Microsoft Windows Hit By New Zero-Day Attack

Wednesday, October 22nd, 2014

Microsoft has disclosed that a new zero-day vulnerability is present in Windows, and is exploited via Microsoft Office files. According to Microsoft Security Advistory 3010060, the vulnerability is present in all supported versions of Windows except Windows Server 2003. The vulnerability (designated as CVE-2014-6352) is triggered by an attacker sending a specially ...

This POODLE bites: exploiting the SSL 3.0 fallback

Tuesday, October 14th, 2014

Today we are publishing details of a vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker. I discovered this issue in collaboration with Thai Duong and Krzysztof Kotowicz (also Googlers). SSL 3.0 is nearly 15 years old, ...

Test Your Anti-Malware Solution

Sunday, October 12th, 2014

The wicar.org website was designed to test the correct operation your anti-virus / anti-malware software. The following table contains static HTML pages with known malicious content, based on the Metasploit Framework. The exploits contain a non-malicious payload which under Windows will execute 'calc.exe', the in-built calculator (if your browser is ...

Cyber crime: First online murder will happen by end of year, warns US firm

Monday, October 6th, 2014

Governments are ill-prepared to combat the looming threat of "online murder" as cyber criminals exploit internet technology to target victims, the European policing agency warned. In its most alarming assessment of the physical danger posed by online crime, Europol said it expected a rise in "injury and possible deaths" caused ...

Bug in Bash shell creates big security hole on anything with *nix in it

Wednesday, September 24th, 2014

A security vulnerability in the GNU Bourne Again Shell (Bash), the command-line shell used in many Linux and Unix operating systems, could leave systems running those operating systems open to exploitation by specially crafted attacks. “This issue is especially dangerous as there are many possible ways Bash can be called ...