December 14, 2011 - Recently a critical vulnerability has been identified in Adobe Reader X and Adobe Acrobat X Versions 10.1.1 and earlier for Windows and Mac OS, Reader 9.4.6 and Reader 9.x Versions for Unix. This zero-day vulnerability (CVE-2011-2462) could allow an attacker (continue reading...) Read more
December 3, 2011 - An unpatched zero-day flaw in Yahoo Messenger allows remote attackers to meddle with any user's status message, opening an opportunity for malware to spread. Read more
November 16, 2011 - A zero-day vulnerability is being exploited in-the-wild to crash BIND 9 DNS servers all over the internet. The flaw, a Denial of Service vulnerability described as an "as-yet unidentified network event" affects all of the currently supported versions of BIND. (continue reading...) Read more
November 3, 2011 - Microsoft have released a security advisory for the vulnerability used in the Duqu Trojan. They are providing a workaround, but it disables the use of embedded True Type Fonts. Read more
November 1, 2011 - Another component of the Duqu malware was acquired by CrySyS and shared with security researchers. This newest component exploits a zero-day vulnerability in the Microsoft Windows kernel. Read more
November 1, 2011 - We discussed much of the unfolding Duqu attack in our previous post. Some new light has recently illuminated some missing pieces to this interesting attack. Researchers at CrySys Labs in Hungary have disclosed information about a Word (continue reading...) Read more
August 2, 2011 - Bilocating technology blogger Mark Maunder - he claims to live in Seattle and Cape Town concurrently, though I suspect he means consecutively, and I'll wager he (continue reading...) Read more
July 28, 2011 - I just came across a post from The H telling us that US government warns of potential Stuxnet variants. Of course, concern about the availability and possible portability of the code is hardly a new concern, but it turns out (continue reading...) Read more
June 2, 2011 - The recent security breach at Lockheed Martin confirmed that the attacks we saw with Operation Aurora, identified by McAfee, and Stuxnet are just the beginning of a new era of targeted attacks. Cybercriminals are now executing the perfect plan to (continue reading...) Read more
May 4, 2011 - Adobe released a security advisory warning the users of a zero-day vulnerability in Adobe Flash Player Versions 10.2.152.33 and earlier. An exploit targeting this vulnerability was embedded inside Microsoft Excel documents and was used to deliver the malicious code to (continue reading...) Read more
April 11, 2011 - Adobe has issued a security advisory concerning a new zero day flaw (CVE-2011-0611) in Adobe Flash Player 10. As usual this also means that other applications that support Flash content (continue reading...) Read more
February 21, 2011 - Michael Argast joined me in Vancouver this week to discuss this week's security news. It was a reasonably quiet week, which is quite normal (continue reading...) Read more
February 1, 2011 - This week's Chet Chat took on political overtones as a result of the tense situation in Egypt. Michael Argast and I surveyed the security (continue reading...) Read more
January 30, 2011 - Intel's Chief Technology Officer, Justin Rattner, has been pretty gung-ho with the world's technology press in the past week. His approach seems to have worked, if even a few (continue reading...) Read more
December 30, 2010 - The last podcast of the year is here and my guest this week (on his vacation!) was Tony Ross, one of our Global Product Specialists. To wrap (continue reading...) Read more
December 22, 2010 - A remote code execution vulnerability against Internet Explorer was announced recently, and a proof-of-concept exploit has already been added to the Metasploit products. Microsoft doesn't (continue reading...) Read more
November 24, 2010 - A new zero-day exploit in Microsoft Windows was disclosed today. The exploit allows an application to elevate privilege to "system," and in Vista and Windows 7 also bypass User Account Control (UAC). The flaw was posted briefly on a programming (continue reading...) Read more
November 17, 2010 - After several weeks of travel it's time for me to clear the Chet Chat backlog. I would like to thank everyone who attended my presentations at Texas A&M University, Anatomy of (continue reading...) Read more
September 29, 2010 - During the last six years, botnets have become one of the biggest threats to security professionals, businesses, and consumers. We at McAfee Labs have just released more information about how cybercriminals can use common social networks and common web applications, (continue reading...) Read more
September 8, 2010 - Just after Adobe released its out-of-band patch for CVE-2010-2862, we discovered a malware exploiting a new zero-day vulnerability in the wild. Similar to the iOS PDF jailbreak vulnerability and CVE-2010-2862, this zero day occurs while Adobe Reader is parsing TrueType (continue reading...) Read more