Adobe’s second set of security updates coinciding with Microsoft’s monthly patch releases were made available today. The two bulletins include patches for vulnerabilities in Adobe Flash Player and Adobe ColdFusion.The Flash vulnerabilities for Windows are rated most severe by Adobe and successful exploits could result in crashes, or an attacker being able to remotely execute code.
There’s a little Michael Myers in the Kelihos botnet; maim it, kill it and it keeps on coming back to wreak more havoc. The 2011 takedown of the Kelihos botnet was one of Microsoft’s high-profile success stories against spambots and the like, yet Kelihos was back for more at the start of 2012 using dynamic fast-flux techniques to avoid detection and further shutdowns.
Google’s brand new application verification service for Android, released in JellyBean 4.2, fails to measure up to its commercial counterparts, according to researchers from North Carolina State University.The new service determines whether applications installed on Android devices are malicious, yet in comparisons with 10 leading antivirus engines, and even Google’s newly acquired VirusTotal scanner, the new service detects at best 20 percent of Android malware.
Infections from a nasty bit of malware, generally delivered by the Black Hole Exploit Kit, surged in November, hitting more than 83,000 machines.
Attacks against massive and proprietary enterprise accounting systems, in particular financial software such as SAP and Oracle, have been few and far between. That changed at this week’s Black Hat Abu Dhabi conference where a pair of researchers presented proof-of-concept code that could change the dynamic of the financially motivated attack landscape.
Online banking customers in Europe are falling victim by the thousands to a new banking Trojan that is infecting Android and BlackBerry devices and is capable of defeating two-factor authentication.
Small physician practices, much like their small commercial business counterparts, have been the primary source of health care related data breaches, according to an analysis of breaches from 2009 to October 2012 released today by the Health Information Trust Alliance (HITRUST).
A malware attack against the Tumblr blogging platform has been stifled, but not before tens of thousands of pages were defaced with a racist taunt by a group of Internet trolls known as GNAA.A post on the Tumblr staff blog yesterday said engineers had identified the source of the problem, removed the viral post and restored services. “No accounts have been compromised and you don’t need to take further action,” the post said.
UPDATE–Unix and Linux versions of Tectia SSH server as well as the open source versions of Free FTPD and FreeSSHD for Windows are vulnerable to a critical remote authentication bypass exploit published on the Free Disclosure List.
Mac malware targeting Tibetan supporters is being served on a website connected to the Dalai Lama. The Dockster Trojan, discovered by researchers at F-Secure, exploits the same Java vulnerability as the virulent Flashback Trojan that hit more than 600,000 OS X users earlier this year.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
