The Cisco 2014 Midyear Security Report, released today at Black Hat, examines the “weak links” in organizations - outdated software, bad code, abandoned digital properties, or user errors - that contribute to the adversary’s ability to exploit vulnerabilities with methods such as DNS queries, exploit kits, amplification attacks, point-of-sale (POS) system compromise, malvertising, ransomware, infiltration of encryption protocols, social engineering and “life event” spam.
A security researcher has found a great number of exploitable vulnerabilities in popular security solutions and the AV engines they use, proving not only that AV engines are as vulnerable to zero day attacks as the applications they try to protect, but can also lower the operating system's exploit mitigations.
The Facebook scam is a familiar phenomenon to every user of the popular social network, and most of them have fallen for it at one time or another as it only takes a moment of distraction to click on an interesting link.
By leveraging and modifying a "semi-random public exploit" researchers have managed to deactivate all protection features of the latest version of Microsoft's Enhanced Mitigation Experience Toolkit and "get shell" on the target system and execute code.
DefenseCode released an advisory in which researcher Leon Juranic details security issues related to using wildcards in Unix commands.