blog trackingRealtime Web Statistics Adobe Archives - Page 4 of 4 - Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘Adobe’

Symantec confirms Adobe Reader exploits targeted defence companies

Security researchers at Symantec today confirmed that exploits of an unpatched Adobe Reader vulnerability targeted defense contractors, among other businesses.

“We’ve seen [this targeting] people at telecommunications, manufacturing, computer hardware and chemical companies, as well as those in the defense sector,” said Joshua Talbot, senior security manager in Symantec’s security response group, in an interview Wednesday.

Symantec mined its global network of honeypots and security detectors – and located email messages with attached malicious PDF documents – to come to that conclusion.

The inclusion of defense contractors was not unexpected.

Yesterday, when Adobe warned Reader and Acrobat users that hackers were exploiting a “zero-day” bug on Windows PCs, it credited Lockheed Martin’s security response team and the Defense Security Information Exchange (DSIE), a group of major defense contractors that share information about computer attacks, with reporting the vulnerability.

The DSIE is composed of companies that are also part of what the federal government calls the “Defense Industrial Base,” or DIB. Among the DIB’s members are some of the country’s largest defense contractors, including Boeing, General Dynamics, Lockheed Martin, Northrup Grumman, Pratt Whitney and Raytheon.

Symantec found attack emails dated 1 November and 5 November, 2011.

It also published an image of a redacted email of the attack’s bait – the promise of a 2012 guide to policies on new contract awards – that it said was a sample of the pitches that tried to dupe recipients into opening the attached PDF document.

The message’s subject heading read, “FY12 XXXXX Contract Guide,” and the body simply stated, “FY12 XXXXX contract guide is now available for all contractors of XXXXX. The new guide contains update information of XXXXX policy on contract award process.

Opening the attached attack PDF also executed the malicious code – likely malformed 3-D graphics data – hidden in the PDF, compromising the targeted PC and letting the attacker infect the machine with malware.

That malware, Talbot said, was identical to what was used in early 2010 by hackers exploiting a then-unpatched bug in Microsoft’s Internet Explorer 6 (IE6) and IE7.

Symantec labeled the malware “Sykipot” last year.

“It’s not overly sophisticated,” said Talbot. “It’s a general-purpose backdoor. One of the interesting things about it is that it does use a form of encryption of the stolen information, which helps the attack hide what information is stolen.”

Sykipot encrypts the pilfered data after it has been retrieved from the victimised firm but while it is still stored on the company’s network, as well as when it’s transmitted to a hacker-controlled server.

Those command-and-control (CC) servers are still operating, Talbot said.

Because of the similarities – using Sykipot, which isn’t widely in play, and exploiting zero-day vulnerabilities – Symantec suspects that the same group of hackers who launched the attacks against IE6 and IE7 last year were also responsible for the Reader-based attacks seen last month.

Microsoft patched the IE6 and IE7 vulnerability on 30 March, 2010, in an emergency, or “out-of-band,” update.

Although Symantec found evidence of only the early-November attacks, Talbot said he wouldn’t be surprised if the criminals fired off another information-stealing campaign between now and next week, when Adobe promised to patch the bug in Reader and Acrobat 9.x on Windows, the versions that have been exploited in the wild.

Talbot declined to specify the geographic location of the Sykipot CC servers, or speculate on the origin of the Reader exploits.

Adobe will patch the Windows versions of Reader and Acrobat 9.x by the end of next week, and has promised to deliver fixes to Reader and Acrobat 9.x to Mac and Unix users, and to Reader and Acrobat 10.x for all platforms, next month.

Symantec has shipped detection signatures for the rogue PDFs to its customers, said Talbot.

Article source: http://rss.feedsportal.com/c/270/f/3551/s/1ac43c33/l/0Lnews0Btechworld0N0Csecurity0C33237640Csymantec0Econfirms0Eadobe0Ereader0Eexploits0Etargeted0Edefence0Ecompanies0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Beware Adobe Software Upgrade Notification – malware attached!

Cybercriminals have widely spammed out a malware attack posing as upgrades for Adobe Acrobat Reader and Adobe X Suite Advanced.Beware Adobe Software Upgrade Notification – malware attached!, Blog, Software, malware, Adobe, Beware, upgrade, Notification, attached

View full post on Naked Security – Sophos

View full post on National Cyber Security

Adobe SSL Certificate Problem (fixed), (Wed, Oct 5th)

Tuesday morning, we received a number of reports from readers indicating that the SSL certificate used for “settings.adobe.com” was out of date. Initially, we had a hard time reproducing the finding. But some of our handlers in Europe were able to see the expired certificate.

