Hackers exploiting Flash Player zero-day bug Attackers are already exploiting an unpatched bug in the latest version of Adobe's popular Flash Player, security researchers said today. Read more...
The bug, which is in the most up-to-date version of Flash, was reported by researchers at the SANS Institute's Internet Storm Center and by others from Symantec Corp.
"Adobe Flash Player is prone to an unspecified remote code-execution vulnerability," Symantec said in a warning posted to its SecurityFocus site. "An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
"Symantec has observed that this issue is being actively exploited in the wild," the company added.
Followup to Flash/swf stories
We've received quite a bit of mail about our stories yesterday about the malicious SWF files attempting to exploit older versions of the Adobe Flash player. So, here are a few of the things that have come out of our discussions.
Our friends over at shadowserver.org (thanx, Steven) have a nice writeup that includes a bunch of domains they've noted that have the malicious SWF files.
If you aren't sure which version of the flash player you are using, Adobe provides this page where you can check for yourself.
On closer examination, this does not appear to be a "0-day exploit". Symantec has updated their threatcon info, as well.
It appears that this exploit may be included in the Chinese version of the MPack exploit toolkit (among others).
In case we weren't clear about it earlier, it appears that the infected web sites check which browser you are using in addition to the flash player version to determine which exploit to deliver.
There are several ways to protect yourself even if you have a vulnerable version of the Flash player.
In Firefox, you can use either of the following add-ons, NoScript (one of our favorites, found here or here) or FlashBlock (here or here).
In IE, see here for how to set the "killbit", the CLSID is BD96C556-65A3-11D0-983A-00C04FC29E36.
Symantec tells users: Disable protection before XP SP3 upgrade
"We have determined that the SymProtect feature is involved, though this issue is not exclusive to Symantec customers. To help prevent this issue from occurring, you should disable SymProtect prior to installing the Windows XP SP3 upgrade."
TJX staffer sacked after talking about security problems
U.S. convicts 15th in largest music piracy case
Gitarts, who used the alias Dextro, was the 15th member of the group to be convicted on piracy charges. All were charged in early 2004 when law enforcement agents around the world acted on search warrants aimed at several online piracy groups.
The other 14 members of the Apocalypse Production Crew who were charged have pleaded guilty.
Cisco Security Advisory: Cisco IOS Secure Shell Denial of Service Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sa-20080521-ssh.shtml
Summary
The Secure Shell server (SSH) implementation in Cisco IOS contains multiple vulnerabilities that allow unauthenticated users the ability to generate a spurious memory access error or, in certain cases, reload the device.
Shape Shifting Malware Threat Reported by Swiss Cybercrime Operation
http://www.crime-research.org/news/27.05.2008/3387/
"Self changing code designed to dynamically evade recognition is a fact of life, it automatically adapts to the anti-spam and anti-malware engines that it encounters. Unfortunately the knowhow and construction kits used to create this shape shifting threat are now readily available and are unleashing a wave of shape shifting malware based on social engineering techniques. Highly targeted emails containing personalised information and shape shifting trojan attachments are the latest development and each positive infection increases the 'hit rate' for the next wave of emails sent out by the self learning automated engines used by sophisticated attackers", continued Sweeney.
Deutsche Telecom Spied on Employees, Journalists - 5/27/2008 5:45:00 PM Major German service provider violated privacy laws by analyzing phone records in an attempt to stop leaks to the press.
New Smart Phone Hack Could Expose Cell Network - 5/27/2008 3:35:00 PM Researchers to release hacking tool that gathers information about the cellular network to which a smart phone is connected
Tracking People with their Mobile Phones
Not that we didn't think it was possible:
The surveillance mechanism works by monitoring the signals produced by mobile handsets and then locating the phone by triangulation measuring the phone’s distance from three receivers.
[....]
The Information Commissioner's Office (ICO) expressed cautious approval of the technology, which does not identify the owner of the phone but rather the handset's IMEI code -- a unique number given to every device so that the network can recognise it.
Adobe Flash Player Unspecified Vulnerability - Extremely critical - From remote
Issued 6 hours ago.
A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
EMC AlphaStor Multiple Vulnerabilities - Moderately critical - From local network
Issued 8 hours ago.
Some vulnerabilities have been reported in EMC AlphaStor, which can be exploited by malicious people to compromise a vulnerable system.
Samba "receive_smb_raw()" Buffer Overflow Vulnerability - Highly critical - From remote
Issued 6 hours ago.
Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system.
Microsoft: Kraken nearly Storm's sizeNews Brief, 2008-05-27Early data from the software giant's anti-malware service indicates that the Kraken botnet is only about 20 percent smaller than Storm.
TJX completes Mastercard breach settlement
BobJacobsen writes "FCW has an article about a NASA employee that was suspended for blogging on government time. Seems the unnamed employee's "politically partisan" blog entries were a violation of the Hatch Act. The article ends with a chilling quote from the government's Special Counsel in the case: 'Today, modern office technology multiplies the opportunities for employees to abuse their positions and — as in this serious case — to be penalized, even removed from their job, with just a few clicks of a mouse'" Thing is, he was soliciting campaign donations and writing partisan stuff.
"Tickets to the Olympic opening and closing ceremonies will contain a microchip with information about the ticket holder, including a photograph, passport details, addresses, e-mail, and telephone numbers. The stated intent is to keep troublemakers out of the 91,000-seat National Statdium so that they cannot cause disruptions while China is on world-wide television, but it brings up serious concerns for privacy and identity theft."
Cram this: a firsthand account of my recent cramming
When my phone and Internet bill mysteriously doubled in a single month, I found myself on the wrong side of a good "cramming." Semi-shocking true story inside.
May 27, 2008 - 11:35PM CT - by Nate Anderson
...The ESBI firms all let slip bits of information about whoever had allegedly signed me up for these services, but it was ILD's operator who filled in the picture. Through her, I finally assembled the complete name and address that had been entered into an online form, and I finally got the address of the form in question: usprizedraw.com.
UK theme park bans PDAs, mandates family fun time
A UK theme park is experimenting with banning PDAs this week. The policy could be made permanent if successful, signaling an increased willingness to make people in public stop and smell the roses.
May 27, 2008 - 10:10AM CT - by David Chartier
Microsoft is hellbent on touch
Larry Dignan: Windows 7 will rely heavily on touch and it's really easy to be skeptical about Microsoft's latest plans. But this time could be different.
Mary Jo Foley: See the demo of Windows 7 multi-touch
Mary Jo Foley: Microsoft readies new 'don't blame Windows' tool
Windows 7: Now a late 2009 deliverable (again)
You got malware… with bugs included!!
Latest phishing schemes target Apple
Sue Marquette Poremba May 27, 2008
Apple's increasing popularity is leading to the company's users being targeted by phishing schemes.
Cisco IOS Rootkit Demonstrated
While rootkits for common operating systems, like Windows, are well known, they haven't been a security issue for Cisco's IOS until now.
http://www.informationweek.com/news/security/management/showArticle.jhtml?articleID=208400389
Hackers Blast Russian Nuclear Power Websites Offline By Grey McKenzie Today
China Launches Cyber Attack Against Tibetan Dissident By Grey McKenzie Today
European Union's Cyber Security Agency Calls For More Funding By Grey McKenzie Today
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment