Vulnerabilities identifiable in an automated fashion, such as with a scanner, can be loosely classified as “low-hanging fruit” (LHF) — issues easy, fast, and likely for bad guys to uncover and exploit. Cross-Site Scripting, SQL Injection, Information Leakage, and so on are some of the most typical forms of website LHF
View original post here:
The Low Hanging Fruit scanner strategy can get you into trouble
Posted by (0) Comment
We’ve previously shown screenshots of document files used in targeted espionage attacks. Most often, those have been PDF files , as they are the most commonly used filetype in such attacks
View original post here:
Targeted attacks with Excel files
Due to their ever-growing popularity, social networks have been a continuous target of cybercriminals to proliferate their malicious schemes. TrendLabs SM received samples of another Facebook spam, this time also taking advantage of the popular micro-blogging site, Twitter . The mail, which poses as a Facebook notification message, uses adult-themed strings to lure users into opening the attachment.
Here is the original post:
Spammers Target Facebook and Twitter at Once
Posted by (0) Comment
While conducting blackhat search engine optimization (SEO) investigations, I stumbled upon an SEO attempt hosted in the popular document-sharing site Scribd. The document that contains the SEO strings and links was actually a .PDF file that has been uploaded to Scribd. Further investigation revealed that the user account that uploaded this SEO .PDF file has been very actively uploading .PDF files designed for blackhat SEO attacks.
Go here to read the rest:
Emerging Blackhat SEO Techniques
The upcoming “2010 FIFA World Cup” in South Africa is one of the most highly anticipated events in sports history today.
Continue reading here:
Latest Online Scam Targets FIFA Fans
Dear Microsoft, We’d like you to consider developing a PDF reader for your Windows OS.
See the rest here:
Why doesn’t Windows include native PDF reader support?
Many of our readers are familiar with Poison Ivy , a Remote Access Trojan that is often used in various attacks — especially in targeted espionage attacks. More information on such RAT applications can be found from this blog post
See original here:
Finding Remote Vulnerabilities in a Trojan
The ZeuS/ZBOT malware continues to uphold its notorious reputation. As we have seen in the past, ZBOT variants steal account credentials when users visit various social networking , online shopping, and bank-related websites
More here:
PDF Launch Feature Abused to Carry ZeuS/ZBOT
Posted by (0) Comment
Buying and selling stock online is big business. It also carries it’s own risks. And we don’t mean the risk of doing bad investments; we mean loosing access to your trading account because your computer got infected by a keylogger.
Read more:
Online stock trading is risky
TrendLabs researchers recently received a report on malvertisements that appeared while a user was browsing through a popular Web-based email service. At first glance, the ads may seem like the typical Web browser nuisance. However, random ads were proven to be vectors for downloading malware onto users’ systems
Read the original here:
Malicious Ads Lead to PDF Exploits