An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.
"Flame" is the name of a newly-identified malware program which utilizes a previously unknown MD5 collision attack to successfully spoof Microsoft Terminal Services, and install itself as a trusted program using Windows Update, Microsoft has confirmed. The program appears to have targeted computers in the Middle East, and specifically Iran; analysts have alleged it is likely created by the same entity that designed Stuxnet. Flame has been live and actively spying since 2010, but went undetected until recently, due to sophisticated anti-detection measures. [more inside]
The Kaspersky analysts over at Securelist uncovered some interesting things deep in the bowels of the code of a trojan. The hooks of the trojan are written using standard, well known languages and interfaces (C++, DLLs and such), but the payload, upon analysis, seems to be written using some heretofore unknown programming language. Can you figure out what language the Duqu trojan is written in? (via Lambda the Ultimate Programming Blog)
Barbarians are at the gates, testing the locks again. Mac OS X users beware: A file supposedly containing pictures of Mac OS X 10.5, actually does other things. Lots of info and links at this first link. Here's the disassembly of the executable (it's just a plain text file) and some notes on the application which comes to this conclusion: "In the end, it doesn't appear to actually do anything other than try to propagate itself via iChat, and unintentionally prevent infected applications from running It seems that this is more of a "proof of concept" implementation that could be utilized to actually do something in the future, depending on how successful it is, or it was simply done to garner attention/press. Which I'm sure it'll get. " Might be a good idea to check out a Mac OS X security primer.
File sharing apps may contain a trojan. It seems some versions of Grokster, Limewire and reportedly Kazaa contain a trojan called W32.DlDer Troja. Whilst I am aware that these apps often install scumware, this seems more serious.
'Serbian Badman' virus not so bad after all. The Register is calling it a hoax in that a DDoS attack just isn't possible with the alleged virus.