The expired certificate was valid from Oct 6th  2009 to Oct 6h 2010. Which is somewhat unusual. Typically, we would expect a certificate that “just expired yesterday” and someone forgot to renew it. In this case, it looked more like someone installed an older certificate instead of the new one.

The correct certificate was pretty much exactly a year old and valid for another year. Everything indicated that the Adobe certificates indeed expire in the first week of October.

In the end, we narrowed the affected geography down to Europe and contacted Adobe. Adobe responded promptly and as of this evening, the problem appears to be fixed. Thanks everybody who helped via twitter narrowing down the affected geography and thanks to the readers reporting this initially.

——
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Article source: http://isc.sans.edu/diary.html?storyid=11737&rss

View full post on National Cyber Security

Gergory Evans

11.40.6 Adobe Flash Player Multiple Vulnerabilities

CVEs: CVE: CVE-2011-2426,CVE-2011-2427,CVE-2011-2428,CVE-2011-2429,CVE-2011-2430,CVE-2011-2444

Platform: Cross Platform

View full post on @RISK: The Consensus Security Alert

View full post on National Cyber Security

(1) HIGH: Adobe Flash Player Multiple Vulnerabilities

Category: Widely Deployed Software

Affected:

  • Adobe Flash Player for Windows, Macintosh, Linux, and Solaris versions prior to 10.3.183.7
  • Adobe Flash Player for Android prior to 10.3.186.6

View full post on @RISK: The Consensus Security Alert

View full post on National Cyber Security

Gergory Evans

(1) HIGH: Adobe Flash Player Multiple Vulnerabilities

Category: Widely Deployed Software

Affected:

  • Adobe Flash Player for Windows, Macintosh, Linux, and Solaris versions prior to 10.3.183.7
  • Adobe Flash Player for Android prior to 10.3.186.6

View full post on @RISK: The Consensus Security Alert

View full post on National Cyber Security

Adobe Tricks Users into Downloading, Installing Google Chrome

IconIt might be common, but that doesn’t mean I’m not allowed to wail against it – especially since I was not familiar with this particular case. As it turns out, several of Adobe products’ download pages have opt-out checkboxes to also install Google Chrome. This was spyware-like behaviour when Apple did it with Safari and the iPhone Configuration Utility, and it is still spyware-like behaviour when Adobe and Google do it with Chrome.

Since I haven’t downloaded Adobe Flash separately for a while now (Chrome has it included anyway), I hadn’t yet noticed this, but as it turns out, when you go to Flash’ download page, a checkbox is marked which automatically downloads and installs Google Chrome alongside Flash (unless you already have Chrome installed). The checkbox is marked by default, so it’s opt-out instead of opt-in. Further DuckDuckGoing reveals that Adobe Reader X, too, has Chrome bundled with it.

I have no issues with these kinds of bundles – or with Apple using its updater to offer Safari to Windows users – but only if it’s opt-in. In other words, the user should have to specifically select a checkbox – if he doesn’t, no additional spyware should be installed.

You can expect this kind of behaviour from sleazy toolbars and porn sites – but not from Google and Adobe. The only reason I’m highlighting this here as much as I’m doing is because this sleazeball and slimey behaviour needs to stop. Chrome is perfectly capable of getting around on its own (unlike Safari for Windows, which sucks beyond belief), and this only reflects badly upon an otherwise excellent browser.

Google and Adobe, please stop this.

Article source: http://osnews.com/story/25184/Adobe_Tricks_Users_into_Downloading_Installing_Google_Chrome

View full post on National Cyber Security » Spyware/ Cyber Snooping

Adobe Prenotification Security Advisory for Adobe Reader and Acrobat

current activity RSS feed current activity ATOM feed

The US-CERT Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: September 9, 2011 09:11:32 EDT



Adobe Prenotification Security Advisory for Adobe Reader and Acrobat

added September 9, 2011 at 08:18 am

Adobe has issued a prenotification advisory indicating that it plans to release updates for Adobe Reader and Acrobat to address multiple vulnerabilities. The advisory indicates that updates for Windows and Macintosh will be available on September 13, 2011.

US-CERT encourages users and administrators to review the Adobe Advisory.

US-CERT will provide additional information as it becomes available.

