Two Google security researchers have accused Adobe of failing to fix various reported vulnerabilities in Adobe Reader in a timely manner and are using the delay as justification to publicize details behind the security holes. The duo also has recommended that users avoid Reader until Adobe rolls out patches.
A little more than two years ago, engineers on the Chrome team began a very ambitious project. In coordination with Adobe, we started porting Flash from the aging NPAPI architecture to our sandboxed PPAPI platform. With last week’s Chrome Stable release, we were finally able to ship PPAPI Flash to all Windows Chrome users, so they can now experience dramatically improved security and stability as well as improved performance down the line.
Having an issue since upgrading to Mountain Lion with libunwind-headers. All you have to do is run the following to accept the license agreement and it works.
sudo xcodebuild -license
Microsoft has been doing some research into all the recent cross-platform malware 1, 2, 3 that attacks Windows, Macs, and sometimes even Linux. The company has concluded that current attacks exploit third-party vulnerabilities in software on these platforms. There are two ways the malicious code is being delivered, according to the software giant: via the Web and via e-mail attachments.
Microsoft has decided is enough is enough: Java-based malware sees no end and its time to do something about it. The software giant points to two type-confusion vulnerabilities CVE-2012-0507 and CVE-2012-1723 that have been very actively exploited in recent months. Redmond thus wants you to do one of three things: update Java, disable it, or uninstall it.
Digitally signed malware has received a lot of media attention recently. Indeed more than 200,000 new and unique malware binaries discovered in 2012 have valid digital signatures.
Security researchers have found a live Web exploit that detects if the target is running Windows, Mac OS X, or Linux and drops a different trojan for each platform.
The attack was spotted by researchers from antivirus provider F-Secure on a Columbian transport website, presumably after third-party attackers compromised it. The unidentified site then displayed a signed Java applet that checked if the users computer is running Windows, Mac OS X, or Linux. Based on the outcome, the attack then downloads the appropriate files for each platform.
“All three files for the three different platforms behave the same way,” the researchers wrote in a blog post. “They all connect to 188.8.131.52 to get additional code to execute. The ports are 8080, 8081, and 8082 for OS X, Linux, and Windows respectively.”
It has been a while since we published information about Sykipot. The last time we blogged about it, we discovered a variant that was able to bypass two-factor authentication to access protected resources on the victim’s network.
We have detected a new wave of Sykipot campaigns that has been running during the past weeks. There are several changes between the new Sykipot campaigns and the older ones.
The first difference is that in previous campaigns the Sykipot authors mainly used file-format exploits to gain access to the systems through spearphishing mails.
Cyberthreats targeting the Mac OS X platform continue to appear in various types of attacks and techniques. On June 27, 2012, Kaspersky Lab’s experts intercepted a new wave of Mac OS X attacks targeting Uyghur activists that were part of an Advanced Persistent Threat (APT) campaign.
The APT attackers were sending customized emails to a select number of Uyghur activists who were presumed Mac users. The targeted emails included ZIP attachments inside them, which contain a malicious Mac OS X backdoor. To disguise the malware, the ZIP file showed a JPEG photo together with the malicious application.
The FBI today said it directed what it called the largest coordinated international law enforcement action in its history directed at online “carding” crimes typically involving stolen credit card, bank account or personal identification information of hundreds of thousands of victims around the world.
The FBI said the allegations unsealed in New York today “chronicle a breathtaking spectrum of cyber schemes and scams.” As charged, the FBI said the individuals sold credit cards by the thousands and took the private information of untold numbers of people. The defendants casually offered every stripe of malware and virus to fellow fraudsters, even including software-enabling cyber voyeurs to hijack an unsuspecting consumers personal computer camera, the FBI stated.