A rash of recent and ongoing targeted attacks involving compromises at high-profile Web sites should serve as a sobering reminder of the need to be vigilant about applying browser updates. Hackers have hit a number of prominent foreign policy and human rights group Web sites, configuring them to serve spyware by exploiting newly patched flaws in widely used software from Adobe and Oracle.
The Federal Bureau of Investigation is advising travelers to avoid updating software while using hotel or other public Internet connections, warning that malicious actors are targeting travelers abroad through pop-up windows while they are establishing an Internet connection in their… Read More »
Adobe and Microsoft today each issued updates to address critical security flaws in their software. Adobe’s patch plugs at least five holes in its Shockwave Player, while Microsoft has released a bundle of seven updates to correct 23 vulnerabilities in… Read More »
Lost in the annals of campy commercials from the 1980s is a series of ads that featured improbable scenes between two young people (usually of the opposite sex) who somehow caused the inadvertent collision of peanut butter and chocolate. After the mishap, one would complain, “Hey you got your chocolate in my peanut butter!,” and the other would retort, “You got your peanut butter in my chocolate!” The youngsters then sample the product of their happy accident and are amazed to find someone has already combined the two flavors into a sweet and salty treat that is commercially available.
It may be that the Internet security industry is long overdue for its own “Reese’s moment.” Many security experts who got their start analyzing malware and tracking traditional cybercrime recently have transitioned to investigating malware and attacks associated with so-called advanced persistent threat (APT) incidents. The former centers on the theft of financial data that can be used to quickly extract cash from victims; the latter refers to often prolonged attacks involving a hunt for more strategic information, such as intellectual property, trade secrets and data related to national security and defense.
Adobe Systems Inc. today issued a security update to its Flash Player software. The company stressed that the update fixes a critical vulnerability that malicious actors have been using in targeted attacks.
Hackers are actively exploiting a dangerous security vulnerability in OpenX — an online ad-serving solution for Web sites — to run booby-trapped ads that serve malware and browser exploits across countless Web sites that depend on the solution.
Security experts have been warning for months about mysterious attacks on OpenX installations in which the site owners discovered new rogue administrator accounts. That access allows miscreants to load tainted ads on sites that rely on the software. The bad ads usually try to foist malware on visitors, or frighten them into paying for bogus security software.
OpenX is only now just starting to acknowledge the attacks, as more users are coming forward with unanswered questions about the mysteriously added accounts.
A hacker break-in at credit and debit card processor Global Payments Inc. dates back to at least early June 2011, Visa and MasterCard warned in updated alerts sent to card-issuing banks in the past week. The disclosures offer the first additional details about the scope of the breach since Global Payments acknowledged the incident on March 30, 2012.
An earlier version of this blog post incorrectly stated that Oracle had shipped security updates for its Java software. Oracle did push out an update for Java earlier this month — Java 6 Update 32 — but the new version… Read More »
Adobe and Microsoft today each issued critical updates to plug security holes in their products. The patch batch from Microsoft fixes at least 11 flaws in Windows and Windows software. Adobe’s update tackles four vulnerabilities that are present in current versions of Adobe Acrobat and Reader.
Seven of the 11 bugs Microsoft fixed with today’s release earned its most serious “critical” rating, which Microsoft assigns to flaws that it believes attackers or malware could leverage to break into systems without any help from users. In its security bulletin summary for April 2012, Microsoft says it expects miscreants to quickly develop reliable exploits capable of leveraging at least four of the vulnerabilities.
Apple on Monday released a critical update to its version of Java for Mac OS X systems that plugs at least a dozen security holes in the program. More importantly, the patch includes fixes for a flaw that attackers have recently pounced on to broadly deploy malicious software, both on Windows and Mac systems.
