Following on from the ISC Super Bowl Infection - More Sites blog. I did some investigation into the techniques used.

(more…)

Some time ago we spoke about a VCard parsing vulnerability in Windows Exchange Servers. This threat was classified as high risk and we monitored for abnormal activities but never detected any targeted attacks.
(more…)

The Football World Cup will see for the first time the use of RFID for the ticketing system of a major event.
(more…)

Over the weekend of 12th - 15th May, news of a interesting exploit against VNC was announced CVE-2006-2369, enabling an attacker to bypass the VNC authentication on the server, gaining remote access to the desktop. We’ve been looking for signs of increased activity against the VNC ports (typically 5900, although, depending on the configuration, more could be in use).
(more…)

A design error has been found in the ‘ntdll’ DLL in Windows which would allow an malicious attacker to place a virus on a system which would be bypassed by most of the major Anti-Virus products.
(more…)

A new and interesting vulnerability released yesterday is certainly due to create headaches for Windows Administrators. with all key versions of Exchange Server affected.
(more…)

Phishing and scamming methods are becoming increasingly sophisticated. They are using the latest software vulnerabilities to exploit systems and social engineering techniques to hack people. IT allows more potential victims to be targeted, at a lower cost to the attacker, than traditional methods of confidence trickery. Before the advent of the web, faxes were used with similar techniques to scam people.
(more…)

Vulnerabilities

Symantec - Scan Engine 5.0
(more…)

Vulnerabilities

Oracle - Vulnerabilities in Oracle DB, Workflow, PeopleSoft, Enterprise Manager, E-Business Suite, etc.
(more…)

Vulnerabilities
Mozilla - Upgrade to Firefox 1.0.8 / 1.5.0.2 or later
(more…)