Malware


Cool, BlackHole Exploit Kits Created by Same Hacker

If the relatively cheap, easily available, and totally reliable Blackhole exploit kit is the Toyota Camry of exploit kits, then the Cool exploit kit is the Lexus LS: both kits are reportedly developed by the same crew, but the latter is astronomically more expensive and presumably loaded with better features.

Adobe ColdFusion Exploits in Wild; Patch Remains Week Away

Adobe is recommending ColdFusion users apply a series of mitigations to counter active exploits against vulnerabilities in the application server. An advisory was released late Friday night that the trio of flaws are being targeted by attackers, and that the company would not have a patch available for another week.

Researchers Bypass Microsoft Fix It for IE Zero Day

Expect amped up pressure aimed in Microsoft’s direction for a patch for the Internet Explorer zero day that surfaced last week, now that researchers at Exodus Intelligence reported today they have developed a bypass for the Fix It that Microsoft released as a temporary mitigation.


There’s a natural inclination for people at the end of each year to look back, take stock and try to draw some grand meaning or life lessons out of the events of the past 12 months. This is a particularly risky and difficult thing to do in the security industry, given its inherent unpredictability and chaotic nature. That doesn’t stop people from doing it, mind you, it just makes the process more difficult and often more humorous. The weird thing about 2012, though, is that it turned out to be one of those years that may well end up marking a turning point for consumers, enterprises and governments around the world.

The mystery wrapped inside a riddle that is the Gauss malware’s encryption scheme may be closer to falling. Late last week, researcher Jens Steube, known as Atom, put the wraps on a tool that should bring experts closer to breaking open the encryption surrounding the espionage malware’s payload.