Criminal hackers launched an attack campaign earlier this week in which they sent a slew of emails purporting to come from the financial software developer Intuit. The emails contained links that led to sites hosting the Blackhole exploit kit in an apparent attempt to infect the machines of corporate users.
Adobe has upgraded the security capabilities of both Reader and Acrobat with new releases this week, extending the functionality of the sandbox and adding a feature that forces all of the DLLs loaded by the applications to use ASLR, regardless of whether they originally were compiled with ASLR enabled.
A zero-day vulnerability in Novell ZENworks Asset Management Software 7.5 gives access to any files with system privileges and could also allow an attacker to grab configuration parameters, including the backend credentials in clear text, according to Rapid7 exploit developer Juan Vazquez who discovered the vulnerability and wrote an exploit module for Metasploit
Oracle will not patch a critical sandbox escape vulnerability in Java SE versions 5, 6 and 7 until its February Critical Patch Update, according to the researcher who discovered the flaw. Adam Gowdiak of Polish security firm Security Explorations told Threatpost via email that Oracle said it was deep into testing of another Java patch for the October CPU released yesterday and that it was too late to include the sandbox fix.
Zero-day vulnerabilities and exploits dominate headlines and most heated information security discussions. In truth, however, there are relatively few of these attacks hitting a small number of hosts, according to new research on the subject.
Buckle up Oracle administrators for 109 patches coming your way tomorrow. Oracle’s quarterly Critical Patch Update is due, and the company is releasing fixes for security vulnerabilities across most of its enterprise products, addressing a host of remotely exploitable flaws. This comes a little more than a month after exploits of a serious zero-day vulnerability in Java were reported, as well as a critical zero-day vulnerability in Java SE.
It’s been an interesting couple of days for Firefox users. First Mozilla released version 16 of the popular browser on Wednesday, then quickly pulled it back yesterday after a serious security vulnerability was found in the new version. Less than 12 hours later, Mozilla had repaired the problem and re-released the updated browser, but not before exploit code was released.
Mozilla announced it has re-released Firefox 16 after suspending downloads of the latest version of the Firefox browser because of a serious security vulnerability.
A researcher said a fix released by Authentec on Sept. 18 falls short of repairing a serious vulnerability in the company’s UPEK Protector Suite fingerprint reader software used as an authenticator on many new consumer and business laptops.
Cisco Systems released fixes for 15 vulnerabilities in three of its major product lines on Wednesday, including two different security appliances. The vulnerabilities would either allow an attacker to remotely execute code on a compromised machine, or execute a denial-of-service attack. Cisco said it is not aware of public exploits for any of the vulnerabilities.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
