Tag Archives: microsoft

The Obscurest Epoch is Today

March 18, 2013

To say that there is a law enforcement manhunt on for the individuals responsible for posting credit report information on public figures and celebrities at the rogue site exposed.su would be a major understatement. I like to think that when that investigation is completed, some of the information I’ve helped to uncover about those affiliated with the site will come to light. For now, however, I’m content to retrace some of my footwork this past weekend that went into tracking individuals who may have been responsible for attacking my site and SWATing my home last Thursday.

Help Keep Threats at Bay With ‘Click-to-Play’

March 11, 2013

28 Comments

Muzzling buggy and insecure Web browser plugins like Java and Flash goes a long way toward blocking attacks from drive-by downloads and hacked or malicious Web sites. But leaving them entirely unplugged from the browser is not always practical, particularly with Flash, which is used on a majority of sites. Fortunately, there is a relatively simple and effective alternative: Click-to-Play.

Fat Patch Tuesday

February 12, 2013

25 Comments

Adobe and Microsoft each have issued security updates to fix multiple critical vulnerabilities in their products. Adobe released updates for Flash Player, AIR and Shockwave; Microsoft pushed out a dozen patches addressing at least 57 security holes in Windows, Office, Internet Explorer, Exchange and .NET Framework.

Microsoft, Symantec Hijack ‘Bamital’ Botnet

February 7, 2013

16 Comments

Microsoft and Symantec said Wednesday that have teamed up to seize control over the “Bamital” botnet, a multi-million dollar crime machine that used malicious software to hijack search results. The two companies are now using that control to alert hundreds of thousands of users whose PCs remain infected with the malware.

Flaw Flood Busts Bug Bank

February 4, 2013

12 Comments

The Common Vulnerability & Exposures (CVE) index, the industry standard for cataloging software security flaws, is growing so rapidly that it will soon be adding a few more notches to its belt: The CVE said it plans to allow for up to 100 times more individual vulnerabilities to be indexed each year to accommodate an increasing number of software flaw reports.

Spam Volumes: Past & Present, Global & Local

January 15, 2013

13 Comments

Last week, National Public Radio aired a story on my Pharma Wars series, which chronicles an epic battle between men who ran two competing cybercrime empires that used spam to pimp online pharmacy sites. As I was working with the NPR reporter on the story, I was struck by how much spam has decreased over the past couple of years. Below is a graphic that’s based on spam data collected by Symantec’s MessageLabs. It shows that global spam volumes fell and spiked fairly regularly, from highs of 6 trillion messages sent per month to just below 1 trillion. I produced this graph based on Symantec’s raw spam data.

Microsoft Issues Fix for Zero-Day IE Flaw

January 14, 2013

5 Comments

Microsoft today deviated from its usual monthly patch cycle in issuing an emergency security update to fix a critical security hole in its Internet Explorer Web browser that attackers have been exploiting to break into Windows PCs.

Police Arrest Alleged ZeuS Botmaster “bx1”

January 10, 2013

24 Comments

A man arrested in Thailand this week on charges of stealing millions from online bank accounts fits the profile of a miscreant nicknamed “bx1,” a hacker fingered by Microsoft as a major operator of botnets powered by the ZeuS banking trojan.

Adobe, Microsoft Ship Critical Security Updates

January 8, 2013

29 Comments

Adobe and Microsoft today separately issued updates to fix critical security vulnerabilities in their products. Adobe pushed out fixes for security issues in Acrobat, Adobe Reader and its Flash Player plugin. Microsoft released seven patches addressing at least a dozen security holes in Windows and other software, although it failed to issue an official patch for a dangerous flaw in its Internet Explorer Web browser that attackers are now actively exploiting.

Turkish Registrar Enabled Phishers to Spoof Google

January 3, 2013

31 Comments

Google and Microsoft today began warning users about active phishing attacks against Google’s online properties. The two companies said the attacks resulted from a fraudulent digital certificate that was mistakenly issued by a domain registrar run by the Turkish government.