Monthly Archives: January 2011
Again critical vulnerability in VLC
Just a few days after the VLC developers fixed a vulnerability in the popular VLC video player, a new critical security vulnerability in the processing of .mkv files became public. By opening specially crafted .mkv files, the computer can be … Continue reading
Internet Explorer Vulnerability with workaround
In all currently supported Windows operating systems a security vulnerability in the so-called MHTML handler can lead to information disclosure; speculations in the media indicate possibly even worse things. The cyber criminals just need a manipulated link to trigger the … Continue reading
Improve your Security #1: Complex passwords aren’t always better
This article is the first one from a series of technical advices how to improve your IT security at home and at work. To be honest, I hate passwords and PINs. Those of you who have more than one email … Continue reading
DynDNS mistakenly blocks many hosts for abuse (Update)
Earlier today many DynDNS users have received a notification email that their account has been blocked for abuse. DynDNS offers a free service which allows users without fixed IP address to be able to access their computers through a unique … Continue reading
Cartasi Italy under heavy phishing attack
We are currently observing an attack with different phishing emails and websites, targeting the customers of the Italian bank Cartasi. We have spotted 4 different phishing attacks, 3 of them using the classical technique of faking the target URL (pictures … Continue reading
Facebook improves security
The social network Facebook starts to roll out a new security feature: Secure Browsing (https). It will be available in the options of “Account Security”, below the “Account Settings” page. This means that all data sent from and to Facebook … Continue reading
Critical Vulnerabilities and Updates (Update)
A critical security vulnerability has been found in the web browser Opera. It allows attackers to infect the computer with manipulated websites, for example. An update is currently not available, so using for example Windows Browser Choice to temporarily switch … Continue reading
Phishing, Spam and Malware Statistics for December 2010
Most abused TLDs The trend we observed in the last months when the non “classical” TLD increased massively continued in December as well. Contrary to November, where the .com has seen a slight increase, we are noticing this month that it … Continue reading
Bredolab Malware spammed via fake Facebook Mails
The popularity of the social network Facebook is abused again to spread Malware via Email. The spam mails arrive with the subject “Facebook password has been changed. ID” and contain a ZIP archive as attachment. Inside the ZIP a file … Continue reading
Protection from Exploits for Windows Thumbnail Vulnerability
With our recent update of the engine we added generic protection against exploitation of the thumbnail vulnerability in all current Microsoft Windows operating systems. Microsoft warned of this security hole in a security advisory. On the January Patchday, no update … Continue reading