Latest IE 0-day still unpatched, attacks exploiting it go back three months
While Microsoft is yet to issue a patch for the latest Internet Explorer zero-day (CVE-2013-3893), reports are coming in that the flaw has been exploited more widely and for a …
Java exploits jump, Android malware emerges outside app stores
A continued rise in exploit-based attacks, particularly against Java, and an increasing sophistication in mobile threats characterized the first half of 2013, which saw its …
IE 0-day attack reports push ISC to raise official threat level
Over the weekend, FireEye researchers have managed to shed some light on the in-the-wild attacks leveraging the latest discovered Internet Explorer zero-day vulnerability …
Microsoft issued Fix it for actively exploited IE 0-day
Microsoft has yesterday unexpectedly released a security advisory warning users about instances of active exploitation of a vulnerability found in all supported versions of …
Attacks targeting unsupported Java 6 are on the rise
As predicted at the end of 2012 and proved by the ever expanding use of exploit kits, vulnerabilities in popular and widespread software such as Java and Adobe’s Acrobat …
Shielding targeted applications
When we discuss exploit prevention, we often talk about “targeted applications.’ This term refers to end-user applications which can be exploited by hackers for …
Where RFI attacks fall in the security threat landscape
New research from Incapsula yielded a few interesting facts about RFI attacks. The data for the report was collected by monitoring billions of web sessions over a 6-month …
Joomla exploit doing rounds, users advised to update
Users who run their sites own sites and use the Joomla CMS but haven’t updated it in a while should do so immediately if they don’t want to see their sites …
Tor users targeted with spyware following anonymous Web-host shutdown
The news that the alleged owner of Freedom Hosting, the internet host for a great number of Tor hidden services, has been arrested and is accused of distributing and promoting …
McAfee ePolicy Orchestrator exploitation tool
US-CERT’s latest advisory focuses on an exploit tool for McAfee ePolicy Orchestrator. The tool targets two vulnerabilities found in ePO versions 4.6.5 and earlier. In …
POC code for critical Android bug published
Last week, researchers from Bluebox Security have made a disconcerting revelation: Google’s Android mobile OS carries a critical bug that allows attackers to modify the …
Malwarebytes acquires ZeroVulnerabilityLabs
Malwarebytes, a provider of anti-malware software, announced the acquisition of ZeroVulnerabilityLabs, a vulnerability, exploit and security research and development firm …
Featured news
Sponsored
Don't miss
- Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
- SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
- ChatGPTriage: How can CISOs see and control employees’ AI use?
- Managing exam pressure: Tips for certification preparation
- Firmware update hides Bluetooth fingerprints