Tis the season for predictions and security firm Trusteer checks in today with a handful for the upcoming New Year. In a post on the company’s blog, CTO Amit Klein distills Trusteer’s top ideas into an infographic,. The company predicts the security landscape will see more exploits, specifically Man-in-the-Browser malware, targeting Google’s Chrome browser, the further emergence of native 64-bit Windows malware and what the firm claims will be a more drawn out malware lifecycle.
Browsing Category: Microsoft
Sophos and TrendMicro, and anumber of other security firms, are reporting a dramatic increase in the prevalence of a worm using AutoRun and social engineering to proliferate.
Phishers are using a typosquatted domain name designed to mimic the URL of a popular e-commerce destination in order to lure their victims to a malicious Website that prompts its visitors to download a malicious add-on that will guide users to phishing sites, even when they type legitimate URLs into their browser’s address bar.
Attackers continue to exploit the buzz behind the launch of Windows 8, Microsoft’s latest operating system. The latest attack attempts to trick users into using fake key generators that claim they’ll install the software to computers free of charge.
New malware targeting Windows 8 appears to be using Google Docs as a proxy server instead of directly connecting to a command and control (C&C) server. According to research done by Symantec and discussed in the company’s Security Response blog late last week, a Trojan, Backdoor.Makadocs, targets Windows 8 – along with Windows Server 2012 – yet doesn’t use any of the software’s particular functions as an exploit vector.
UPDATE – Skype engineers have repaired a newly reported vulnerability that would allow someone to abuse the platform’s password-reset mechanism to take over another account.
Microsoft released its monthly security updates today and put special urgency on a cumulative security update for Internet Explorer 9. Critical vulnerabilities were found in the way the browser handles objects in memory which could lead to an attacker remotely executing code. Victims would have to land on a website hosting an exploit, Microsoft said. The company said there are no public exploits for this vulnerability.
Plenty is happening on the Microsoft patch management front. First, Adobe agreed to sync up its patch release cycles with Microsoft’s on the second Tuesday of every month, moving away from quarterly releases. And now on Tuesday, Microsoft will release its first security updates since the release of Windows 8.
Windows 8 isn’t yet a week old, but the scammers and phishing crews already are taking their swings at it, setting up new campaigns based on the shiny new operating system. Security researchers have identified a new scareware campaign playing off of the Windows 8 launch, as well as a phishing email trying the same tack.
Controversial bug hunters and exploit sellers VUPEN claimed to have cracked the low-level security enhancements featured in Windows 8, Microsoft’s latest operating system.