-
- duckblog: Get into RSA 2012 in San Francisco for free! Use the code SC12SPH - http://t.co/DXO28TCYabout 2 hours ago
- ChetWisniewski: Update on the KPN compromise in The Netherlands, company says "password are encrypted with UTF8" http://t.co/EmDuXfqSabout 3 hours ago
- gcluley: Cryptome was hacked this weekend directing users to Blackhole exploits. Advice for web admins http://t.co/aN78hlkpabout 5 hours ago
- ChetWisniewski: Leaks website Cryptome was hacked this weekend directing users to Blackhole exploits. Advice for web admins http://t.co/OxSK9sifabout 6 hours ago
Monthly Archives: December 2008
All I want for Christmas... is a patch
As predicted last week, the volume of attacks looking to exploit the zero day vulnerability in Internet Explorer (advisory 961051) browsers is steadily growing. We are seeing many attacks where the bundle of exploits being used to infect victims now Read more…
Stop viewing porn in Internet Explorer.. for now
Over the weekend the situation regarding the unpatched zero-day vulnerability in Microsoft Internet Explorer got worse. On Saturday, Microsoft blogged that a staggering 0.2% of all internet users may have been exposed to the exploit, which has been seen on Read more…
33 pages of web forum spam
I still find it mind-boggling how little some websites are doing to fight spam on their sites. As we discussed in the 2009 Sophos Security Threat Report, and in the video of the Spike website being abused by malicious porno Read more…
Another data loss scandal strikes Germany
It sounds like a plot from a a spy novel, but the anonymous delivery to a newspaper of a cardboard box containing microfilm has ripped open a huge story in the German newspapers. Journalists with the Frankfurter Rundschau were sent Read more…
John McCain and Sarah Palin's leaky data
The dramatic US election campaign brought with it a swathe of computer security stories this year. Amongst other headlines, we saw Sarah Palin's email account being hacked, malware posing as sex videos or victory speeches from Barack Obama, and spammers Read more…
Advertising Trojans?
If you get enough traffic to your website, you stand a fair chance of making huge money. However, how do you get people to visit your website? Today we found an interesting sample of a Chinese website, which utilizes a Read more…
Great, One More Friend... Or So You Think.
Today, I've encountered a phishing spam campaign that could affect members of the hi5.com social network. Messages of that campaign present a fake hi5.com friend request to the recipients and invite them to enter their credentials on a fake replica Read more…
You're a nobody unless someone is faking you
You can't trust anybody on the internet these days. There has been a fake Steve Jobs, a fake Tony Benn (for the benefit of our non-British readers, Tony is a famous left-wing veteran politician), and a truly confusing squabble over Read more…
Unpatched Microsoft Internet Explorer vulnerability being actively exploited
As many of you who follow the security scene will know, Microsoft released an advisory about a zero-day vulnerability in the Internet Explorer web browser a couple of days ago. Sophos published its own analysis of the severity of the Read more…
Symantec and HP lose laptops - workers warned of identity theft risk
Hewlett Packard (HP) and Symantec are reported to be warning their workers of the potential risk of identity theft after laptops were stolen containing unencrypted personal information. The Symantec incident occurred in October, when a laptop containing some staff names, Read more…
Lois Lane and the Craigslist fake landlord scam
I read an interesting story last night about a woman who was trying to sell her house in Cleveland, Ohio. Sharon Smith hired a real estate agent to advertise her house for sale and, as is normal these days, photographs Read more…
More on the Internet Explorer zero-day
Readers will have likely read the vulnerability assessment (updated earlier this morning) and the previous blog entry we have posted. Obviously when issues like this arise, and gather some attention in the press, customers get concerned (understandably). Even if a Read more…
Internet Explorer: zero-day exploit
There is exploit code for a zero-day Internet Explorer vulnerability circulating actively in the wild. This exploit, which has a Microsoft advisory, causes a heap overflow in the XML parser which can then be used for remote code execution. The Read more…
FTC halts fake anti-virus scans that scammed a million people
A US District Court has temporarily halted the operations of two firms accused of tricking internet users into buying bogus security products (also known as scareware or rogueware). According to a statement by the Federal Trade Commission, Innovative Marketing and Read more…
I'd like to buy the world a clue
Email scams claiming to come from Coca Cola are nothing new. But today Clu-blog reader Kevin forwarded me a message he had received in his inbox which was a little different. The email Kevin received claims to come from the Read more…
Talking computer security threats in 2008 and 2009
Earlier this week Sophos published its annual threat report - a free-to-download guide about the top computer security threats and trends we saw in 2008, and some predictions as to what we might see in the future. This morning we've Read more…
Animals Suffer from Malware Too
Animals already suffer from cruel treatment due to illegal trading and hunting. Now, they have to suffer because of malware as well. Recently, I chanced upon another typical obfuscated VBscript: After de-obfuscating the encrypted layers of code, the Trojan unravels Read more…
December Microsoft Security Bulletins
It seems that November was quite a busy month for people in Microsoft Security Response Center, finalizing the set of latest security patches. It is a bit worrying that vulnerabilities in 7 out of 8 published bulletins could be used Read more…
Video of a fake anti-virus attack
Following the video I posted earlier today demonstrating how criminals have planted messages on the Spike website linking to pornographic and malicious attacks, here's another movie. (Enjoy this video? You can check out more on the SophosLabs YouTube channel and Read more…
