English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1
Latest posting
By rating
By popularity

Join our blog

You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.

Software|Adobe Updates April 2014

Roel
Kaspersky Lab Expert
Posted April 08, 20:38  GMT
Tags: Adobe
0
 

This month's Adobe Patch Tuesday revolves around Flash. This means the zero-days used by VUPEN to exploit Adobe Reader at CanSecWest last month go unpatched.

CVE-2014-0506 and CVE-2014-0507 deal with remote code execution and were both used separately at CanSecWest's Pwn2Own. (It looks like these CVEs were initially assigned CVE-2014-0511 and CVE-2014-0510.)

Events|Trust. Trust. Trust

Roel
Kaspersky Lab Expert
Posted March 10, 20:31  GMT
0.1
 

Over the past week or so I've been to TrustyCon, Jeffrey Carr's town-hall debate on Privacy v National Security and Georgetown's conference on International Engagement on Cyber. All these conferences had trust as a major focal point. Trust in the internet. During the course of the last nine months in particular that trust has been eroded and replaced with suspicion. How do we fix this?

Overall, I really enjoyed some great discussions at these events. The town-hall debate did the best job at getting people from all sides to the table, which is something we need to see more of.

News|Adobe's first Patch Tuesday of 2014

Roel
Kaspersky Lab Expert
Posted January 14, 17:59  GMT
Tags: Adobe
0.1
 

This month's Adobe Patch Tuesday release sees fixes for Flash Player, Acrobat and Reader. All vulnerabilities get the highest priority rating. This means future exploits are likely.

News|Adobe Security Updates December 2013 - Fixing CVE-2013-5331 and more

Roel
Kaspersky Lab Expert
Posted December 10, 20:02  GMT
Tags: Adobe
0.2
 

This month Adobe's realing fixes for both Flash Player and Shockwave.

The vulnerabilies for Flash Player affect all platforms and concern two CVEs - CVE-2013-5331 and CVE-2013-5332, which both allow for remote code execution. Eploitation of CVE-2013-5331 using Microsoft Word as a leverage mechanism has been observed in the wild. Though Flash 11.6 introduced Click-to-Play for Office, users may still be socially engineered into running Flash content in Office documents. Make sure to apply this patch promptly.

Events|November Adobe Patches

Roel
Kaspersky Lab Expert
Posted November 12, 20:32  GMT
Tags: Adobe
0.1
 

This month's Adobe Security Update round is a relatively quiet one, in contrast to the Microsoft patch cycle. There are two bulletins, one affecting Flash Player and one affecting ColdFusion.

After the discovery of a major breach at Adobe recently some would perhaps have expected a bigger number of CVEs to get patched this round. It will be interesting to see how the breach will affect patch cycles in the coming months.

Incidents|Fake CNN emails claim US have started bombing Syria

Roel
Kaspersky Lab Expert
Posted September 06, 16:51  GMT
Tags: Adobe, Oracle
0.2
 

We're currently seeing a spam run which involves a (fake) report from CNN saying that the US have started bombing Syria.

Clicking the shortened link will lead to an exploit kit which targets older, vulnerable versions of Adobe Reader and Java. The attackers favor using the Java exploit over the Reader exploit, as Java exploits are generally more reliable.

The exploit will download a Trojan-Downloader onto the system, which will subsequently download various other malware.

Events|NSAccess Control Lists

Roel
Kaspersky Lab Expert
Posted August 13, 20:31  GMT
Tags: Conferences, DDoS, Cyber weapon, Cyber espionage
0
 

Last week, I attended the International Conference on Cyber Security at Fordham University in NYC. This event brought together participants from government, the private sector and academia. The closing session was a panel featuring the directors of the CIA, FBI and NSA which drew a lot of attention.

FBI Director Robert Mueller speaking at the closing panel

Throughout the conference, there was a strong push for more cooperation internationally and between different sectors. While cooperation has come a long way, we still have a long way to go.

The topic of cyber-espionage didn't come up as much as I've been used to in recent times. Instead, there was more talk on cyber-sabotage with several presentations talking about this problem.

Events|Hello from Infiltrate 2013

Roel
Kaspersky Lab Expert
Posted April 12, 17:51  GMT
0.2
 

Today is the second and last day of Infiltrate 2013 which is taking place in Miami Beach. It's my first time at Infiltrate and so far I've been really impressed with the quality of the conference.

The opening keynote by Chris Eagle definitely set the tone for the rest of the con, with a very clear focus on offense. Chris shared his own view on various issues concerning how the US Armed Forces - and the Navy in particular - deal with educating people on cyber.

One of the bits I found particularly interesting was the Title 10 issue. Many of the experts creating cyber-tools, which would make them best equipped to handle them, are civilians. However under Title 10, only military personnel can actually 'pull the trigger'. You can see how this can be problematic.

Incidents|The Biggest DDoS Ever that "Almost Broke the Internet"?

Roel
Kaspersky Lab Expert
Posted March 30, 04:25  GMT
Tags: DDoS
Kurt Baumgartner
Kaspersky Lab Expert
Posted March 30, 04:25  GMT
Tags: DDoS
0.5
 

"If the Internet felt a bit more sluggish for you over the last few days in Europe, this may be part of the reason why." Well, "a bit more sluggish" for limited sets of communications in parts of Europe for a few days is not a broken internet, and is certainly not close to a critical infrastructure disaster.

There's been a lot of attention for the recent reports regarding a DDoS attack against Spamhaus which reached a peak of 300gbps. Yes, such enormous amount of throughput definitely makes this one of the biggest DDoS attacks ever seen. DDoS attacks have seen an increase in popularity in recent times and there's no sign they'll go away anytime soon. Cyber-criminals, competitors, hacktivists and nation-state sponsored actors all have their motives to use DDoS attacks. In this case, a suspected entity behind these attacks is a Dutch hosting company called CyberBunker, whose owner denies being responsible, but claims to be a spokesman for the attackers. The conflict between Spamhaus and CyberBunker goes back to 2011 and has now escalated after Spamhaus blacklisted CyberBunker earlier this month. The timing and conflict is uncanny. And, Spamhaus is certainly under attack from some determined group capable of generating massive amounts of traffic, forcing them to move to hosting and service provider CloudFlare, known for effectively dissipating large DDoS attacks.

Virus Watch|Malware in the Amazon App Store

Roel
Kaspersky Lab Expert
Posted December 19, 15:50  GMT
Tags: Mobile Malware, Google Android
0.2
 

Like many others, I took advantage of Amazon.com's sale and ordered a Kindle Fire HD last week. When I got around to exploring the Amazon App Store, it didn't take long before running into malware.

While searching for a particular benchmarking app I was presented with some additional apps. One of them immediately looked suspicious.