This patch Tuesday had been quiet, perhaps too quiet.

It turns out there is also a new advisory for Internet Explorer.

For a more complete list, please see the SophosLabs Vulnerability Analysis page.

This patch Tuesday has been relatively quiet with Microsoft only issuing two patches, of which, both bulletins they rate as only important.

Privately disclosed vulnerabilities in Movie Maker, Movie Producer and Excel could lead to remote code being executed with the same privileges as the current user.

Apple users take note: Microsoft Office 2004 and Office 2008 for the Mac’s are currently affected by the MS10-017. As such, Mac Microsoft Office users will need to download  >>

Sophos

03-08-2010 17:45
RSA Conference Wrapup

Well another RSA Conference has come and gone. Lots of vendor noise about their product being the only secure one on the market, and other nonsense, as is to be expected. Although I did notice a bit of realism this year. It did seem like everyone had eaten a big helping of humble pie, which was refreshing. Even the sales guys weren’t making as hard as a pitch as I’m accustomed to. So all in all, it was a good time. Lots of drinking, lots of good conversation, and I even mana >>

ha.ckers

03-08-2010 0:20
Best of Application Security (Friday, Mar. 5)
Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order.
Verizon Incident Metrics Framework ReleasedWiseguys net $25m in ticket scalping racketState of Software Security Report Internet Explorer 8 and the Security Development Lifecycle (SDL)Top 10 Hacks of 2009 and WAF MitigationsFTC alleges that ControlScan offered 'little or no verification' of site security or privacy I’m in ur 4sq, snarfin ur pass >>

Feedproxy Security

03-06-2010 15:11
SEO blogger victim of malicious SEO attack

On Friday evening I was talking to a North American customer who had been fighting with infections caused by SEO poisoning. They mentioned a particular search term that could generate new samples of FakeAVs. The funny thing was that the website hacked by the SEO poisoner was a blog of someone trying to promote legitimate business use of SEO technologies..

If you click on any of the links returned by the search you would be redirected to an Indian site containing this image:

My friends often ask me about steps they can take to keep their systems at work and home free from malware. Apart from the usual recommendation to use alternative, less targeted and therefore slightly more secure operating system like Linux or OSX (OpenBSD would also be an interesting alternative) I used to mention that a change of the web browser would also be very helpful.

Internet Explorer is still the most commonly used browser with a little above 60% market share, but its market >>

Sophos

03-05-2010 16:31
Who’s watching you really?

This morning while I was enjoying my coffee I received an event notification for my personal Facebook account. It was for a group called “See Who’s Spying On Your Profile - GET NOTIFIED -”. and “See Everyone Who Views Your Profile”. Immediately, my security hat went on and I started to investigate.

At first glace, they are both pyramid schemes. In both, you become a fan, then you have to suggest the page to 50 of your friends to move onto the next stage. F >>

Sophos

03-05-2010 12:56
Adservers compromised in latest Zbot push

As we have commented before [1,2] when content served up from adservers is compromised, the effects can be far reaching, potentially exposing huge numbers of victims to the malicious code as they innocently browse legitimate sites. The problem is further complicated by the fact that legitimate ad content is often heavily obfuscated, in order to evade ad-blocking technology [3].

During the latter half of this week we have seen a whole batch of compromised adservers injected with malicio >>

Sophos

03-04-2010 20:53
FakeAV, now for Windows 7!

It’s been over a year since we first started seeing the familiar Windows XP My Computer page where it appears your drives are being scanned and it reports a bunch of non-existent malware on your computer. Yesterday I was investigating the latest hot news item where there was a FAMU (Florida Agricultural and Mechanical University) sex tape released on the internet and sure enough I found many SEO poisoned links claiming to have the video. Imagine my surprise when I saw the following.

Readers may well have read some of the news stories posted after yesterday’s news concerning the take down of the “Mariposa” botnet [1, 2]. So what is Mariposa?

Mariposa is the name given to a particular botnet that started getting some attention during the first half of 2009 [3]. The botnet was dubbed Mariposa thanks to the name of one of the C&C servers that is used:

butterfly dot sinip dot es

since Mariposa is the Spanish word for butterfly.