We have added a few sections under our malware lab blogs! This means that you will have more helpful tips, insights, facts and figures about all things malware!
Here are the new sections:
The latest Flash update patches two security vulnerabilities - the first (CVE-2012-0772), resolves a memory corruption vulnerability related to URL security domain checking that could lead to code execution on Windows 7 or Vista. The second (CVE-2012-0773) fixes a memory corruption vulnerability in the NetStream class that could lead to code execution.
TLDR; vulnerable Flash player, exploits patched.
However, this time around, Adobe have introduced an automatic updating mechanism for Flash Player.
In Microsoft's Security Bulletin Summary for February 2012 a number of updates have been released including four "critical" and five "important" severity updates.
The holiday shopping season is right around the corner and 'tis the season to be safe. These 5 tips will help you to safely shop online and to stay away from hackers, identity thieves and scammers.
Phishing is a deviously clever strategy used by cybercriminals to steal your personal information (e.g., username, password or banking account information) by fooling you in handing it over to them.
By masquerading themselves as legitimate institutions and businesses you know and trust, cyber thieves bait users to hand over their passwords, Facebook accounts, banking information and even SIN numbers.
Scammers absolutely love the holiday season. There are likely to be more online scam victims during those busy shopping and travelling December days than at any other time during the year. As such, we compiled a list of Christmas scams you should beware of.
It's common to hear security vendors advise people to "keep their computer up to date with the latest patches" but what does that actually mean and why is it important?
Malware can infiltrate PCs via a number of attack surfaces, one of which being bugs in Windows and the programs on your PC.
Microsoft have published a Security Bulletin Summary for November 2011. A number of updates have been released including one "critical" and two "important" severity updates.
The patches address remote code execution, elevation of privilege and denial of service vulnerabilities. Importantly, an update has been released to patch the critical vulnerability in the TCP/IP stack (MS11-083). Microsoft report that "the vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system."
As the malware landscape evolves, it's helpful to understand how malware gets onto your machine. Knowing the bad guys' strategies gives you the edge while on-line and puts you in a stronger position to defend your data and PC against compromising threats.
We all know that we should install anti-malware software, keep it up to date and run regular scans, apply Windows and application security patches when they become available, use a firewall... well, I won't bore you - you know what to do. But what kind of attacks can we expect and where are they coming from?
Microsoft have published a Security Bulletin Summary for October 2011. Eight updates have been released including two "critical" and six "important" severity updates.
The patches address remote code execution, elevation of privilege and denial of service vulnerabilities within Windows, Internet Explorer, Microsoft .NET Framework, Microsoft Silverlight, Microsoft Forefront United Access Gateway and Microsoft Host Integration Server.
Firefox 3.6.13 and Thunderbird 3.1.7 have been released. The latest versions include fixes to improve performance, stability and security.
11 Firefox updates, 9 of which are rated critical are included in this fix. More information here.
All 3 of the Thunderbird updates fix critical vulnerabilities. More info here.
YOU SHOULD KNOW...
CATEGORIES
- Beta Testing (29)
- Comment (9)
- Definition File Updates (2)
- Developer Comments (15)
- Everyday Life at Lavasoft (92)
- How to (17)
- Industry and Security News (558)
- Lavasoft Products (141)
- Law Enforcement and Legal Action (49)
- News about Lavasoft (109)
- Phishing (1)
- Researcher Comments (39)
- Riff Raff (25)
- Rogues (76)
- Security Alert (93)
- Security Alerts (72)
- Security Tips (260)
- Website News (11)
