Microsoft has just released its monthly updates for May 2013. The zero-day IE flaw used on the Dept of Labor website was fixed, as well as an IE 10 hole used at PWN2OWN.
Critical fixes for Adobe Reader, Flash Player and ColdFusion also hit the streets today.
PWN2OWN 2013 finished off today.
A second scheduled attack on IE 10 didn't happen, so IE 10 didn't get owned again, but Flash and Reader fell once each, and Java was exploited for the fourth time in two days...
Adobe has released the emergency update for Reader and Acrobat that it promised late last week.
You may as well take advantage of Adobe's new-found velocity and get busy patching!
A new round of spams proclaims you have been charged for a large purchase from Apple.
All links lead to webpages infected with the Blackhole exploit kit. Be cautious with your online shopping this holiday season.
Are some of the different variants of Blackhole exploit kit that SophosLabs are seeing actually new versions of this popular Exploit kit? Or simply copycats created by other groups?
The vulnerability is selling for up to $50K on the black market, security researchers say, and has been included in a package of banking Trojans called the Blackhole Exploit Kit, which is the most prevalent exploit kit out there.
Cloud-based storage firm MediaFire restored account access to a virus researcher who was suspended after a mysterious firm claimed virus samples she posted on the service violated copyright protections.
A malware researcher finds herself in company with First Lady Michelle Obama and science fiction author Neil Gaiman: booted from the web by hard-headed copyright protection algorithms.
Adobe PDF vulnerability exploitation caught on camera.
Sophos security expert Chet WIsniewski demonstrates how malicious PDFs can infect your computer.
GovCertUK, the UK Government's Computer Emergency Response Team, had issued an alert warning that attackers could bypass gateway anti-virus software to infect organisations, by encoding malicious PDF files into the XDP format.
SophosLabs researcher Paul Baccas takes a close look at a way in which malware authors attempt to disguise their attacks inside boobytrapped PDF files.
While the media just looove zero-day exploits, the security industry sees a lot more exploits designed to take advantage of patched vulnerabilities. Question is why don't many of us get around to installing the patches?
The UK Ministry of Defence has been caught out again by a schoolboy error - not knowing how to properly redact a PDF.
As we've explained before, if you're an organisation that is making public an internal document, you best make sure that you have deleted or blacked out any personal, confidential or actionable information.
A fascinating new example of Mac malware has been discovered, that appears to be adopting an old Windows-style disguise to fool users into running it.
It's disguise? A controversial political dispute between China and Japan.
The website run by internet celebrity Leo Laporte, TWiT.tv, has been hit by a malware infection intended to infect visiting computers.
A silly error leaves egg on the face of the British military - but have you learnt the lessons of how to properly redact a PDF?
If you're a customer of VioVet, the UK pet supplies and medications website, then be very careful opening your email this morning.
Customers have received an email purporting to contain a £50 gift certificate from the firm - but they're really being pointed to malware.
A new malicious spam campaign underlines the security benefits of upgrading to the latest version of Adobe Reader X.
SophosLabs researcher Paul Baccas takes a closer look.