I recently returned from San Francisco, which last week hosted the annual RSA Security conference. I had the pleasure of moderating a panel discussion on Raising the Costs of Compromise with some very smart guys, and also shared a stage with several security authors who were recognized for their contributions to infosec media.
Online note-syncing service Evernote is forcing all of its 50 million users to reset their passwords after detecting suspicious activity on its network.
Once again, attackers are leveraging a previously unknown critical security hole in Java to break into targeted computers. Interestingly, the malware and networks used by the bad guys in this latest attack match those found in the recently disclosed breach at security firm Bit9.
Adobe has released an emergency update for its Flash Player software that fixes three critical vulnerabilities, two of which the company warns are actively being exploited to compromise systems. In an advisory, Adobe said two of the bugs quashed in… Read More »
Adobe and Oracle each released updates to fix critical security holes in their software. Adobe’s patch plugs two zero-day holes that hackers have been using to break into computers via Adobe Reader and Acrobat. Separately, Oracle issued updates to correct at least five security issues with Java.
The Java update comes amid revelations by Apple, Facebook and Twitter that employees at these organizations were hacked using exploits that attacked Java vulnerabilities on Mac and Windows machines. According to Bloomberg News, at least 40 companies were targeted in malware attacks linked to an Eastern European gang of hackers that has been trying to steal corporate secrets.
Cyber espionage hackers who broke into security firm Bit9 initially breached the company’s defenses in July 2012, according to evidence being gathered by security experts investigating the incident. Bit9 remains reluctant to name customers that were impacted by the intrusion, but the custom-made malicious software used in the attack was deployed last year in highly targeted attacks against U.S. Defense contractors.
A Christmas Eve cyberattack against the Web site of a regional California financial institution helped to distract bank officials from an online account takeover against one of its clients, netting thieves more than $900,000.
Adobe is warning that attackers are exploiting critical flaws in its PDF Reader and Acrobat software to break into vulnerable systems, and that the exploit being used in attacks evades the sandbox protection built into these products.
The Los Angeles Times has scrubbed its Web site of malicious code that served browser exploits and malware to potentially hundreds of thousands of readers over the past six weeks.
Adobe and Microsoft each have issued security updates to fix multiple critical vulnerabilities in their products. Adobe released updates for Flash Player, AIR and Shockwave; Microsoft pushed out a dozen patches addressing at least 57 security holes in Windows, Office, Internet Explorer, Exchange and .NET Framework.
