A new Adobe 0-day In the Wild –– But No Worries, You are Already Protected...
Yesterday Adobe released an advisory for a vulnerability in the Adobe Reader and Adobe Acrobat products. The vulnerability, titled ‘U3D Memory Corruption Vulnerability’ was part of a targeted attack...
View ArticlePrevalent Exploit Kits Updated with a New Java Exploit
Until recently, most of the vulnerabilities exploited by popular exploit kits were found last year or even earlier. Moreover, it would take authors at least a month to update their kits with the new...
View ArticleWeb Hijacks with AJAX
Malware authors always seem to closely monitor trends in Web security development in order to create a variety of browser-based attacks. Just to name a few, techniques such as code obfuscation, plug-in...
View ArticleZbot Trojan spreads through fake ConEdison billing notification email
Today we came across a new malicious spam campaign that is actively sent out by the Cutwail spam botnet. The suspicious email claims to be a bill summary from the New York-based energy company Con...
View ArticleMassive Compromise of WordPress-based Sites but ‘Everything will be Fine’
A few days ago, hundreds of websites, based on WordPress 3.2.1, were compromised. The attacker uploaded an HTML page to the standard Uploads folder and that page redirects the user to the Phoenix...
View ArticleMIDI Files – Mid-Way to Infection
Microsoft’s January patch MS12-004 addressed a few vulnerabilities in Windows Media components. One particular issue, CVE-2012-0003, can be exploited via Windows Media Player ActiveX, as it leverages a...
View ArticleM86 Security Threat Report for the Second Half of 2011 is Now Available
We are releasing today our bi-annual Threat Report for 2H 2011. The report relies on M86 Security Labs analysis of spam and malware activity, including the current use of exploit kits, fraudulent...
View ArticleCutwail Drives Spike in Malicious HTML Attachment Spam
Over the past month, we have observed several large spam campaigns with malicious HTML attachments. We believe the botnet behind these campaigns is Cutwail. Here is data we collected, starting from the...
View ArticleThe Cridex Trojan Targets 137 Financial Organizations in One Go
A few weeks ago M86 Security Labs alerted that cybercriminals managed to compromise hundreds of WordPress-based sites. These attacks started with several large spam campaigns as reported in our most...
View ArticleM86 Security Labs now part of Trustwave’s SpiderLabs
Many of you are probably already aware of the acquisition of M86 Security by Trustwave. As part of the acquisition, we are pleased to announce that M86 Security Labs is combining with Trustwave’s...
View Article
