Michael Mimoso

FireEye reported today it had detected a new critical PDF attack targeting the aviation defense industry. Malware Page exploits a stack-based buffer overflow vulnerability in Adobe Acrobat and Adobe Reader. An attacker would be able to execute code remotely via a crafted argument to the getIcon method of a Collab object, according to the CVE alert.

A botnet known as Nitol, built on the backs of PCs and laptops loaded with malware somewhere in the supply chain, was taken down by Microsoft. Microsoft’s Digital Crimes Unit was given permission this week by the U.S. District Court for the Eastern District of Virginia to take over the 3322.org domain and more than 70,000 sub-domains hosting the Nitol botnet. 

Microsoft has reversed course and said it will patch a serious Adobe Flash vulnerability in Windows 8 and Internet Explorer 10 before the new Microsoft OS ships Oct. 26. Microsoft had previously said it would wait until after the ship date to update Flash, which is integrated into the browser.

A flaw in the EMV protocol which lays out the rules for chip-and-PIN card transactions at ATMs and point-of-sale terminals could enable persistent attackers to carry out bogus card transactions.

Symantec is warning Android users of a new malicious application posing as a famous Anime character that steals personal contact information stored on the device and sends it to a third party.

When David Schuetz woke up last Friday, little did he think he’d be a central figure in clearing the FBI’s good name, much less end up on the NBC Nightly News, but that’s exactly what happened.

The co-founder of the Apache HTTP Server Project is under fire for a patch that instructs the world’s most popular Web server to ignore the Do Not Track privacy setting enabled by default in Internet Explorer 10.