ESET Threat Blog

[Part 2 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.]
Catch the Patch Batch
Keep applications and operating system components up-to-date with automated updates and patches, and by regularly reviewing the vendors’ product update sections … Read More…

ESET released its Global Threat Report for the month of September, 2009, identifying the top ten threats seen during the month by ESET's ThreatSense.Net™ cloud.  You can view the report here and, as always, the complete collection is available here in the Threat Trends section of our web site.  While the report identifies a number … Read More…

This is a quick follow-up to the earlier blog about Adobe updates.
I’ve just received notification that the Adobe Flash Player updates bulletin released yesterday has been updated: it now contains information about (and links to) the promised Adobe Reader and Acrobat patches.
Adobe states that it categorizes these updates as critical and recommends that you apply … Read More…

I’d like to call your attention (again) to a major Adobe bulletin that was released yesterday (actually, still today, if you’re far enough behind GMT, but I’m sitting just a train ride away from Greenwich, UK).
In brief, the bulletin concerns the following CVE (Common Vulnerabilities and Exposures) issues:

CVE-2009-1862
CVE-2009-0901
CVE-2009-2395
CVE-2009-2493
CVE-2009-1863
CVE-2009-1864
CVE-2009-1865
CVE-2009-1866
CVE-2009-1867 … Read More…

SC Magazine in the UK picked up on our Global Threat Report for June, based on statistics that derive from our ThreatSense.Net® threat-monitoring technology. Thanks, Dan: when you do as much writing as I do, it’s comforting to know that someone is reading it.
I thought, though, I’d develop some thoughts on a topic arising … Read More…

Microsoft issued an advisory last week – Microsoft Security Advisory (969136) "Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution" – that "could allow remote code execution if a user opens a specially crafted PowerPoint file."
The advisory uses very similar language to Microsoft’s recent advisory on an Excel vulnerability, referring to "only…limited and targeted … Read More…

In a previous blog relating to Acrobat vulnerabilities, I suggested that you might want to sign up for Adobe’s alerts service. I did, but still haven’t received any news from it. However, it appears that The Register (or one of its sources) did, so I’m nevertheless aware that Adobe has released updates to address the … Read More…

PSST! Anyone remember the Telephone party game, also known by various politically incorrect names like Chinese Whispers and Russian Scandal?
A series of reports like this and this illustrate a textbook example of how rumour and misunderstanding (some of it probably wilful) can transform a story into something very different to its original form. According to … Read More…

A few days ago, I promised (threatened) to make some general points about biasing test results, but travel and other obligations have been getting in the way. I’ll get back to that very shortly, but in the meantime, I want to look at an issue with the latest round of Microsoft patches that I was … Read More…

Don’t expect antivirus alone to protect you from everything.
Use additional measures such as a personal firewall, antispam and anti-phishing toolbars, but be aware that there is a lot of fake security software out there. This means that you need to take care to invest in reputable security solutions, not malware which claims to fix non-existent … Read More…