The newly discovered vulnerability in Adobe Reader and Acrobat that the company is planning to patch next week is being used to install a known Trojan that has been used in attacks against other Adobe vulnerabilities in the past.
Adobe said a previously undisclosed vulnerability in its Reader and Acrobat applications was passed along by defense contractor Lockheed Martin, raising the specter of a targeted attack on the important military supplier.
You only have to glance at the headlines to know that the state of computer application security is bad. But a new report from Veracode makes clear how bad: just 16 percent of almost 10,000 applications tested in the last six months received a passing security grade on their first attempt.
Facebook has fixed a critical flaw in a user feedback feature that allowed any user to access private photos posted in other users accounts. Before it was fixed, the flaw was used to hack the account of Facebook CEO Mark Zuckerberg and post photos online.
Adobe is warning users about a critical vulnerability in its Reader and Acrobat applications that could lead to remote code execution. There are reports that attackers already are using the Reader bug in targeted attacks, and Adobe said it plans to have a patch ready by next week.
Adobe has patched a security flaw in its Flex SDK product that could lead to cross-site scripting attacks against some applications that were built using the SDK. The vulnerability affects versions 3.6 and below and 4.5.1 and below.
Java has become virtually unavoidable in the last few years, and it’s installed on hundreds of millions of PCs around the world. A huge number of those installations are vulnerable versions of Java, and this fact has not escaped the attention of attackers, who have made the technology one of their favored targets. In fact, new data from Microsoft shows that Java exploits were the most prevalent in the first six months of 2011, and that attackers often use exploits for bugs that are several months or years old.
In the wake of a highly visible hack of its network infrastructure, a spokeswoman for the United Nations Development Programme (UNDP) says that hackers from the group TeamP0ison compromised an unpatched server and that e-mail addresses and account passwords exposed in the attack were outdated.
Researchers have known for years that virus writers and attackers pay close attention to the analyses researchers do of their work, and it appears that the Duqu authors are no exception. Shortly after the first public reports about Duqu emerged in early autumn, the crew behind Duqu wiped out all of the command-and-control servers that had been in use up to that point, including some that had been used since 2009.
Columbia University researchers say tens of millions of printers may have flawed firmware that could allow hackers to remotely set fires, erase code and infiltrate computer networks, according to a report on MSNBC’s Red Tape Chronicles blog today.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
