Security holes found in Windows, Office, Internet Explorer, Adobe… Start patching now!

Critical security patches have been released for Microsoft and Adobe products. Have you installed them yet?

Update Flash now! Adobe releases patch, fixing critical security holes

It’s time to update Flash once again, and don’t forget to reduce the attack surface by enabling “Click to Play”… or uninstall it altogether.

Adobe rushes to patch Flash flaw under attack

Adobe Systems has issued a sizeable security update with patches for 36 vulnerabilities, at least one of which is currently under attack in the wild.

Critical vulnerabilities in Windows and Adobe Reader exposed by hacker

A hacker has published an extensive list of Adobe Reader and Windows vulnerabilities based on his research into a relatively obscure area of font management.

Adobe crowdsources its bug-hunting, but no rewards offered

Adobe, the company behind Flash, Photoshop and Adobe Reader, has launched a program encouraging security researchers to find and report possible vulnerabilities to the firm.

Click-To-Play: mejorando la seguridad de los navegadores

La funcionalidad click-to-play hace que un usuario tenga la posibilidad de elegir entre ejecutar o no un complemento presente en una página web, y tal vez por eso se está popularizando entre los internautas. Veamos de qué se trata y por qué es importante para una navegación segura.

Adobe publicó un parche para el Zero-day en Internet Explorer

Adobe lanzó ayer un parche para Adobe Flash, que imposibilita la ejecución del zero-day en Internet Explorer. Fue publicado pocas horas después de que el gobierno de Estados Unidos recomendara a los usuarios de Internet Explorer que cambiaran de navegador, según el comunicado de prensa del United States Computer Emergency Readiness Team (US CERT). La actualización

Protégete del nuevo Zero-Day en Internet Explorer y Flash

El pasado sábado 26 de abril, Microsoft dio a conocer una vulnerabilidad de tipo 0-day en su navegador Internet Explorer, la cual podría permitir ejecución de código remoto. Este error afecta a todas las versiones del navegador, desde la 6 hasta la 11. Esta es la primera vulnerabilidad que no va a corregir para Windows

Sandboxing: jugando en un ambiente controlado

El escalar privilegios suele estar entre los objetos principales de los atacantes, porque de lograrlo podrán hacer lo que deseen con el sistema vulnerado. En este contexto se hace presente el sandboxing, una técnica que permite aislar una ejecución para que los recursos generales del sistema no se vean comprometidos. Uno de los placeres más

Firefox, Internet Explorer y Adobe vulnerados en concurso de ethical hacking

Esta semana se ha desarrollado el concurso Pwn2Own, en el que se repartieron $400.000 a algunos participantes que han logrado vulnerar aplicaciones tan populares como Internet Explorer, Safari, Mozilla Firefox y algunos productos de Adobe. El grupo francés Vupen, conocido por comercializar las vulnerabilidades que han encontrado, se alzó con el premio más grande otorgado,

Exploit Protection for Microsoft Windows

we provide more detail on the most exploited applications and advise a few steps users can (and should) take to further strengthen their defenses.

Facebook helps out users who used same password on Adobe – by blocking them

Facebook users who used the same email and password on their Adobe and Facebook accounts have been offered a helping hand by Facebook in the wake of the recent massive breach at Adobe, which leaked account data for 38 million users.

Adobe and Microsoft release critical patches for March

Adobe and Microsoft have both released patches this week to address vulnerabilities in respective software applications and advise all users to apply the patches as soon as possible, if applicable to them.

Much Ado About Facebook

The Reuters news agency reported earlier today a sudden increase in violent and pornographic images and videos on Facebook.  A quick review of my personal account and a check-in with my other Facebook-wielding colleagues revealed a couple of nothing more than a couple of suggestive pictures, complete with snarky comments embedded in them, from the

New Apple OS X Malware: Fake Adobe Flash Installer

A new attack against Apple Mac OS X Lion (10.7) has been detected by Intego. The threat is a Trojan, dubbed Flashback, installed via a fake Adobe Flash installer downloaded from a third party site. As with the MacDefender and Revir malware, the Flashback attack uses social engineering to entice the user to download then

Fake Windows Updates Are Easy to Avoid

Our friends (and competitors) at Sophos blogged about a new threat that poses as a Windows Update and then infects unsuspecting users with a fake antivirus product. The update appears to be very real and is tricking users. While my colleagues at Sophos offer excellent advice to help people protect themselves (as I believe we

Adobe Flash, The Spy in Your Computer – Part 5

I didn’t expect a part 5, but here it is! Adobe has announced that they will be making some significant changes to Flash. In a blog post http://blogs.adobe.com/flashplatform/2011/01/on-improving-privacy-managing-local-storage-in-flash-player.html Adobe’s marketing machine really pours it on thick, but there appears to be some good news. In the blog it is stat4ed that a future release of

Adobe Flash, The Spy in Your Computer – Part 2

In the first part of this blog I told you how to use the basic Flash configuration utility. This blog is for the techies. This time I’ll share with you how to shut the doors on Flash and only open them to the sites you want to trust. Very few people seem to know that

Adobe Flash, The Spy in Your Computer – Part 1

Adobe Flash is, in my opinion, the most ubiquitous spyware in the world and no products detect it as such. The reason it goes undetected is that it also has numerous legitimate uses, however, there is growing evidence that indicates significant abuse. This will be the first in a series of blogs in which I

Adobe Updates

Adobe has just released an update for 20 vulnerabilities in Shockwave Player, most of which could allow an attacker to execute malicious code. The bulletin APSB10-20 – Security update available for Shockwave Player – refers. According to Jeremy Kirk's Macworld report and the Adobe advisory, the vulnerabilities affect both Windows and OS X versions up to

Follow us

Copyright © 2017 ESET, All Rights Reserved.