In one of these moments when those who are supposed to know, don't know, and those who don't realize what they know aren't reaching the appropriate parties, it's time we get back to the basics - finding out who's behind GPcode, and trying to tip them on the consequences of their blackmailing actions in between collecting as much actionable intelligence as possible using OSINT (open source intelligence) and CYBERINT (cyber intelligence practices).
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is an outspoken and controversial author and journalist; she contributes to ZDNet, CNET, CBS News and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Apple has shipped a highly critical QuickTime software update with patches for at least five code execution vulnerabilities haunting Windows XP, Windows Vista and Mac OS X users.With QuickTime 7.
I want to start out by saying that I take great personal risk of getting black listed before my flight to K.C.
First off, I want to apologize to our readers for not being here as much last week. I had a rough week involving a random ear infection and the loss of an aunt to cancer, so it was not a week where I was very concerned about computer security or my blog.
John Heasman posted a sneak preview of our Black Hat presentation, which will happen in August in Las Vegas today. This particular attack is extremely interesting, multi-stage nastiness involving the use of Java to steal domain credentials.
Virus analysts at Kaspersky Lab (my employer) have intercepted a new variant of Gpcode, a malicious virus that encrypts important files on an infected desktop and demands payment for a key to recover the data.The biggest change in this variant of the ransomeware is the use of RSA encryption algorithm with a 1024-bit key, making it impossible to crack without without the author's key.
In a security bulletin issued two days ago, Skype's latest version fixes a File URI Security Bypass Code Execution Vulnerability originally reported by Ismael Briones : Remote exploitation of a security policy bypass in Skype could allow an attacker to execute arbitrary code in the context of the user.The "file:" URI handler in Skype performs checks upon the URL to verify that the link does not contain certain file extensions related to executable file formats.
Microsoft on Thursday previewed three critical security bulletins addressing Internet Explorer, Bluetooth and DirectX in various flavors of Windows, including Vista.In its advance notification, Microsoft issued three critical bulletins for items to be patched June 10.
The recently introduced data availability initiative at MySpace allowing everyone to share their profile data with other community and social...
Metasploit, the open-source platform for developing, testing, and using exploit code, got its official project site briefly hijacked on Monday by a well known member of the Chinese underground who left the following message offering a new zero day exploit for sale - "hacked by sunwear! just for fun!