Inside the Java 0-Day Exploit
The Java Web Start vulnerability that has been getting so much attention of late is being attacked by a number of different sites now, with a relatively simple and easily reproducible exploit, researchers say.
Dennis Fisher
About
Dennis Fisher is a journalist with more than 13 years of experience covering information security.
Gunter Ollmann on Opt-In Botnets and Targeted Attacks
Dennis Fisher talks with Gunter Ollmann, VP of research at Damballa, about the new generation of hacktivism and opt-in botnets, as well as the trend toward targeted attacks in corporate environments.
Attackers Using Malicious PAC Files in Phishing Attacks
Malware authors have developed a new, and frighteningly effective, tactic that uses a feature built into all of the modern browsers to redirect users to malicious sites without their knowledge or action.
Adobe on Tuesday released its quarterly load of patches, including an update for Adobe Reader that fixes several critical vulnerabilities. The company also used the opportunity to enable the new automatic updater in both Reader and Acrobat.
Security researchers have identified a newly formed botnet that comprises machines infected with a Trojan specifically designed to manage the downloading and installation of a spectrum of other malicious software.
In this
Google TechTalk, HP’s Marc Stiegler describes a different approach to
security software.
There is a serious vulnerability in Java that leaves users running any of the current versions of Windows open to simple Web-based attacks that could lead to a complete compromise of the affected system. Two separate researchers released information on the vulnerability on Friday, saying that it has been present in Java for years.
The attackers behind the raft of banker Trojans emanating from Brazil these days are continuing to refine their craft and learn new tricks. Their latest efforts have seen them going to greater lengths than ever to obfuscate their creations and hide their true functionality in order to evade detection and analysis by security software.
Joanna Rutkowska, a security researcher known for her work on virtualization security and low-level rootkits, has released a new open-source operating system meant to provide isolation of the OS’s components for better security.
Enterprises are spending huge amounts of money on compliance programs related to PCI-DSS, HIPAA and other regulations, but those funds may be misdirected in light of the priorities of most information security programs, a new study has found.
