In February, spammers continued to use the news of the earthquake in Haiti and the recent earthquake in Chile as another vector to utilize.

More here:
Spam and Phishing Landscape: March 2010

Following our blog, 0-Day attack on IE6: JS.Sykipot doesn’t spare retired software , covering the recent IE 0-day , we thought it might be interesting to look at an attack in the wild using this vulnerabili

Continued here:
Backdoor.Sykipot At Work

Hot on the heels of this month’s security bulletin , a new vulnerability exploit surfaces with a malware in tow. The new zero-day vulnerability, as described in a previous post, prompted Microsoft to release Security Advisory (981374) while investigations are still underway

See the original post:
New IE Zero-Day Exploit (CVE-2010-0806)

Internet Explorer 6 may have taken its path to retirement but it still remains a good target for exploits, as we can see from JS.Sykipot .

See more here:
Zero-Day attack on IE6 – JS.Sykipot Doesn’t Spare Retired Software

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly quiet month—the vendor is releasing two bulletins covering a total of eight vulnerabilities.

Here is the original post:
Microsoft Patch Tuesday - March 2010

The United States Computer Emergency Readiness Team (US-CERT) issued a new vulnerability note . However, this particular “vulnerability” concerns a rather unusual product—a USB charger for rechargeable batteries.

See the original post here:
USB Battery Chargers with Malware?

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Verizon Incident Metrics Framework Released Wiseguys net $25m in ticket scalping racket State of Software Security Report Internet Explorer 8 and the Security Development Lifecycle (SDL) Top 10 Hacks of 2009 and WAF Mitigations FTC alleges that ControlScan offered ‘little or no verification’ of site security or privacy I’m in ur 4sq, snarfin ur password — Part I Fifteen Common Activities from BSIMM2 Even if You Don’t Invent Your Own Crypto….It’s Still Hard Facebook founder Mark Zuckerberg ‘hacked into emails of rivals and journalists’ WhiteHat Security is a leading provider of website security services.

Link:
Best of Application Security (Friday, Mar. 5)

We recently received a file (from CERT) for analysis. We found that the file was a Trojan that opens a back door on a compromised computer and listens for commands on port 7777. This by itself is not very unusual, but what surprised us was that this file was being distributed by Energizer Inc as part of a USB charger-monitoring software package.

See the original post here:
Back Door Found in Energizer DUO USB Battery Charger Software

Somebody is trying to pose as us.

Read the original post:
Desperate phishing attempt