February 1, 2012 - Apple's latest large-scale OS X security updates are out. In tech-speak, there are 39 fixes, covering 52 CVE identifiers, and including 19 fixes for vulnerabilities potentially allowing arbitrary code execution. That's a lot! (continue reading...) Read more
January 25, 2012 - We know you're probably sceptical of "state of the world" reports from vendors. For all you can tell, they'll turn out to be thinly-digsuised advertorial, unreconstructed product brochures, or worse. We like to do things differently. Find out how! (continue reading...) Read more
January 23, 2012 - You may well have read about the BBB phish / exploit emails doing the rounds last week. It’s worth noting that these are still in circulation – we’ve seen five of these in the last two days linking to (continue reading...) Read more
January 12, 2012 - It's Friday the Thirteenth, an infamous date in the history of malware. So here's a satirical trip down memory lane to consider other dies irae in the computer virus calendar. Read more
December 6, 2011 - After our latest blog on Carberp and the Black Hole exploit pack, we thought it would be useful to aggregate the material we've published to date on the topic into a single paper. That actually went up on the (continue reading...) Read more
December 4, 2011 - In recent years there has been a tremendous increase in the Russian region in the number of sites redirecting users to the Black Hole exploit kit. In most cases, successful exploitation of a vulnerability in client software leads to the (continue reading...) Read more
December 3, 2011 - An unpatched zero-day flaw in Yahoo Messenger allows remote attackers to meddle with any user's status message, opening an opportunity for malware to spread. Read more
November 13, 2011 - Argentinian security researchers have publicised what they call a hole in Apple's OS X sandbox. Apple says the sandbox is, strictly speaking, doing what it says on the tin. The rest of us can't actually see what it says on the (continue reading...) Read more
November 11, 2011 - The Duqu malware has raised the specter of Stuxnet II, with some in the security community claiming that this new Trojan is a reverse-engineered copy of Stuxnet – the infamous malware that may have sold more newspapers than it damaged (continue reading...) Read more
November 10, 2011 - A vulnerability reported in Adobe Flash in April 2011 (CVE-2011-0611) continues to (continue reading...) Read more
November 3, 2011 - Microsoft have released a security advisory for the vulnerability used in the Duqu Trojan. They are providing a workaround, but it disables the use of embedded True Type Fonts. Read more
October 26, 2011 - In recent days, we have seen blogs about a specific type of Mass Injection campaign. We take this opportunity to publish our findings in this blog. This particular campaign has already picked up pace and it is infecting a lot of (continue reading...) Read more
October 24, 2011 - One of the websites belonging to global electronics giant LG has been hacked by a collective calling itself the Intra Web Security Exploit Team. Watch a video of what the attackers did. And learn how to avoid ending up in this (continue reading...) Read more
September 14, 2011 - We've just been hit with a double-barrelled Patch Tuesday, with both Microsoft and Adobe publishing security updates. Despite its weekly-sounding name, Patch Tuesday happens once a (continue reading...) Read more
August 22, 2011 - It did not take too long after I found out about the discovery of Gingermaster, the first Android malware to use the (continue reading...) Read more
August 16, 2011 - Firefox 6 is out. This is the second release under Firefox's new 'single-line railway track with regular stations' development and release regimen. Like last (continue reading...) Read more
August 8, 2011 - In many exploit scenarios, an attacker finds a target and, if possible, establishes remote control over the system through known or unknown exploits. Whether the attacker uses a buffer overflow, insecure configuration, phishing for credentials, or cookie-stealing, the goal is (continue reading...) Read more
August 2, 2011 - Bilocating technology blogger Mark Maunder - he claims to live in Seattle and Cape Town concurrently, though I suspect he means consecutively, and I'll wager he (continue reading...) Read more
July 28, 2011 - Forensic software developer PassWare announced a new version of its eponymous software forensics kit on Tuesday. Already several news sources are writing about how the program can automatically obtain the login password from a locked or sleeping Mac simply (continue reading...) Read more
July 21, 2011 - Apple yesterday released an update for Safari 5.0.6 and 5.1 which includes a whole battery of security fixes. If you calculate the magnitude of a security update by the (continue reading...) Read more