iDefense Labs News

2008: $50,000 Annual Vulnerability Challenge

Wed, 02 Jul 2008 05:00:00 UTC

Prior to 2008, the old Challenge Program had awarded cash prizes for the best research submission targeting a specific technology over a 90 day period. Many iDefense VCP contributors had complained that 90 days was simply not enough time to properly research a good vulnerability, and informed the VCP that more time was needed. Recognizing that this was a fundamentally valid assertion, iDefense decided to ‘take the hint’ and restructure the entire iDefense VCP Challenge Program.

As of July 1, 2008 the new VCP Challenge Program takes effect, considering all qualifying research submissions through the end of the calendar year (31 December). Thereafter, the Challenge will consider all qualifying research accepted and compensated by the VCP Program that were received between the first day of January and the last day of December in each subsequent year. Following the acceptance deadline the iDefense VRT will determine the winners and award the prizes. iDefense will award all cash prizes within thirty (30) days of the Challenge deadline. Under no circumstances will any submission be considered for any of the current year’s Challenge prizes if the contributor has not accepted the iDefense VCP’s offer for compensation for the submission.

Microsoft Security Bulletin: June 2008

Tue, 10 Jun 2008 05:00:00 UTC

Microsoft Corp. has released seven security bulletins encompassing 10 vulnerabilities. This report provides an initial summary of these pending issues.

Spear Phishing and Whaling Attacks Reach Record Levels

Sat, 07 Jun 2008 05:00:00 UTC

Targeted social engineering attacks against corporations have reached new highs during April and May 2008. These e-mail-based attacks, often referred to as "spear phishing" or "whaling,' target individual users and contain personal information such as name, company, mailing address and phone number. Many of these attacks target senior executives and other high profile individuals

Symantec Moves to Threatcon 2 Based on Flash Vuln...

Wed, 28 May 2008 05:00:00 UTC

On May 27, 2008, Symantec moved to Threatcon 2 based on information that a new and unpatched vulnerability in Adobe's Flash player was being exploited in the wild. Based on analysis of the sites provided by Symantec and exploit sites gathered from internal data, it is clear that an older vulnerability is currently being exploited. The vulnerability in question was found by Mark Dowd of ISS in a paper in which he describes a novel technique for exploiting null pointer dereference bugs.

Microsoft Security Bulletin: May 2008

Tue, 13 May 2008 05:00:00 UTC

Microsoft Corp. has released four security bulletins encompassing six vulnerabilities. This report provides an initial summary of these pending issues.

Microsoft Security Bulletin: April 2008

Tue, 08 Apr 2008 05:00:00 UTC

Microsoft Corp. has released eight security bulletins encompassing 10 vulnerabilities. Please note that Microsoft combined two similar iDefense Exclusive reports into one fix. Also note that iDefense has created a separate Threat report to include third-party ActiveX kill bits. This report provides an initial summary of these pending issues.

Microsoft Security Bulletin: March 2008

Tue, 11 Mar 2008 05:00:00 UTC

Microsoft Corp. has released four security bulletins encompassing 12 vulnerabilities. This report provides an initial summary of these pending issues.

Microsoft Security Bulletin: February 2008

Tue, 12 Feb 2008 05:00:00 UTC

Microsoft Corp. has released 11 security bulletins encompassing 17 vulnerabilities. This report provides an initial summary of these pending issues.

Microsoft Security Bulletin: January 2008

Tue, 08 Jan 2008 05:00:00 UTC

Microsoft Corp. has released two security bulletins encompassing three vulnerabilities. This report provides an initial summary of these pending issues.

Microsoft Security Bulletin: December 2007

Tue, 11 Dec 2007 05:00:00 UTC

Microsoft Corp. has released seven security bulletins encompassing 11 vulnerabilities. This report provides an initial summary of these pending issues.

