on Windows. * Fixed potential segfault when printing IPv6 packets using the -v option. Thanks to Laurent Gaffie for reporting this
Rapid7 make bold statement acquiring Metasploit Project
Normally the acquisition of an Open Source product by a commercial product wouldn’t make the VRT blog, but in this case I believe this acquisition is going to cause some interesting developments in the threat landscape and in the vulnerability management space. I also think this
Vulnerability Report now available via iTunes
Yes, that's right, our monthly vulnerability report is now available for your convenience, via iTunes. To subscribe, hit up this link: http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=336370330 Note that the video is large due to it being in high definition,
Rule release for today - October 20th, 2009
A maintenance release this week, with several new rules in web-client, specific-threats, web-misc, oracle, smtp and dos rule sets. As always, the changelogs are available here: http://www.snort.org/vrt/advisories/2009/10/20/vrt-rules-2009-10-20.html
October 2009 Vulnerability Report
Sourcefire VRT Vulnerability Report October 2009 from Sourcefire VRT on Vimeo. Sourcefire VRT Vulnerability Report This month's report covers the Microsoft Tuesday advisories, including IIS FTP vuln, SMBv2 remote code execution and Adobe patch Tuesday.
How does malware know the difference between the virtual world and the real world?
It is no secret that the Information Security industry takes advantage of virtualization software in order to research security threats. VMWare, Sandboxie, Virtual PC, Anubis, CWSandbox, JoeBox, VirtualBox, Parallels, QEMU are just just of few of these virtual machines. The cornu
Microsoft Tuesday Coverage for October 2009
Bumper crop of vulnerabilities patched this month by Microsoft and Adobe. Microsoft Security Advisory (MS09-050): A vulnerability in the way that Microsoft Windows systems process SMBv2.0 transactions may allow a remote attacker to execute code on a vulnerable system. A rule to