With 2012 safely behind us, F-Secure reflects on the second half of the year in malware. They focus on malware, exploits, and botnets with the data prepared in interesting ways, such as a timeline and organized in exploits per country. The year saw ZeroAccess, Zeus, SpyEye, mobile botnets, and many more. With different profits available for infections, many malicious people are … [Read more...]
In the wild exploit or Apple forces Oracle’s hand to release Java 7u13 early
I am going to need to start drinking coffee in order to deal with the issues Java is throwing. Of course, Java has been in the news recently since a vulnerability disclosed last August gained attention of the media and was finally (partially) patched with version Java 7u11. Following that, there are two separate issues; one on the Mac OS X side and one on the Windows side. The … [Read more...]
Compromised ComboFix anti-malware tool infects computers with Sality virus
ComboFix is a popular anti-malware tool used by many computer technicians. Unlike most scanner applications that check files for particular signatures, ComboFix is more of a script that runs through its different stages completing various tasks to counter specific malware infections. It also stops all services while running which gives it a fighting chance against rootkits that … [Read more...]
First Patch Tuesday of 2013 brings updates from Microsoft, Adobe, and Mozilla
Now with Adobe onboard to push updates the second Tuesday of the month, Patch Tuesdays have become even more fun. Microsoft deployed seven security bulletins while Adobe released updates yesterday to Adobe Flash Player, Acrobat and Reader, and Adobe AIR. The Adobe Acrobat and Reader updates released included support for versions 9, 10, and 11. On top of that, Mozilla released … [Read more...]
Nvidia GeForce driver 310.90 update plugs security concern
On Saturday, Nvidia released an update to its GeForce drivers, bringing them up to version 310.90. Prior versions contain a security vulnerability in the NVIDIA Display Driver service (nvvsvc.exe). The vulnerability would allow an existing account to gain elevation to administrator access. The existing account requirement means the vulnerability is not the end of the world but … [Read more...]