Microsoft Releases Advance Notification for September Security Bulletin

added September 8, 2011 at 02:04 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that its September release will contain five bulletins. These bulletins will have the severity rating of important and will be for Microsoft Windows and Microsoft Office. Release of these bulletins is scheduled for Tuesday, September 13, 2011.

US-CERT will provide additional information as it becomes available.

Fraudulent DigiNotar SSL Certificate

added August 30, 2011 at 08:40 am | updated August 30, 2011 at 11:27 am

US-CERT is aware of public reports of the existence of at least one fraudulent SSL certificate issued by DigiNotar. This fraudulent SSL certificate could be used by an attacker to masquerade as any subdomain of google.com.

Mozilla will be releasing new versions of Firefox for desktop (3.6.21, 6.0.1, 7, 8, and 9) and mobile (6.0.1, 7, 8, and 9). Additional information can be found in the Mozilla Security Blog.

Microsoft has removed the DigiNotar root certificate from the Microsoft Certificate Trust List. This change affects all versions of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2. Microsoft will be releasing a future update for Windows XP and Windows Server 2003 to address this issue. Additional information can be found in Microsoft Security Advisory 2607712.

Google Chrome users are protected from this attack due to Chrome’s built-in certificate pinning feature. Google also plans to disable the DigiNotar certificate authority. Additional information can be found in the Google Security Blog.

US-CERT encourages users and administrators to apply any necessary updates to help mitigate the risks. US-CERT will provide additional information as it becomes available.

Potential Hurricane Irene Phishing Scams

added August 29, 2011 at 12:05 pm

In the past, US-CERT has received reports of phishing scams and malware campaigns related to topics that are of high-interest to the U.S. Government or news media, such as Hurricane Irene. Users’ systems have been compromised by receiving and accessing phishing emails with subject lines that seem relevant to a high-interest subject and appear to originate from a valid sender. US-CERT reminds users to remain vigilant for potential malicious cyber activity seeking to capitalize on interest in Hurricane Irene. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Irene, even if it appears to originate from a trusted source.

US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:


Cisco Releases Security Advisories

added August 25, 2011 at 12:54 pm

Cisco has released three security advisories to address vulnerabilities affecting the Cisco Unified Communications Manager, the Cisco Unified Presence Server, and the Cisco Intercompany Media Engine. These vulnerabilities may allow an attacker to disclose sensitive information or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the following Cisco security advisories and apply any necessary updates to help mitigate the risks.


Google Releases Chrome 13.0.782.215

added August 23, 2011 at 08:07 am

Google has released Chrome 13.0.782.215 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 13.0.782.215 to help mitigate the risks.

Mozilla Releases Firefox 6 and 3.6.20

added August 17, 2011 at 07:57 am

The Mozilla Foundation has released Firefox 6 and Firefox 3.6.20 to address multiple vulnerabilities.  These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, or obtain sensitive information.

US-CERT encourages users and administrators to review the Mozilla Foundation Security Advisories for Firefox 6 and Firefox 3.6.20 and apply any necessary updates to help mitigate the risks.

RIM Releases Security Advisory for BlackBerry Enterprise Server

added August 10, 2011 at 01:22 pm

RIM has released a security advisory to address a vulnerability in the BlackBerry MDS Connection Service and BlackBerry Messaging Agent for the BlackBerry Enterprise Server.  The vulnerability may allow an attacker to execute arbitrary code or gain unauthorized access to the BlackBerry Enterprise Server.

US-CERT encourages users and administrators to review the BlackBerry security advisory KB27244 and apply any necessary updates to help mitigate the risks.

Adobe Releases Security Bulletins for Multiple Products

added August 10, 2011 at 09:59 am

Adobe has released security bulletins to alert users of critical and important vulnerabilities in multiple products. The following products are affected:

  • Adobe Shockwave Player 11.6.0.626 and earlier versions on the Windows and Macintosh operating systems
  • Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris
  • Adobe Flash Player 10.3.185.25 and earlier versions for Android
  • Adobe Flash Media Server 4.0.2 and earlier versions
  • Adobe Flash Media Server 3.5.6 and earlier versions for Windows and Linux
  • Adobe Photoshop CS5 and CS5.1 and earlier for Windows and Macintosh
  • RoboHelp 9.0.1.233 and earlier, RoboHelp 8, RoboHelp Server 9, and RoboHelp Server 8

Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, take control of an affected system, or perform a cross-site scripting attack.

US-CERT encourages users and administrators to review the Adobe security bulletins and apply any necessary updates to help mitigate the risks.

