Ad: Manage updates with the Download App
ie8 fix
  • CNET
  • News
  • All Vulnerabilities and attacks posts

Vulnerabilities and attacks

Adobe confirms targeted attacks due to security hole in Reader

A zero-day security flaw in Adobe Reader and Acrobat is being exploited through a series of targeted attacks against vulnerable computers, Adobe Systems said yesterday.

In a security bulletin, Adobe confirmed that the vulnerabilities could cause Reader and Acrobat to crash, potentially opening the door for an attacker to gain control of the system.

"Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message," the company revealed in the bulletin.

Adobe said it's … Read more

Hackers can easily breach Emergency Alert Systems

Hackers broke into several television stations' Emergency Alert Systems this week and broadcast that zombies were "rising from their graves" and "attacking the living."

While a comical hoax, security consultancy firm IOActive warns that this type of behavior is dangerous and not that hard for hackers to do, according to Computerworld. This week it's zombies, but next time it could be something that might make people really panic, such as an anthrax or terrorist attack.

IOActive says that devices used by TV and radio stations to air emergency alerts have critical vulnerabilities that make them … Read more

Old OS X malware used in increased attacks against Uyghur groups

Kaspersky labs and Alienvault have released a new analysis that outlines recent increases in targeted attacks against Uyghur groups in China, where an apparent ongoing politically motivated effort is using old vulnerabilities in Microsoft Word to infect their systems with malware.

The effort is using unpatched versions of Microsoft Word 2004 and 2008 for OS X, where maliciously crafted documents can exploit an old and patched vulnerability to execute code and install backdoor software without the user's consent. The malware in this case installs a common remote-access shell called "TinySHell" that in itself is not intended as … Read more

Microsoft delivers fixes for Windows 8, Windows RT

It's February 12, yet another Patch Tuesday. Among the security fixes aplenty that Microsoft is rolling out today are a few other non-security-specific updates for Windows RT and Windows 8.

As previously announced, the February cumulative update includes fixes designed to improve Surface Wi-Fi reliability and connectivity, a Microsoft spokesperson confirmed.

Microsoft also has provided a fix for the app-store-downloading bug that a number of Surface RT and Windows RT users reported a few weeks back. The problem resulted in Windows RT systems entering "Connected Standby" while the devices were downloading new Windows Updates via Automatic Update. … Read more

Android a growing target for mobile malware -- report

The Android platform is becoming a key mobile target for cybercriminals, who are getting much more efficient with their malware, according to a report from Web-security company Blue Coat Systems.

In a mobile malware report, Blue Coat notes that Android is a popular target. Here's a look at the volume of Android malware:

Blue Coat noted:

The Android-based malware blocked by WebPulse included an Android root exploit and a variety of rogue Android software. Forty percent of Android malware was delivered via malnets, demonstrating how cybercriminals can successfully utilize embedded infrastructures to attack mobile users. In the most recent … Read more

Gmail of journalists in Myanmar said to be hacked

A handful of journalists who cover Myanmar received warnings from Google over the past week. The Web giant told them that their Gmail accounts might have been hacked by "state actors" or "state-sponsored attackers" and that they should change their passwords and tighten their security settings, according to the Wall Street Journal.

Google said that it has systems in place to detect possible state-sponsored malware or hacking but would not give the Wall Street Journal further information on how these systems work.

The Myanmar government has now responded to these allegations and denies any involvement in … Read more

Cyberattacks reanimate CISPA, spark move by Obama -- reports

Recent reports of cyberespionage and hacking against important U.S. targets have triggered cybersecurity rumblings in Washington, with the leaders of the House Intelligence Committee reportedly planning to bring back the controversial CISPA -- Cyber Intelligence Sharing and Protection Act -- and President Obama reportedly readying his own executive order on the issue.

House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Rep. Dutch Ruppersberger (D-Md.) say they plan to re-introduce CISPA -- unaltered -- next week during a speech at the Center for Strategic and International Studies in Washington, according to Beltway tech blog The Hill.

"American … Read more

Adobe issues emergency update for Flash

Adobe issued an emergency update to its Flash Player to fix two zero-day threats, the company announced yesterday. The updates affect all versions of Flash on Windows, Mac, Linux, and Android.

The vulnerabilities currently are being exploited "in the wild," says Adobe's blog on the patches. According to the Kaspersky ThreatPost blog on the pair of zero-days, one attack targets "aerospace and other manufacturing companies" by tricking people into opening a Microsoft Word document with malicious Flash content embedded in it. The second zero-day targets Firefox and Safari on Mac OS X by tricking you … Read more

Microsoft's next Patch Tuesday to fix 57 security bugs

Microsoft is deploying a larger bunch of bug fixes this month than usual.

Next week's Patch Tuesday will address 57 different security vulnerabilities through 12 separate updates.

The bugs stretch across a range of programs, including Windows, Internet Explorer, Windows Server, Microsoft Exchange, and Microsoft's .Net Framework.

Five of the 12 patches are rated critical, so they're designed to patch holes that could allow someone to execute malicious code on an unprotected PC. Two of the critical patches are aimed at all versions of Internet Explorer from 6 through 10. That means all current versions of Windows … Read more

Flash update fixes active exploits for both OS X and Windows

Java is not the only runtime that malware developers use to target victims of their attacks, and yesterday Adobe released an update to Flash that fixes two zero-day exploits in its popular Web plug-in software.

The two vulnerabilities in question affect both OS X and Windows systems, and allow malicious Flash content on Web sites to deliver malware to Macintosh systems via Firefox and Safari. The second vulnerability targets Windows users by tricking them into opening an e-mail attachment that contains the Flash-based exploit.

These problems are considered critical, so if you have Flash enabled on your system (which most … Read more