Adobe released an advisory yesterday suggesting a manual mitigation for zero-day vulnerabilities in its Reader and Acrobat products that are being actively exploited in the wild. The exploit is the first sandbox escape in Adobe Reader X and above.
A ransomware ring was taken down Wednesday in the United Arab Emirates and Spain by Europol and Spanish law enforcement, smashing an operation that netted more than €1 million annually.
The Industrial Control System CERT released an advisory this week warning of a vulnerability in a popular sensor monitoring system used in a number of critical industries, including energy, water and manufacturing.
UPDATE-Attackers are using malicious PDFs posing as an application for an international travel visa to exploit a zero-day vulnerability in Adobe Reader and Acrobat, a researcher at FireEye told Threatpost today. The exploit is the first to escape the sandbox included in Reader X and above.
What’s better than one Flash Player update a week? Why two, of course.Adobe released its regularly scheduled security updates today, including another set of fixes for its ubiquitous Flash Player, less than a week after an emergency patch took care of two zero-day vulnerabilities being exploited in the wild.
Internet Explorer continues to dominate Microsoft’s 2013 security updates. Among the 12 bulletins and 57 vulnerabilities patched in today’s release was a cumulative update for the maligned browser and another fix for a bug being exploited in the wild.Last month, an out-of-band fix for IE 6-8 patched zero-day flaws being exploited in a series of watering hole attacks against government, telecommunications, manufacturing and human rights sites.
This week figures to be a high-profile time for cybersecurity on Capitol Hill. Reports say President Barack Obama will issue a long-awaited executive order shortly after tonight’s State of the Union address, while another stab at getting the controversial CISPA cybersecurity bill signed into law could make its way to Congress tomorrow as well. The president is expected to discuss the executive order during tonight’s address.
Week one of the Mega cloud storage service bug bounty is in the books and at least three payouts have been made. Controversial entrepreneur and MegaUpload founder Kim Dotcom made the challenge last week offering a €10,000 reward to anyone who could break the encryption protecting the service.
For now, the Lucky Thirteen attacks described in a paper last week by researchers at Royal Holloway, University of London, are largely theoretical. But the potential exists to adapt techniques used in the BEAST attacks against TLS/SSL to improve the feasibility of Lucky Thirteen, a researcher said.
Tired of all those malware and vulnerability reports that count how many of each have been reported to security companies? Well, Microsoft has taken a different tack in its latest Security Intelligence Report (SIR) by globally comparing regions’ relative security against socio-economic factors including the maturity of a national or regional cybersecurity policy.The results aren’t so surprising; areas such as Europe with well-defined, long-standing and enforceable policies rate much better than less developed nations where crime per capita is higher, there’s less broadband penetration and a higher rate of piracy.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
