Security Blog

Waylon Grange's picture
Written by
Waylon Grange
Since yesterday’s announcement of the CVE-2014-6271 bash bug we’ve seen attackers waste no time before scanning the Internet. The announcement was posted to bugzilla.redhat.com at 2014-09-24T14:00:08+00:00 and at 2014-09-24T18:32:008+00:00, 4 ½ hours later, we started seeing scans looking for the vulnerability.
Andrew Brandt's picture
Written by
Andrew Brandt
A malicious Javascript file, unintentionally served last week by the Zedo advertising network, redirected victims to the Nuclear exploit kit which (under the right circumstances) delivered a punishing series of infections onto PCs.
Chris Larsen's picture
Written by
Chris Larsen
I waited a month after Robin Williams died to write this blog post. Partly because things are always busy in the malware world, but mostly because I didn't want to be ghoulish, and try to capitalize on the publicity around his death.
Andrew Brandt's picture
Written by
Andrew Brandt
If you spend enough time visiting the shadier side of the Internet using your mobile or tablet, you're likely to run into scripted attacks at some point. Take, as a canonical example, the case of the Generic Android Tablet Security Alert, shown above to illustrate how supremely cheesy these kinds of threats appear.
Bret Jordan's picture
Written by
Bret Jordan
The road to blissful cyber threat intelligence sharing often feels like a bumpy dirt track in a Wild West ghost town, but there’s hope on the horizon: A new language, designed to define and describe a broad swath of threat activity, is beginning to take shape. This language, known as STIX, and its transport method, called TAXII, offers security firms, industry, and government the promise of better and faster cyber threat intelligence sharing.
Chris Larsen's picture
Written by
Tim van der Horst

[This is research that Tim presented in our booth at Black Hat earlier this month. --C.L.]

 

Websites come and go over time; rarely is a second thought given to those sites left by the wayside. Recently, the Blue Coat Security Labs team has looked into the nature of the host names that make up the Web, and the fleeting nature of many of them is truly surprising.