Russian security firm Group-IB claims to have uncovered a critical Adobe Reader vulnerability that is currently being exploited in the wild by attackers in order to circumvent the ubiquitous PDF viewer’s sandbox, a security feature Adobe first introduced as part of Reader X nearly two years ago. Even though this zero-day vulnerability is said to have a few “limitations”, they don’t seem to be crippling enough to stop it from being sold on the black market for anywhere between $30,000 and $50,000.
Microsoft has suffered through more than a few security embarrassments over the years, but at least according to Kaspersky Labs, the Redmond based software giant is back in control. The security researchers have named the top 10 offending companies/products, and for once, Microsoft has been knocked off the list thanks to improvements in Windows 7 & 8. Automatic update mechanisms are citied as the top reason for the high profile exclusion, and have indeed done an amazing job of keeping hackers at bay.
Want to see the top 10 worst offenders? Hit the jump to see the list.
In a bid of mutual respect for one another, and for the greater good against growing cyber security issues, AMD and Intel have come together to help form theCyber Security Research Alliance (CSRA), a non-profit research consortium formed to "address complex problems in cyber security." Industry heavyweights Honeywell, Lockheed Martin, and RSA/EMC are also listed as founding members of the CSRI.
Look, we're not trying to spark a religious debate here, and if Jesus is your co-pilot, that's wonderful. But turning to 'Jesus' to secure your logins is about as ineffective as protecting your accounts with 'Ninja', which also appears on SplashData's "Worst Passwords of 2012." The self-explanatory list contains five new entries, two of which we just mentioned. What about the rest? Let's have a look.
Shopped at a Barnes & Noble brick-and-mortar store lately? If so, keep a close eye on your bank account. The book vendor issued a statement today warning that it's aware of tampering with PIN pad devices at 63 of its stores spanning from California to Rhode Island, and several states in between. B&N called it a "sophisticated criminal effort" in which a single PIN pad was compromised in each of the 63 locations.
Hardly a month goes by without Adobe plugging holes in its widely used Flash Player. On Monday, the San Jose-based software company ensured that October did not turn out to be one of those rare months by updating Flash Player across all the four platforms it is available on.
Throughout history, wars and plagues have wiped out entire cities and civilizations, leaving behind nothing but corpses and tears. Strangely enough, the same thing happened yesterday in World of Warcraft when hackers took advantage of an exploit that allowed them to march through various realms, destroying every character they came across, even non-player characters (NPCs).
Kristy Ross, suspected ringleader of a "scareware" scam that tricked over a million consumers into buying software to remove malware detected by fake antivirus scans, has been ordered to pay more than $163 million in damages, the Federal Trade Commission announced. The court also permanently barred Ms. Ross from selling security software of any kind, as well as any software that might interfere with a consumer's computer use or engage in any from of deceptive marketing.
Adobe is no stranger to seeing vulnerabilities in its software being targeted in the wild, but it’s not every day that the company comes across malware masquerading as Adobe software using a valid code signing certificate. Adobe recently received not one, but two such malicious utilities, the company revealed Thursday.
Bug collecting can be quite the lucrative hobby, provided they're of the software variety. Google routinely pays out three-, four-, and sometimes five-figure bounties to bug hunters who find and report vulnerabilities in the company's Chrome browser, but yesterday, it took the unusual step of paying a pair of software gurus $5,000 for reporting an issue in Windows.