You are viewing 'Adobe'
Solutionary blogs mentioning Adobe and Adobe products.
Shrinking variety of attacks, inside Business Email Compromises, update on ransomware, perspective on China’s new Five Year Plan, and highlights from PCI DSS 3.2.
Solutionary observed a flattening of attack types during Q2 ’16. In recent quarters, web applications made up as much as 42 percent of observed attacks. In Q2 ’16, web application attacks made up 24 percent of such attacks. The top three attack types – web-application... read more >
On December 28, Adobe published a new version of Flash Player to secure 19 flaws in its code, updating a version of Flash which Adobe released earlier this month. Today’s release patches these 19 flaws, including multiple zero day vulnerabilities. Of these, CVE-2015-8561 is being actively exploited in the wild.
Adobe states this vulnerability “is being used in limited, targeted attacks” and described it as “an integer overflow vulnerability that could lead to code execution.” The only observed exploitation to date has been via a phishing campaign.
Flash continues to pose a significant threat
Again with the Flash.
It seems like only yesterday I wrote a blog about a critical patch for Adobe Flash Player. And suddenly this week we have more. Yeah, not only is it yet another Flash vulnerability, it is multiple CVEs, with CVSS scores of 10 – with a high impact (execute arbitrary code or DoS), and simple to exploit. Actually, given the way Flash has been doing so far this year, it seems like that is more like “about every 35.5 hours” we would see a new Flash vulnerability.
Think about that.
“Every 35.5 hours.”
Actively patching can help remove active, known vulnerabilities
There is no “silver bullet” to security. No single, one security control which will answer all of our security woes.
But, time and time again, we hear of vulnerabilities which are affecting organizations, right now. A good example is the Adobe Flash Player vulnerability (CVE-2015-3113). If you check the details for the vulnerability, you can see that it has a CVSS score of 10. You can also see that it has been actively exploited in the wild; meaning attackers have been using it, and are using it right now.
This is a client system vulnerability. Adobe Flash Player runs on the user workstation. We all know that it can be difficult to keep all systems current, especially in a heterogeneous, geographically distributed environment.
But, Adobe has released a patch for this vulnerability, and applying that patch can remove a current, known threat from your environment. For more... read more >
Teaching an Old Vulnerability New Tricks
Punch rewind on the VCR. Yes, it needs to be a VCR because we are going to 1997. /Listens to the whirring of magnetic tape for what feels like ages/ There with me? Good. Let's watch as researcher Aaron Spangler discovers a vulnerability in Microsoft Internet Explorer that allows an attacker to steal user credentials using the Windows Server Message Block (SMB) protocol. The show goes on with Aaron reporting it to Microsoft and the decision not to patch it being made.
Fast forward to present day /skips a few chapters on a digital file./ Whew.
I love advancements in technology! While testing a bug in a messaging application, a researcher with Cylance SPEAR, discovered an extension to Aaron's vulnerability. The trouble is, it affects all versions of Windows on tablets, desktops and servers, including the yet to be released Windows 10. If exploited properly, an attacker can use this vulnerability to extract user credentials from many software packages, including the... read more >
No, Seriously, You Should Read This
The day we knew was coming is finally here. Researchers have discovered the first zero-day present in Windows XP that will not be patched. If you haven’t switched yet, the time is now!
Migration however, is a topic for another day, but should not be put off indefinitely. Today’s discussion is on a new zero-day vulnerability discovered in Microsoft® Internet Explorer®, which is being actively exploited in targeted attacks. CVE-2014-1776 impacts all versions from IE6 to IE11.
Specifically, this is a “useafterfree” vulnerability in VGX.dll that allows for remote execution of arbitrary code after bypassing ASLR and DEP protections. “Use after free” vulnerabilities occur when a pointer to a memory location is freed, and the pointer is reused. The program recognizes the pointer as valid, but anything can be placed in the unallocated... read more >
The Kaspersky Security Analyst Summit (SAS) was the driving force behind many of the week’s headlines. The most significant story out of Punta Cana, by far, was revealing of The Mask Advanced Persistent Threat (APT). One of the first to write on the story was Dennis Fisher with Threat Post. In his story, New ‘Mask’ APT Campaign Called Most Sophisticated Yet, Fisher points out some of the highlights from the report, including the information targeted by, the suspected origin of, and the duration of time the attackers carried out their attacks.
Additionally, Solutionary blogger Chad Kahl discussed in his own blog the Careto malware – a worthwhile read for an expert opinion on what qualifies this attack as an APT.
