Adobe to Patch Reader Zero Day on Friday

Adobe plans to release a patch on Friday for the zero-day vulnerability in its Reader and Acrobat applications on Windows that is currently being used in some targeted attacks. The patches for the applications running on other platforms will be released next month during the next scheduled patch...

More Details of Sykipot Exploits Of Adobe Reader Flaw Surface

More evidence is beginning to emerge that the Adobe Reader zero-day bug revealed recently is being used in targeted attacks against companies and federal agencies. Researchers recently have come across fresh samples of malware exploiting the vulnerability by using files crafted to draw in employe...

Costin Raiu on Duqu, Stuxnet and Targeted Attacks

Dennis Fisher talks with malware researcher Costin Raiu about the investigation into Duqu, the likelihood that it was written by the same team as Stuxnet, whether a government is behind its development and what mistakes the authors made. Podcast audio courtesy of sykboy65 Subscribe to the Digital...

Stars Attack on Iran Was Early Version of Duqu

A few months after the hysteria around Stuxnet had died down, officials in Iran announced in April that some sensitive systems in the government’s networks had been attacked by a new piece of malware, known then as Stars. It now appears that attack was, in fact, the first appearance of an early...

Microsoft Releases Workaround For Kernel Flaw Used By Duqu

Microsoft has released a workaround for the Windows kernel zero-day vulnerability exploited by the Duqu malware, and said that it is working on a permanent patch, but didn’t specify a timeline for its release. The vulnerability is a serious one that can lead to remote code execution on vulnerable...

Microsoft Releases Security Advisory for Vulnerability in TrueType Font Parsing

Microsoft has released Microsoft Security Advisory 2639658 to address a vulnerability in the Win32k TrueType font parsing engine. By convincing a user to open a malicious email attachment, an attacker may be able to exploit this vulnerability and execute arbitrary code. Microsoft has indicated th...

Symantec Traces Attacks on Chemical Industry To 20 Year Old Chinese Hacker-For-Hire

A report from Symantec Corp. details a roving campaign of intellectual property theft controlled by a 20 year-old hacker for hire that relied on phishing e-mail, some old malware and command and control operations based in China. The company on Tuesday unveiled research on the targeted attacks,...

Duqu Trojan found in Indian Server

Duqu Trojan found in Indian Server Last week we update you about Duqu when Symantec said it had found a mysterious computer virus that contained code similar to Stuxnet, a piece of malware believed to have wreaked havoc on Iran's nuclear program. Two workers at a web-hosting company called Web...

Security Woes Deepen: Japanese Embassies Targeted With Malware

There are new reports that dozens of diplomatic computers Japanese embassies abroad were infected with malware this Summer. The news comes on the heels of recent news about malicious software attacks on Japanese defense contractors and the Japanese Parliament. A report in a local Japanese...

Analysis: Duqu Targets Certificate Authorities

With virus researchers scrambling to decode a new piece of malware that is based on the code of the Stuxnet worm, an analyst at McAfee is speculating that the new worm, Duqu, may have been created to target certificate authorities. Writing on McAfee’s research blog, Guilherme Venere and Peter Szo...

Researchers Analyzing Attack Patterns With Cloud-Based Malware Data

BARCELONA–Successful targeted attacks against companies such as RSA, Google and others have made huge splashes in the news in the last year or two and drawn a lot of attention to the phenomenon. But it’s not just the successful attacks that are interesting, security researchers say. In many cases...

Adobe Releases Security Advisory for Adobe Flash Player

Adobe has released a security update for Adobe Flash Player to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, or perform a cross-site scripting attack. Adob...

Obama-Favored Think Tank Used as Bait in Spear Phishing Attacks

Spear phishing attacks against U.S. government officials, politicians and public policy wonks are using a D.C. think tank favored by the Obama Administration as bait, according to a report from researcher Mila Parkour. A new report out from virus researcher Mila Parkour on the blog Contagio says...

EMC Foots $66 Million Bill For RSA Attack

EMC Corporation announced via an earnings call Tuesday that it spent $66 million during the second quarter on its security firm division RSA to recover from a cyberattack that compromised their SecurID product in March, according to a post on the Washington Post’s Post Tech blog. The money went...

Pastebin Could Hold Clues To Hack At Your Company

Worried that your organization might be the victim of a targeted attack or data breach? The proof may be right out in the open: posted for the world to see on Pastebin.com, LodgeIT, Pastie.org and other sites according to security expert Lenny Zeltser. Writing on his blog, Zeltser said that...

Spam Profits Down, Cybercrooks Flock to Targeted Attacks

HED: Report: Spam Profits Down, Cybercrooks Flock to Targeted Attacks DEK: A report from Cisco Systems suggests that cybercriminals are abandoning spamming for targeted attacks, which are more profitable. A new report from Cisco Systems Inc. analyzing illegal activities from spammers and other...

Josh Shaul on Broken Security, Targeted Attacks and Database Security

Dennis Fisher talks with Josh Shaul of AppSec about the current run of targeted attacks and data breaches, the state of denial among some security and IT staffs about the extent of the problem and what can be done to address the issues. Podcast audio courtesy of sykboy65 Subscribe to the Digital...

Apple Pushes Fix for 11 Java Bugs in OS X

Apple has released a patch for a number of critical flaws in its Java implementation in Mac OS X, and users are being encouraged to update their machines as soon as possible. The most serious of the 11 vulnerabilities fixed in the Java update can allow an attacker to bypass the sandbox and run...

Anup Ghosh on Targeted Attacks and the Need for Security Innovation

Dennis Fisher talks with Anup Ghosh of Invincea about the current wave of targeted attacks against high-profile companies such as RSA, the IMF and Citigroup and how the lack of innovation on the defensive side of the fence has made life easier for the attackers. Podcast audio courtesy of sykboy65...

FreeBSD : linux-flashplugin -- remote code execution vulnerability (55a528e8-9787-11e0-b24a-001b2134ef46)

Adobe Product Security Incident Response Team reports : A critical vulnerability has been identified in Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.23 and earlier versions for Android. This memory corruption...