Microsoft Security Bulletin: November 2007

Tue, 13 Nov 2007 05:00:00 UTC

Microsoft Corp. has released two security bulletins encompassing two vulnerabilities. This report provides an initial summary of these pending issues.

Q4 Vulnerability Challenge

Mon, 29 Oct 2007 05:00:00 UTC

E-mail is a valuable asset to corporations, but it also poses a significant threat. While e-mail filtering, blacklisting, whitelisting, and other approaches attempt to tame the e-mail beast, the fact is that unwanted (and sometime malicious) e-mail is being continuously delivered to the desktop via e-mail servers and e-mail clients.

Microsoft Security Bulletin: October 2007

Tue, 09 Oct 2007 05:00:00 UTC

Microsoft Corp. has released six security bulletins encompassing nine vulnerabilities. This report provides an initial summary of these pending issues.

Microsoft Security Bulletin: September 2007

Tue, 11 Sep 2007 05:00:00 UTC

Microsoft Corp. has released four security bulletins encompassing four vulnerabilities. This report provides an initial summary of these pending issues.

Microsoft Security Bulletin: August 2007

Tue, 14 Aug 2007 05:00:00 UTC

Microsoft Corp. has released nine security bulletins encompassing 14 vulnerabilities. This report provides an initial summary of these pending issues.

Microsoft Security Bulletin: July 2007

Tue, 10 Jul 2007 05:00:00 UTC

Microsoft Corp. has released six security bulletins encompassing 11 vulnerabilities. This report provides an initial summary of these pending issues.

Microsoft Security Bulletin: June 2007

Tue, 12 Jun 2007 05:00:00 UTC

Microsoft Corp. has released six security bulletins encompassing 15 vulnerabilities. This report provides an initial summary of these pending issues.

Q2 & Q3 2007: Vulnerability Challenge

Thu, 10 May 2007 05:00:00 UTC

This challenge sets the bar quite high, focusing on core Internet technologies likely to be in use in corporate enterprises. Because of this, we are merging Q2 and Q3 challenges into one, effectively extending the research time.

Microsoft Security Bulletin: May 2007

Tue, 08 May 2007 05:00:00 UTC

Microsoft Corp. has released seven security bulletins encompassing 19 vulnerabilities. This report provides an initial summary of these pending issues.

Microsoft Security Bulletin: April 2007

Tue, 10 Apr 2007 05:00:00 UTC

Microsoft Corp. has released five security bulletins encompassing eight vulnerabilities. This report provides an initial summary of these pending issues.

Microsoft Security Bulletin: March 2007

Tue, 13 Mar 2007 05:00:00 UTC

Microsoft Corp. did not release any security bulletins for this month.

Microsoft Security Bulletin: February 2007

Tue, 13 Feb 2007 05:00:00 UTC

Microsoft Corp. has released 12 security bulletins encompassing 20 vulnerabilities. This report provides an initial summary of these pending issues.

Microsoft Security Bulletin: January 2007

Tue, 09 Jan 2007 05:00:00 UTC

Microsoft Corp. has released four security bulletins encompassing 10 vulnerabilities. This report provides an initial summary of these pending issues.

Q1 2007: Vulnerability Challenge

Mon, 08 Jan 2007 05:00:00 UTC

Both Microsoft Internet Explorer and Microsoft Windows dominate their respective markets, and it is not surprising that the decision to update to the current release of Internet Explorer 7.0 and/or Windows Vista is fraught with uncertainty. Primary in the minds of IT security professionals is the question of vulnerabilities that may be present in these two groundbreaking products.

To help assuage this uncertainty, iDefense Labs is pleased to announce the Q1, 2007 quarterly challenge focussed on remote arbitrary code execution vulnerabilities in Vista and IE 7.0.

Microsoft Security Bulletin: December 2006

Tue, 12 Dec 2006 05:00:00 UTC

Microsoft Corp. has released seven security bulletins encompassing 11 vulnerabilities. This report provides an initial summary of these pending issues.