Browsing Category: Vulnerabilities

Categories: Vulnerabilities

From ZDNet (Dancho Danchev)

According to a research published by Trusteer earlier this month, 79.5% of the 2.5 million users of their Rapport security service run a vulnerable version of Adobe Flash, with 83.5% also running a vulnerable version of Acrobat.

The company has also criticized Adobe by insisting that their update mechanism “does not meet the requirements of a system that is used by 99% of users on the Internet and is highly targeted by criminals“, but is praising the update mechanism of Google’s Chrome and Firefox, whose silent updates close the window of opportunity for malicious attackers to take advantage of.  Read the full story [zdnet.com]  See the Trusteer study [PDF]

Read more...

Categories: Vulnerabilities

From C|Net (Elinor Mills)

Cisco Systems wireless local area network equipment used by many corporations around the world is at risk of being used in denial-of-service attacks and data theft, according to a company that offers protection for WLANs.

Researchers at AirMagnet, which makes intrusion-detection systems for WLANs, discovered the vulnerability, which affects all lightweight Cisco wireless access points, as well as the exploit that could be used against networks that have the Over-the-Air-Provisioning (OTAP) feature turned on.  Read the full story [cnet.com]

Read more...

Categories: Vulnerabilities

From internetnews.com (Sean Michael Kerner)
 
Tens of millions of people around the world use Adobe’s Flash and PDF reader technologies. How many of them update regularly?

The issue of updated Flash and Adobe Acrobat PDF clients is an important one, as Adobe recently patched both technologies for security vulnerabilities that could expose users to risk. Yet security vendor Trusteer recently examined its own users and found that at least 80 percent were running unpatched versions of Flash and Adobe Acrobat. Read the full story [internetnews.com]

Read more...

Categories: Vulnerabilities

How much does a bot cost these days? Like everything else in our economy, the price of a bot-infected PC fluctuates significantly, based on supply, demand, volume purchased and any number of other factors. But according to research done by the folks at Cisco, bots can be had for as little as 10 cents right now. It’s a buyer’s market.

Read more...

Categories: Vulnerabilities

From Zero in a Bit (Tyler Shields)
Trust has long been a favorite target of malicious individuals. Most people would say that proper management of trust is one of the primary cornerstones of information security. Trust is a relative term and all trust relationships should be examined with a very critical eye. Ken Thompson’s seminal paper “Reflections on Trusting Trust”, which won a Turing Award, addresses in detail why we can never be fully sure of the trust relationships in our development environment. Read the full story [Zero in a Bit].

Read more...

Categories: Vulnerabilities

The “critical” WINS vulnerability that Microsoft issued a patch for last week is now being exploited actively in the wild, according to the SANS Institute [sans.org].
The Internet Storm Center (ISC), which is operated by SANS, is receiving preliminary reports that hackers are targeting Microsoft’s WINS service on Windows NT, 2000 and 2003 servers.  Read the full story [networkworld.com]

Read more...

Categories: Vulnerabilities

Adobe’s never-ending run on the security treadmill hit a new gear this week with the release of patches to cover serious vulnerabilities in the ColdFusion and JRun web design and development platforms.
The patches, rated critical, cover a total of 7 vulnerabilities, some of which “could lead to the potential compromise of user accounts or the affected system,” according to an advisory from Adobe.  They affect ColdFusion v8.0.1 and earlier versions, and JRun 4.0.  Read the full story [zdnet.com]

Read more...

Arbor Networks security researcher Jose Nazario has stumbled upon a crimeware botnet using Twitter as its command-and-control operation.
The botnet, which is linked to identity thieves in Brazil, uses Twitter status messages to communicate with bots — sending new links for the infected computers to contact and new commands and executables to download and run.   Read the full story [arbornetworks.com]

Read more...

Apple has released Safari 4.0.3 to fix at least six security vulnerabilities that put Mac and Windows users at risk of hacker attacks.
The update is considered highly-critical and should be immediately applied on both Windows and Mac systems because of the risk of information disclosure, phishing and remote code execution attacks. See Apple’s advisory for details [apple.com]

Read more...