Blackhole, CVE‑2012‑0507 and Carberp
The Blackhole exploit kit has been updated to version 1.2.3 and includes a new exploit for the Java CVE-2012-0507 vulnerability, which ESET calls Java/ Exploit.CVE-2012-0507
Adobe
2012 Predictions: East of Java
Java will consolidate its position as the successor to PDF and SWF in the favourite exploits stakes.
PDF Trojan Appears on Mac OS X
A new trojan has been released targeting the Macintosh Chinese-language user community. The trojan appears to the user to be a PDF containing a Chinese language article on the long-running dispute over whether Japan or China owns the Diaoyu Islands. When the user opens the “PDF” file, it attempts to mask the installation
X Rated
No, this is not about porn, but rather about Adobe. The newest version of Adobe’s PDF reader is called Adobe X. If you are like me, your copy of Adobe Reader (or Adobe Acrobat) did not automatically upgrade to the newest version. Adobe X incorporates a sandboxing technology to try to help mitigate the numerous
Sandboxie and Adobe X (and ESET too)
I recently upgraded my copy of Adobe Reader to Adobe Reader X, the new version that sandboxes the PDF reader. I immediately had problems with PDFs that I tried to open from the internet. I uninstalled Reader X and reinstalled to no avail. I suspected that there might be an issue between Sandboxie and Reader
Adobe Flash, The Spy in Your Computer – Part 5
I didn’t expect a part 5, but here it is! Adobe has announced that they will be making some significant changes to Flash. In a blog post http://blogs.adobe.com/flashplatform/2011/01/on-improving-privacy-managing-local-storage-in-flash-player.html Adobe’s marketing machine really pours it on thick, but there appears to be some good news. In the blog it is stat4ed that a future release of
Fake Adobe Updates
An email headed “ADOBE PDF READER SOFTWARE UPGRADE NOTIFICATION” has been spammed out recently: of course, it’s a fake, linking to a site that isn’t Adobe’s.
Adobe, Make My Day Too….
Adobe, when I disable JavaScript, STOP SILENTLY RE-ENABLING IT WHEN YOU UPDATE....
Java: Worse than Adobe and Microsoft for vulnerabilities?
Brian Krebs thinks so: Java is now among the most frequently-attacked programs, and appears to be fast replacing Adobe as the target of choice for automated exploit tools used by criminals. Of the systems which I personally administrate as the ‘Chief Family Technology Officer’, the Java updates constantly annoy and confuse my mom who uses
Cross‑platform Security Advisory for Flash Player, Adobe Reader and Acrobat
Ouch. This affects virtually everyone including Mac, Linux, and Windows users. More can be found here at the PSIRT site. And yes, there is malware already associated already with it. A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that
Fake Adobe Updates
Adobe's Product Security Incident Response Team (PSIRT) reports that malicious emails are circulating claiming to be Adobe security updates, many of them signed by "James Kitchin" of "Adobe Risk Management", or a similar (presumably mythical) team. Adobe says that the messages include links to download instructions for a security update that addresses "CVE-2010-0193 Denial of Service
Another Look at Koobface: How It Infects Facebook Users
Earlier this month, we reported on the massive new Koobface campaign making the rounds through Facebook and how it tricked users into downloading and running it through that tenet of social engineering, the fake codec. We now have a video showing how the Koobface worm tricks users into running it: NOTE: The audio is not
Keeping Adobe Reader and Acrobat Safe
Yesterday we blogged about a problem in the design of PDFs that can lead to exploitation. http://www.eset.com/blog/2010/04/06/pdfs-exploitable-im-shocked The problem is that PDFs are now designed to be able to include executable attachments and to execute them. Foxit has released a fix for their software. If you use Foxit then you should make sure your version
PDFs Exploitable?!? I’m shocked…
September 2009 saw some key security analysis raining directly onto the Adobe PDF platform, particularly with SANS pointing towards remote code execution within PDFs as one of the top threat vectors: Adobe Acrobat, Reader, and Flash Player Remote Code Execution Vulnerability (CVE-2009-1862) Adobe Reader Remote Code Execution Vulnerability (CVE-2009-1493) Kudos to Adobe for patching these
World‑Cup Malware: the Kick‑Off
Looking into their crystal balls (no jokes, please) at the end of 2009, our colleagues in Latin America came up with a prophecy that was later incorporated into a white paper (2010: Cybercrime Coming of Age): In June 2010, one of the most popular regular sports events, the soccer World Cup, will take place in
Patchwork for the Home and the Enterprise
SC Magazine's Dan Raywood reports that "To be completely patched requires an average of between 51 and 86 actions per year", quoting findings by Secunia that " in order for the typical home user to stay fully patched, an average of 75 patches from 22 different vendors need to be installed, requiring the user to
Adobe, Javascript, and the CVE‑2009‑4324 Exploit
There has been quite a lot of traffic in the last few weeks about the doc.media.newPlayer vulnerability referenced in the CVE database as CVE-2009-4324. The following Adobe articles refer: http://www.adobe.com/support/security/advisories/apsa09-07.html http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html http://blogs.adobe.com/psirt/2009/12/security_advisory_apsa09-07_up.html Today’s article at the Internet Storm Center by Bojan Zdrnja (http://isc.sans.org/diary.html?storyid=7867) gives a lot of detail on a particularly inventive exploit of the
PDF – Pretty Darned Fatal
Adobe PDF files were supposed to be a safe alternative to Microsoft Word documents in a time when Microsoft offered no effective protection against macro viruses and had virtually no security model in Office at all. Times change. Microsoft Word documents rarely spread macro viruses and have not for a long time if you are
Do Security Like a Pro (or not)
A report from SANS concludes that security professionals may not be paying attention to some of the biggest threats out there today. Not terribly long ago the Windows operating system was the attack target of the bad guys. There were tons of exploitable vulnerabilities and they were heavily exploited. Since that time Microsoft has put
Keep Those Third Party Apps Patched!
You may have seen some news today about a new vulnerability that can potentially affect Windows Vista. Microsoft will have a patch for the flaw, hopefully before it is exploited. Of course, Microsoft had a patch for the flaw that Conficker exploited, but too many people are not patching anything. It’s a good idea to