Tag: exploit

Microsoft Hits Citadel Hard

Late last week, Microsoft’s Digital Crimes Unit, working with the FBI and the U.S. courts, took a huge chunk out of the capabilities of the Citadel botnet. Citadel is a ZeuS variant that is responsible for infecting what is believed to be millions of computers across the globe in the hopes of stealing financial information through key logging and form grabbing and using that information to steal money from the bank accounts of infected victims.

Google and the Zero-Day Conundrum

Last week Google announced a significant change to the way they disclose vulnerabilities. In cases where a zero-day vulnerability has made it into the wild and is being actively exploited, Google will now give a scant 7 days to the software vendor whose product is being exploited before ”…support(ing) researchers (by) making details available so that users can take steps to protect themselves.” We hope that the details Google will make available do not include full disclosu…

New NSS Labs Report: IE’s Browser Security Bests Others

Microsoft’s Internet Explorer 10 is the most secure web browser according to the results of a mid-May 2013 NSS Labs’ analysis. Apple Safari 5, Google Chrome 25/26, Internet Explorer 10, Mozilla Foxfire 19 and Opera 12 were all evaluated against malware downloads and socially engineered malware. Results show that Chrome’s malware download protection improved significantly, up to more than 83 percent from a 70 percent performance in NSS’ October 2012 analysis, Browser C…

Preventing DDoS: What to Look for in a Security Solution

Distributed Denial of Service (DDoS) attacks are on the rise, and they’re only getting stronger. This was driven home by The New York Times report on how anti-spam organization Spamhaus fell prey to one of the largest DDoS attacks in history. Few can forget the targeted DDoS assaults on global financial institutions JP Morgan Chase, Wells Fargo and Bank of America, Regions Bank and American Express – attacks that crippled the businesses for hours and cost millions in lost business, rem…

Tufin Talks ‘Magic’ in Network Security Abstraction

There’s no shortage of reports on the latest network security breaches. Each incident holds its own valuable security lesson but it’s beneficial to recognize the incremental successes paving the way to progress. That’s exactly what Reuven Harrison of Fortinet’s solution partner Tufin did in a blog published last week.

11MB for a simple conference program application?

As I was following the tweets of IEEE S&P, one of the top academic conferences on security, I saw they had created a special application for the people attending the conferences, with the agenda, paper abstracts and a few news. Figure 1. IEEE Security & Privacy Android application Curious, I downloaded the application for Android (air.org.computer.confprog.sp.apk) and ran it through my automated analysis scripts.