BlackHole

(get it in RSS or Atom)

Busts, Bounties and Backdoors - 60 Sec Security [VIDEO]

2013-10-12-backdoor2-250

Who's "Paunch"? What happens when you arrest him? How do you win $100k from Microsoft? Could there really be a backdoor in Adobe's code?

Find out the answers in this week's episode!

Assessing the impact of the Blackhole arrests

bh-250

News has surfaced that the criminals behind the Blackhole exploit kit have been arrested.

Now, everyone wants to know, "Will the arrest have any effect on the prevalence of the threat?"

Fraser Howard of SophosLabs looks at the data...

Monday review - the hot 26 stories of the week

dow-250

In case you missed it: Here's everything we wrote last week.

Rogue Apache modules pushing iFrame injections which drive traffic to Blackhole exploit kit

Rogue Apache modules pushing iFrame injections which drive traffic to Blackhole exploit kit

SophosLabs has seen huge volumes of legitimate sites being compromised with malicious redirects in recent weeks.

Fraser Howard explains what's going on, and how the compromised web servers are almost exclusively running Apache.

Yet ANOTHER Java zero-day claimed - but this time you're laughing, right?

Irrepressible cybercrime investigator and reporter Brian Krebs has written about yet another Java zero-day exploit.

This one, it seems, targets an exploitable vulnerability even in Oracle's most recent release, Version 7 Update 11, aka 7u11.

Technical paper: Deeper inside the Blackhole exploit kit

Technical Paper: Inside a Black Hole (part 2)

For those interested in exploit kits and how they work, Gabor Szappanos has published the second (and concluding) part of his technical paper looking at the Blackhole kit.

Recommended reading for all those that want a little more detail as to how one of the most prolific and widely used crimeware kits actually works.

Exploit kits, the biggest threat on the web, are being fed by whitehat security researchers

Who is feeding the Blackhole exploit kit?

When security researchers make available proof of concept code to demonstrate vulnerabilities, are they actually supporting the malicious exploit kit authors?

SophosLabs expert Gabor Szappanos shows that the creators of exploit kits aren't the ones discovering the zero day vulnerabilities.

Monday review - the hot 24 stories of the week

Monday review - the hot 24 stories of the week

Here you go.

All the stories we wrote in the past seven days, in case you missed anything (or just want to read them again).

Technical paper: Journey inside the Blackhole exploit kit

plug-hole-thumb

Do you want to learn more about the exploit kit that is arguably responsible for the most malware infections this year?

Well read the latest technical paper from SophosLabs, where Gabor Szappanos uncovers some of the details behind the Blackhole exploit kit.

Hacked Go Daddy sites infecting users with ransomware

go-daddy-thumb

Computer users are getting infected with ransomware because criminals have managed to hack the DNS records of Go Daddy hosted websites.

Fake Apple invoices lead to Blackhole exploit kit that drains your bank account

Fake Apple invoices lead to Black Hole that drains your bank account

A new round of spams proclaims you have been charged for a large purchase from Apple.

All links lead to webpages infected with the Blackhole exploit kit. Be cautious with your online shopping this holiday season.

Monday review - the hot 22 stories of the week

Monday review - the hot 22 stories of the week

Here you go. All the stories we wrote in the past seven days, in case you missed anything (or just want to read them again).

Adobe Reader zero-day exploit thwarts sandboxing

Adobe Reader zero-day exploit thwarts sandboxing

The vulnerability is selling for up to $50K on the black market, security researchers say, and has been included in a package of banking Trojans called the Blackhole Exploit Kit, which is the most prevalent exploit kit out there.

Monday review: the hot 20 stories of the week

Monday review: the hot 20 stories of the week

Here you go. All the stories we wrote in the past seven days, in case you missed anything (or just want to read them again).

Blackhole malware attack spread via 'Your photos' email

blackhole-thumb

A malware attack has been spammed out widely via email to internet users, posing as a message about photos.

Offensive Facebook email leads to Blackhole malware attack

Offensive Facebook email leads to Blackhole malware attack

Facebook users are warned to be on their guard against unsolicited emails they might receive suggesting that someone has left an offensive comment about them on their wall.

"Mitt Romney almost president" - Fake CNN alert leads to Blackhole malware attack

CC-Romney-Byaustenhufford250

In an attempt to cash in on the interest in the upcoming US presidential election, online criminals have begun circulating malicious emails pretending to be CNN news alerts about Mitt Romney pulling ahead in the polls.

New security hole found in multiple Java versions

New security hole found in multiple Java versions

The same team of Polish researchers who discovered a critical security hole in Oracle’s Java software say that they uncovered another such hole, which could be used to bypass the secure application “sandbox” on most recent versions of Java.

Monday review: the hot 18 stories of the week

Monday review: the hot 18 stories of the week

It's weekly summary time.

Here's everything we've written in the last seven days.

SSCC 98 - RSA keys, Blackhole exploits, Nitol botnets and Apache takes potshots at Microsoft

SSCC 98 - RSA key safety, Blackhole exploit kit updated, Nitol botnet takedown and Apache takes potshots at Microsoft

Duck joins Chet to take on the latest security news.

As usual, they don't mince their words, so take a listen and enjoy a quarter-hour mix of news, opinion, advice and research..