Vulnerabilities


The Penetration Testing Marketplace in 2010

By Nick Selby (Managing Director,
Trident Risk Management)

Vulnerability assessment vendor Rapid7
has announced the first of a series of steps to integrate its
penetration testing and vulnerability assessment scanning products. The
first step is a module that allows users of the Metasploit Framework,
which Rapid7 acquired in October to natively import NeXpose scanner results and then take automated action against vulnerabilities MSF is capable of attacking.

RIM Patches Critical BlackBerry PDF-Distilling Flaws

Hackers
can use maliciously rigged PDF files to hack into corporate systems
hosting the BlackBerry Attachment Service, according to a warning from
the makers of the popular smartphone.
Research in Motion (RIM) issued an advisory with patches for
multiple flaws in the PDF distiller service and warned and an attacker
could exploit the issues by simply e-mailing a booby-trapped PDF file
to a BlackBerry user.

Koobface Stocking Stuffer Malware

The Koobface botnet, one of the most efficient social engineering driven botnets, is entering the Xmas season with a newly introduced template spoofing a YouTube video page, in between enticing the visitor into installing a bogus Adobe Flash Player Update (New Koobface campaign spoofs Adobe’s Flash updater), which remains one of the most popular social engineering tactics used by the botnet masters. Read the full article. [ZDNet]


Seven restaurants in Louisiana and Mississippi, have filed a class-action suit
against Georgia-based Radiant Systems for producing a point-of-sale
(POS) system that they say was not compliant with payment card industry
security standards and resulted in an undetermined number of customers
having their debit and credit card numbers stolen by a Romanian hacker. Read the full article. [Wired]

Whether Hannaford Bros. customers may recover damages for the time and
trouble it took them to straighten out their bank or credit card
accounts after the Scarborough-based firm’s computer system was
breached in late 2007 and early 2008 now is up to the Maine Supreme
Judicial Court. Read the full article. [Bangor Daily News]

A U.S. district court judge has ordered the largest “spam gang” in the
world to pay nearly $15.2 million for sending unsolicited e-mail
messages marketing male-enhancement pills, prescription drugs, and
weight-loss supplements, according to the U.S. Federal Trade Commission. Read the full article. [InfoWorld]

The notorious information-stealing Zeus trojan is currently spreading via drive-by download. Those behind Zeus, or Zbot, recently began circulating spam claiming to
come from the Internal Revenue Service (IRS), requesting users submit a
“tax refund request form” by clicking on a link that is provided. Read the full article. [SC Magazine]

There is an ongoing attack against some WordPress implementations that is trying to brute-force the passwords for the administrator accounts on the installations. The attack is being driven by an automated PHP script that tries thousands of possible passwords.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.