We all have tasks we should work on but for some reason, they never seem to reach the top of the pile. In our personal lives, this can be anything from cleaning the oven to picking up the dry cleaning. In our work lives, these projects usually include things like expense reports, low priority emails, [...]

A recently discovered 0-day attack has been causing organizations with hosted domains everywhere mayhem.  The issue is a vulnerability found in the popular DNS application named BIND. This vulnerability is causing DNS servers to crash and interrupt service.  BIND versions with this vulnerability are unable to complete DNS requests for your hosted domains.  After BIND [...]

Duqu is the latest worm making noise in security circles and main stream media.  What’s interesting is how much we still don’t know about it. Even Virus/malware researchers at both Symantec and MacAfee can’t seem to agree specifically on the goal or exact purpose of Duqu.  The alarming thing is not only its modular design [...]

The Morto worm has been detected on Windows based machines, most notably devices running Windows Server 2003 R2 and Windows XP.  What’s new with this worm is the way in which its spreads; whereas worms commonly propagate utilizing e-mail services or known vulnerabilities/exploits, Morto attempts to spread itself via RDP on a network. RDP (Remote [...]

The Advanced Encryption Standard (AES) has been a staple for both personal and enterprise encryption since its inception back in 2001.  Up until recently, this standard has stood tall, unaffected by fruitless brute force attacks.  In fact, it would theoretically take 10,000,000 years to crack AES-128 via simply brute force.  AES-128, though, has officially been [...]

A recently discovered Microsoft DNS Server Vulnerability has surfaced, that until recently patched allows any attacker to execute any file type with user level permissions.  The resulting uninitialized memory could intrinsically result in a ‘Denial of Service’ on the target device.  Fortunately on Tuesday, 8/9/2011, Microsoft patched this vulnerability; however a strong lesson is to [...]

With security companies recording known and popular domains used for spreading malicious software, malicious users are constantly looking for new channels to launch their illegal campaigns. A growing trend in the wild is the distribution of malicious code through legitimate domains. A recent victim to this kind of activity would be none other than Amazon [...]

Another vulnerability has popped up affecting Microsoft Excel, that allows an attacker to execute code as the local user logged in to the device in question.  Microsoft Excel is a widely used spreadsheet program.  It has been confirmed that the memory corruption would allow a user to execute code at locally logged on level privileges.  [...]

We are finally halfway through what seems to be one of the most active years in terms of cyber warfare. In the last six months we have seen a variety of industry giants fall prey to malicious attackers. Fox, Google, Lockheed Martin, HB Gary, Sony, PBS, Nintendo, CIA, RSA and the US Senate have been [...]

Code obfuscation is not really anything new. Malware authors are always on the lookout for new techniques to allow them to avoid detection by security products. Common exploit toolkits have even begun to use obfuscation to hide the methods they use to install malware on a victim’s Web site. Spammers also employ obfuscation and non-printing [...]