The largest cyber security blog
Adobe has released an emergency update for its Flash Player software that fixes three critical vulnerabilities, two of which the company warns are actively being exploited to compromise systems. In an advisory, Adobe said two of the bugs quashed in this update (CVE-2013-0643 and CVE-2013-0648) are being used by attackers to target Firefox users. The company … Читать далее
Adobe and Oracle each released updates to fix critical security holes in their software. Adobe’s patch plugs two zero-day holes that hackers have been using to break into computers via Adobe Reader and Acrobat. Separately, Oracle issued updates to correct at least five security issues with Java. The Java update comes amid revelations by Apple, … Читать далее
Malware Found Matches Code Used Vs. Defense Contractors in 2012 Cyber espionage hackers who broke into security firm Bit9 initially breached the company’s defenses in July 2012, according to evidence being gathered by security experts investigating the incident. Bit9 remains reluctant to name customers that were impacted by the intrusion, but the custom-made malicious software used in … Читать далее
A Christmas Eve cyberattack against the Web site of a regional California financial institution helped to distract bank officials from an online account takeover against one of its clients, netting thieves more than $900,000. At approximately midday on December 24, 2012, organized cyber crooks began moving money out of corporate accounts belonging to Ascent Builders, … Читать далее
Adobe is warning that attackers are exploiting critical flaws in its PDF Reader and Acrobat software to break into vulnerable systems, and that the exploit being used in attacks evades the sandbox protection built into these products. The company issued an advisory about the threat on Wednesday, which confirms many of the details first disclosed by … Читать далее
The Los Angeles Times has scrubbed its Web site of malicious code that served browser exploits and malware to potentially hundreds of thousands of readers over the past six weeks. On Feb. 7, KrebsOnSecurity heard from two different readers that a subdomain of the LA Times’ news site (offersanddeals.latimes.com) was silently redirecting visitors to a … Читать далее
Adobe and Microsoft each have issued security updates to fix multiple critical vulnerabilities in their products. Adobe released updates for Flash Player, AIR and Shockwave; Microsoft pushed out a dozen patches addressing at least 57 security holes in Windows, Office, Internet Explorer, Exchange and .NET Framework. Five of the 12 patches Microsoft released today earned … Читать далее
At a time when Apple, Mozilla and other tech giants are taking steps to prevent users from browsing the Web with outdated versions of Java, Yahoo! is pushing many of its users in the other direction: The free tool that it offers users to help build Web sites installs a dangerously insecure version of Java … Читать далее
Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known “safe” files from computer viruses and other malicious software. Waltham, Massachusetts-based Bit9 is a leading provider of … Читать далее
Adobe today pushed out an emergency update that fixes at least two zero-day vulnerabilities in its ubiquitous Flash Player software — flaws that attackers are already exploiting to break into systems. Interestingly, Adobe warns that one of the exploits in use is designed to drop malware on both Windows and Mac OS X systems. Adobe … Читать далее