There were more... read more >
High-profile breaches make headlines, and so do awful passwords. There were two stories in the news that made headlines this week regarding passwords, and both leave readers shaking their heads. It was funny when Mel Brooks mocked poorly constructed combinations in Spaceballs. It’s not so funny 26 years later, because apparently our creativity has plateaued when it comes to creating passwords and combinations. In addition to Krebs, reports flew around the Web stating very clearly that roughly 1.2 million people need to go back and watch or re-watch the 1987 masterpiece and rethink their strategy when coming up with passwords – to be clear, “123456” is not a strong password and neither is “... read more >
Like clockwork, Microsoft issued its latest set of patches for its product suite. Arguably the most significant take away from this week’s Patch Tuesday was the fix of one of the known Internet Explorer zero-day vulnerabilities that made headlines earlier in the week. I noted that Patch Tuesday “almost” hit the mark because it did not address a zero-day attack which focuses on TIFF rendering. However, there is a workaround that can be used in the meantime, while we wait for Microsoft’s official patch. CSO’s Steve Ragan recounts the 19 fixed vulnerabilities in his Tuesday... read more >
There were an incredible amount of twists and turns in the cybersecurity world this week. As you’ve probably read in the headlines, Adobe Systems disclosed a significant breach of its corporate networks. Originally, it was estimated that roughly 2.9 million customers were affected. This week, though, Adobe ratcheted the number of affected customer accounts up to an eyebrow-raising 38 million. In his follow-up piece, Reuters’ Jim Finkle highlights the extent of the breach and calls readers’ attention not only to the number of customers whose credit card information and passwords were taken, but three additional products whose source code was pilfered.
It was anticipated from the very beginning, when Adobe announced the customer information and the source code from various products had been taken, that this heist could have major implications.... read more >
All good things must end, including this Solutionary blog series
Any of you who follow the Solutionary blog are aware that October was National Cyber Security Awareness Month (NCSAM). Each business day throughout the month, the Solutionary Minds blog team published a new blog. In total, the team produced 26 blogs during the month of October.
We hope you found this content helpful and insightful.
One thing is certain; the information security space is dynamic and interesting. There are myriad topics on which to write. The topics for the blog series included malware, incident response, home automation security, sextortion, data breaches, mobile malware and more. Members of the Solutionary Security Engineering Research Team (SERT), Solutionary Consulting Services (SCS), Regional Technical Managers and members of our Managed Security Services operations team to the NCSAM blog series.
Here’s a list of all the NCASM... read more >
A story written by Brian Krebs (and many others) came out this week that links the Adobe hack to the breach of a popular press release distribution service, PR Newswire. This type of compromise has fascinated me for quite some time, whether it is an emergency broadcast system, an influential Twitter account or a vendor’s press release service, the targets of hackers always have a motive. I pose this question to you: how will hackers utilize the credentials of vendors for a wire service like PR Newswire? Well, how have these individuals leveraged the resonating power of an influential public voice or service? We’ve seen zombies attack, the White House blown up (it did not,... read more >
A high-profile arrest in the cyber world comes around once in a blue moon. Okay, maybe a little more frequently than that, but this was a pretty big week for authorities. The announcement that caught headlines throughout the week was the arrest of the (alleged) author of the Blackhole exploit kit. Both Megan Geuss, with ArsTechnica, and Kelly Jackson Higgins, with Dark Reading, covered the report out of Russia. It has been reported that a former Russian police detective who had been in contact with Russia’s federal government had tipped them off to the whereabouts of the “high-level suspected cyber-criminal” by the name of Paunch. Since the arrest, the notable lapse in Blackhole activity seems to back up the... read more >
Five steps to validate an email is from a vendor and not a phisher.
On October 4, I opened my morning slew of emails and discovered one from my favorite software vendor, Adobe. I use their products every day for both personal and business purposes, so of course I was concerned when I saw that the subject line read “Important Customer Security Alert.” That’s almost never good.
The email proceeded to tell me that Adobe, one of the largest software companies in the world, had been breached. My password may have been compromised. I should reset it immediately. Click here to reset it.
This was the decision point: Do I immediately click, or do I think first?
We all know about phishing attacks – those emails which try to intercept your password or install malware when you click a link. But this is Adobe. I need to do what they say, right? Wrong. Thinking first is always the best option.
If Adobe was indeed compromised, this is big news. It should be reported on numerous, reputable news... read more >
October 04, 2013 - Posted by Joseph (JB) Blankenship to
Software vendor Adobe Systems disclosed a significant breach of its corporate networks. This breach resulted in the compromise of customer data, affecting an estimated 2.9 million customers. Adobe also disclosed that intruders accessed source code for Acrobat®, ColdFusion®, ColdFusion Builder™ and other products.
The breached data is reported to include usernames and passwords, customer names, encrypted credit and debit card numbers, expiration dates and order information.
The two aspects of the breach present very different potential impacts. Stolen user data could be used to provide unauthorized access to accounts, especially if the username and password combinations are utilized with other services. While Adobe states the credit and debit card numbers were encrypted, the potential still exists... read more >
Reports hit the wire this morning about findings from forensics research firm Group-IB regarding security problems with the recently updated Adobe Reader® versions X and XI (10 and 11). It appears that a new 0-day security hole has been found in Adobe Reader. More specifically, the firm reported it had discovered malicious software targeting the products being sold in underground markets. In other words, the exploit is for sale.
The new vulnerability comes as surprising news to some, considering the extensive measures Adobe has recently taken to implement advanced sandbox security mechanisms in order to prevent attacks from plaguing the popular document readers. Group-IB also reports the exploits are used in recent updates to the popular BlackHole Exploit Kit.
Typically, specially crafted PDF content could act as a carrier for malicious... read more >