Vulnerabilities


New Attacks Targeting Adobe PDF Flaw

There is a new, targeted attack that is going after the Adobe Reader and Acrobat zero-day vulnerability that was disclosed last month. The attack uses a sophisticated JavaScript-based exploit that includes shell code that is just 38 bytes long.

Microsoft Downplays Zero-Day IIS Issue

MS accepts there is an “inconsistency” in how IIS 6 handles semicolons in
URLs, but it denies that this lends itself to hacking attacks. Read the full article. [The Register]

Hacker Gonzalez Pleads Guilty to More Breaches

Notorious hacker Albert Gonzalez pleaded guilty Dec. 29 to conspiracy to hack into the computer networks of Heartland Payment Systems, 7-11 and Hannaford Brothers and faces sentencing between 17 and 25 years on top of his previous guilty plea for the TJX breach and others. Read the full article. [eWEEK]


At the 26th Chaos Communication Congress in Berlin, security researcher Fabian Yamaguchi demonstrated a number
of vulnerabilities that can apparently be found in many average
communication networks and affect all levels from the access layer to
the application layer. Read the full article. [The H Security]

If you’ve been doing some last minute Amazon holiday shopping on Wednesday evening, you’ve probably noticed that Amazon’s web site was sluggish and, at times, completely down; The same fate greeted Wal-Mart, Expedia, and a number of smaller sites. Read the full article. [Mashable]

Hackers have exploited flaws in a popular
open-source advertising software to place malicious code on
advertisements on several popular Web sites over the past week. Read the full article. [Computerworld]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.