Microsoft Releases August Security Bulletin

added August 4, 2011 at 01:25 pm | updated August 9, 2011 at 02:38 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Office, Microsoft .NET Framework, and Microsoft Developer Tools as part of the Microsoft Security Bulletin Summary for August 2011. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, cause a denial-of-service condition, or disclose sensitive information.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

Article source: http://www.us-cert.gov/current/index.html#adobe_prenotification_security_advisory_for2

View full post on National Cyber Security

Adobe admits Google engineer responsible for Flash Player bug patches

Adobe last week acknowledged that as many as 80 bugs in Flash Player were reported by a Google security engineer, as it continued to defend its decision not to spell out details of the vulnerabilities.

Google also cited the same number, apparently putting to rest the spat between the engineer, Tavis Ormandy, and Adobe. In a pair of blog posts, Adobe and Google spelled out how the number “400″ that Ormandy had cited ended up being cut by 80%.

“The initial run of the ongoing effort resulted in about 400 unique crash signatures, which were logged as 106 individual security bugs following the initial triage,” said Brad Arkin, Adobe’s senior director of product security and privacy. “As these bugs were resolved, many were identified as duplicates that weren’t caught during the initial triage. In the final analysis, the Flash Player update we shipped earlier this week contains about 80 code changes to fix these bugs.”

Google’s blog post, which was attributed to Chris Evans, Matt Moore and Ormandy, all members of the company’s security team, used almost-identical language to describe the bug count culling. In the post, Google also said it had devoted 2,000 CPU cores over a four week period to the massive “fuzzing” project directed at Flash.

Last week, Ormandy had questioned not only the bug total, but Adobe’s decision not to list each of the vulnerabilities in the security bulletin that accompanied the update.

“To us, the joint projects we do with partners, including Google, are extensions of our internal security review and code hardening,” said Arkin.

Because it does not consider those flaws publicly known, Adobe does not assign them a CVE (Common Vulnerabilities and Exposures) designation, Arkin said. When it issued the Flash Player update and security bulletin, it listed just 13 CVEs. On Friday it added one more to account for those reported by Ormandy and Google.

“This update resolves multiple memory corruption vulnerabilities that could lead to code execution,” Adobe stated in the new entry for CVE-2011-2424.

Normally, Adobe doesn’t reveal a number associated with vulnerabilities it or its partners have found, and that have been patched. But Arkin acknowledged that it needed to do exactly that this time. “With every release [of Flash Player] we do a lot of code hardening, but because there’s been public discussion, this internal topic has become external,” Arkin said.

Andrew Storms, director of security operations at nCircle Security, put that into plainer words. “They were forced to,” said Storms.

CVEs are used by security researchers to correlate and coordinate publicly disclosed vulnerabilities, said Storms, and by others, including analysts, the media and security professionals within organisations, to gauge how often a product is patched and how the vendor deals with bugs. “If a product has a large number of CVEs, there’s more concern about those managing the development lifecycle of the product,” said Storms.

But since CVEs are assigned differently by different vendors, it’s tricky to use them to compare several products’ security prowess simply by looking at the numbers, Arkin argued.

Google and Mozilla, for instance, assign CVEs for vulnerabilities discovered by internal developers, as does Apple on occasion. Microsoft, like Adobe, does not.

In fact, Arkin credited the Chrome team’s different approach to CVE assignments for last week’s squabble. “We didn’t allocate any CVEs because we viewed this testing as part of the [Secure Product Lifecycle] that spans the joint engineering efforts with the Google Chrome team,” Arkin said in the blog. “This led to some confusion since the Google security team has a different approach to CVE allocation.”

Another reason why Adobe didn’t list each bug, or more specifically each code change that resulted from its analysis of Google’s fuzzing work, is that it simply didn’t have the time or resources.

“It’s incredibly expensive to do that,” said Arkin. “We’d rather drive those resources into making [Flash Player] better.”

Storms understood Adobe’s reluctance to list scores of CVEs. “There’s little value for them to do that because of the negative connotation around a high CVE count,” said Storms.

Article source: http://rss.feedsportal.com/c/270/f/3551/s/176911d2/l/0Lnews0Btechworld0N0Csecurity0C32972430Cadobe0Eadmits0Egoogle0Eengineer0Eresponsible0Efor0Eflash0Eplayer0Ebug0Epatches0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Page 4 of 4«1234

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?
$15.95

Find Out More, Click Here!