ESET Threat Blog

Brian Krebs thinks so:

Java is now among the most frequently-attacked programs, and appears to be fast replacing Adobe as the target of choice for automated exploit tools used by criminals.

Of the systems which I personally administrate as the ‘Chief Family Technology Officer’, the Java updates constantly annoy and confuse my mom who uses Vista… Vista … Read More…

While serving in the Marine Corps, one activity that I felt was effective in preparing both myself and my unit to be able to handle real-world scenarios, was getting as much experience as possible from military training exercises. In most cases multiple branches worked together or, as in the case with NATO exercises, multiple countries … Read More…

There has been quite a lot of traffic in the last few weeks about the doc.media.newPlayer vulnerability referenced in the CVE database as CVE-2009-4324. The following Adobe articles refer:
http://www.adobe.com/support/security/advisories/apsa09-07.html
http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
http://blogs.adobe.com/psirt/2009/12/security_advisory_apsa09-07_up.html
Today's article at the Internet Storm Center by Bojan Zdrnja (http://isc.sans.org/diary.html?storyid=7867) gives a lot of detail on a particularly inventive exploit of the vulnerability. I won't attempt … Read More…

I recently learned a new acronym: SODDI (Some Other Dude Did It). What this refers to is the defense that criminals routinely use (plausible deniability) – and even more so when it comes to illicit activities on the Internet.
On Sunday, November 8th 2009 the Associated Press published an article regarding an individual that was … Read More…

"Now may I suggest some of the things we must do if we are to make the American dream a reality. First, I think all of us must develop a world perspective if we are to survive. The American dream will not become a reality devoid of the larger dream of brotherhood and peace and … Read More…

I’d like to call your attention (again) to a major Adobe bulletin that was released yesterday (actually, still today, if you’re far enough behind GMT, but I’m sitting just a train ride away from Greenwich, UK).
In brief, the bulletin concerns the following CVE (Common Vulnerabilities and Exposures) issues:

CVE-2009-1862
CVE-2009-0901
CVE-2009-2395
CVE-2009-2493
CVE-2009-1863
CVE-2009-1864
CVE-2009-1865
CVE-2009-1866
CVE-2009-1867 … Read More…

In previous blogs, I mentioned that some of the presentations from the CARO workshop a couple of weeks ago were likely to be made available publicly.
Unfortunately for non-attendees, most of the presentations are only available to people who were there: however, some can be downloaded by the public from here.
In case I didn’t mention … Read More…

Some of us are currently enjoying some excellent presentations at a CARO workshop in Budapest on exploits and vulnerabilities. Hopefully, some of them will eventually be made public, so that we’ll be able to include pointers to specific resources.
While there’s been a great deal of technical detail made available that has passed me by previously … Read More…

Ever since Adobe’s recent updates to Acrobat and Reader, I’ve been irritated by the fact that every time I open a PDF, I’m prompted to  re-enable JavaScript, which I disabled while we were all waiting patiently for those patches to the last round of vulnerabilities.
"This document contains JavaScripts. Do you want to enable JavaScripts from … Read More…

There was a comment posted today on an article on the SC Magazine site from someone who seemed to think we were talking up an obsolete exploit. He seems to have been thinking about this one: "Microsoft Security Bulletin MS08-014 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)". (Which fixes this issue, … Read More…