January 11th, 2013
The RISK Team hates to be the bearer of bad news, but we have collected three separate reports confirming a previously undiscovered vulnerability in Java being exploited by the multiple exploit kits. The vulnerability affects Java 7 update 10 and earlier. ?Oracle?s next Java update isn?t scheduled until February 19, but we don?t know if this will be patched. We?ll stay tuned to see if Oracle decides to issue an out-of-cycle patch. Microsoft issued seven bulletins and an updated security advisory with a Fix-It to resolve attacks against NTLMv1 network authentication. Adding to this week?s slew of vulnerability news, Adobe released patches for Flash Player and Reader in addition to a security advisory regarding an actively exploited vulnerability in ColdFusion expected to be patched on January 15. Elsewhere in the InfoSec space, Operation Ababil Phase 2 dragged into week 5 with continued DDoS attacks against U.S. financial institutions. ?Several Bangladeshi hacktivist groups defaced thousands of Indian websites to protest the killing of a 15-year-old girl by India?s border patrol. The Syrian Electronic Army made headlines after it claimed responsibility for attacks against several Saudi government sites as well as a blog belonging to MasterCard. NullCrew sprung back to life following several weeks of silence by compromising a Department of Homeland Security subdomain. And now for some good news: Cezar Butu and Vladimir Zdovorenin received complimentary vacations to the Steel Bar Hotel for stealing payment card data and other personal details. They?ll likely be joined by ZeuS botmaster bx1 who was arrested in Thailand this week.
The paragraph above is taken from the executive summary of the RISK?Team?s weekly INTSUM report.Verizon security product customers should?access the full INTSUM via your portal.
camp david hawaii weather the jerk lake havasu halo 4 jewel san francisco earthquake
No comments:
Post a Comment