Yesterday at the 28th Chaos Communications Congress (28C3), in Berlin, security researchers along with Karsten Nohl and Luca Melette showcased a number of flaws and solutions in GSM mobile phone networks. [caption id="attachment_13147" align="aligncenter" width="300"] Karsten Nohl presenting “Defending Mobile Phones” at the 28th Chaos Communications Congress.[/caption] Day 1 Defeating GSM encryption is not new. ...
Read Blog
Recently a critical vulnerability has been identified in Adobe Reader X and Adobe Acrobat X Versions 10.1.1 and earlier for Windows and Mac OS, Reader 9.4.6 and Reader 9.x Versions for Unix. This zero-day vulnerability (CVE-2011-2462) could allow an attacker to execute arbitrary code and silently take the control of a victim's machine. This flaw is currently ...
Read Blog
Digital certificates and certificate authorities have been much in the news recently. Attacks--such as those used by Stuxnet, Duqu, and other malware--involving stolen certificates show an increasingly worrisome new security trend. Certificate authorities have been targeted several times in the recent past with some success. There is a large chunk of known malware signed by ...
Read Blog
To celebrate the recent victory of the Tunisian Islamist party, the French satirical magazine "Charlie Hebdo" published a special issue in which it named the prophet Muhammad (also spelled Mohammad) as its editor-in-chief. Late night, the magazine’s offices in Paris were destroyed by a Molotov cocktail attack. The entire French political establishment has condemned this ...
Read Blog
Last week, there was quite a buzz in the mobile-malware researchers community about a new Android malware. It came to light not because of its sophistication or complexity but due to the simple method that it uses to spread. Most Android malware we have witnessed are repackaged malicious apps made available in black markets or ...
Read Blog
Malware is on the rise. At the beginning of 2008, our malware collection had 10 million samples. Today we have already surpassed 70 million. Most of the malicious samples are Trojans (backdoors, downloaders, fake alerts), but there are also a lot of viruses, worms, and bots that in a short time can infect many computers ...
Read Blog
Last year a friend had a bright idea for a party game that involved a series of QR codes in a circle on paper. He called it QR Code Roulette. Unlike the gambling game, selecting the right 2D barcode did not make you a winner. It turned out that every QR code contained a URL ...
Read Blog
In our last blog about Android malware, we discussed the expanding threat landscape for Android malware. Recently, we received an Android package in our collection and observed that this malicious application uses a rooting exploit that targets Android devices running OS Versions 2.3 or earlier to gain root privileges on the compromised device. The malware ...
Read Blog
SpyEye and Zeus are probably the most prevalent and active Trojan "banker" families seen in the wild. (Bankers steal bank passwords and other financial data.) At the beginning of the year there was a rumor about the "merger" of both toolkits into a new generation of banking Trojan. It is not clear yet whether leaked Zeus ...
Read Blog