2 solutions for the latest Java vulnerability
Last week a new Java 0-Day was spotted in the wild . In short, anyone with Java installed and enabled in his browser could be easily infected while visiting any website that was using the exploit to take advantage of the latest Java’s security hole. What can we do to protect ourselves? I give you [...]
Java exploits reloaded
As you probably already know, we detected a 0-day vulnerability in Java 1.7 0 whereby the machine could be exploited by any malware for remote code execution. Only users who use this version of Java are were affected . Fortunately, Oracle has released an emergency update to prevent cybercriminals from taking advantage of it. One of the means the [...]
The Rise of the Ransomware – Police Virus Reloaded
Some of you probably remember this article where I described the huge increase of attacks seen in some countries by malware that was posing as different law enforcement agencies. This kind of malware is called “Police Virus” due to this, and its main purpose (as usual with malware) is to steal money from the users. [...]
LinkedIn spam serving Adobe and Java exploits
Today we will be reviewing a cybercriminal’s recipe for success: Hacking LinkedIn’s password (and possibly user-) database. Sending an email to all obtained email addresses, which is urging you to check your LinkedIn inbox as soon as possible. A user unawarely clicking on the link. An exploit gets loaded. Malware gets dropped. Malware gets executed. [...]
Flame: new cyber-espionage tool?
This week a “new” malware has been uncovered (taking a look at our Collective Intelligence database, I can confirm that some of the files involved in this attack date back at least to April 2011.) that could be related to cyber-espionage (detected as W32/Flamer.A.worm). It has been infecting computers in middle-east countries (Iran, Israel, Syria, [...]
PandaLabs Annual Report – 2011
Today we are publishing the PandaLabs report, where you can enjoy an overview of the main figures and security news that have happened in the last 12 months, as well as some figures. You will see how malware creation hit a new record high in 2011 with 26 million samples, that Trojans continue to be [...]
Hong Kong, AVAR 2011
Greetings from Hong Kong! This week we are enjoying the security conference AVAR, which is taking place in Hong Kong. Some interesting topics are being covered, such as the talk “Malware in EFI”, where Intel’s Igor Muttik showed us how malware could take advantage of the the EFI (Extensible Firmware Interface) and the challenges we [...]
Deobfuscating malicious code layer by layer
Article written by David Sánchez Lavado This post explains how to analyze the malicious code used in current Exploit Kits. There are many ways to analyze this type of code, and you can find tools that do most of the job automatically. However, as researchers who like to understand how things work, we are going [...]
My take on the IMF hack
This weekend, while the Anonymous people were DDoSing the Spanish Police web site in what they call “peaceful protests” (are they ignorant or just cynical?) another news came out: the International Money Found was hacked, and had been compromised for months. Shocking news As soon as it was made public all media start talking about [...]
