exploits


Today we released our Q2 Global Threat Landscape report for 2017. The data in our quarterly threat analysis is drawn from over 3 million network devices and sensors deployed within live production environments around the world. [Read More]
by RSS Neil Matz  |  Aug 21, 2017  |  Filed in: Security Research
Today, Fortinet released our quarterly Threat Landscape Report for Q4 of 2016. The data in it was drawn from millions of security devices located around the world that analyze up to 50 billion threats a day. Which means that the conclusions and trends detailed in this report are based on over a trillion security events that occurred between Oct 1 and Dec 31, 2016. [Read More]
by RSS Derek Manky  |  Mar 28, 2017  |  Filed in: Security Research
Last month, I blogged about Microsoft's monthly Patch Tuesday updates and how it spelled the end for Windows XP. Of course, as many speculated... it wasn't quite the end of the road for XP updates. A critical flaw found in Internet Explorer being actively used in the wild was worrisome enough to Microsoft that they pushed an IE update to include Windows XP users. You can read more about that bug, how it works, and what was done here. Personally, this author wasn't surprised it happened that way - as many sites reported, there are plenty of... [Read More]
by RSS Richard Henderson  |  May 12, 2014  |  Filed in: Industry Trends
This month we have patches from Adobe, Microsoft and Oracle launching today: Microsoft Microsoft published their monthly advanced notification for critical and important patches, and this month there are four patches: MS14-001 - Rated Important - affects Microsoft Office and Microsoft Server Software: may allow remote code execution. Patch may require a reboot. MS14-002 - Rated Important - affects Windows: may allow elevation of privilege. Patch requires a reboot. MS14-003 - Rated Important - affects Windows: may allow elevation of privilege.... [Read More]
by RSS Richard Henderson  |  Jan 14, 2014  |  Filed in: Industry Trends
Razvan Benchea and Dragos Gavrilut in the middle of their presentation I am very happy to have been at VB 2013 once again. The talks were quite interesting. If you were not able to attend, here's the write-up of some presentations I went to. This post is the first in a three part series. Click here for Part 2 and here for Part 3 Andrew Lee - Ethics and the AV industry in the age of WikiLeaks (Keynote) Andrew showed that surveillance programs were not new (the FISA Act dates back to 1978) and that they exist in numerous countries (not only the... [Read More]
by RSS Axelle Apvrille  |  Oct 10, 2013  |  Filed in: Security Research
With February's Threat Landscape Report out, it's time to highlight some of the most interesting movement happening from late January 2009 to now: New vulnerabilities (NVC) were up nearly three fold, with 117 posted in comparison to 43 from January's edition; 25.6% of these new vulnerabilities were detected to be actively exploited. Two new high-profile zero-day exploits (CVE-2009-0238 and CVE-2009-0658) affecting MS Excel (XLS) and Adobe Reader (PDF) have since been disclosed. Given these facts, and Conficker's success, there is no better time... [Read More]
by RSS Derek Manky  |  Feb 27, 2009  |  Filed in: Security Research