The month of June is turning into a very bad month for password security. Last week three major sites – Linkedin, eHarmony, and last.fm – all suffered from major leaks that put millions of user passwords online. Earlier this week, it was revealed that the game League of Legends has also suffered its own flaw…
Read MoreBanks and other financial institutions have put in stricter controls in an attempt to minimize losses that phishing attacks cause. Cybercriminals have not taken this sitting down by producing a new tool to automate online banking fraud — automatic transfer systems (ATSs). In the past, malware families like ZeuS and SpyEye used Webinject files to…
Read MoreRecently, security researcher Sergei Golubchik reported a security issue in MySQL in which an attacker could log in to a MySQL database using literally any password. With this entry, I would like to take some time to explain the issue to our customers. The problem is serious in affected systems – but the exposure surface…
Read MoreWe’ve been tracking and informing customers about current Black Hole Exploit Kit Spam Run activity and noted that spammers have been changing their methods to better achieve their goals. The most recent development is the aggressive turn in tactics used in these spam runs, which makes it easier for infection to occur. With the latest…
Read MoreApart from the regular monthly patch release Microsoft issued yesterday, which included a patch for relatively large number of vulnerabilities in Internet Explorer (MS12-037), Microsoft also reported another IE vulnerability that has no patch available yet. MS Security Advisory (2719615) specifically identifies the Microsoft XML (MSXML) Core Services as the vulnerable part. MSXML provides a…
Read More