Get Started for FREE
Sign up with Facebook Sign up with X
I don't have a Facebook or a X account
 Your new post is loading...
Your new post is loading...
Scoop.it!
Might put out patch in update, might chuck it out sooner. The bug (CVE-2014-6352) can be triggered by sending a specially crafted Microsoft Office files to intended targets before tricking them into opening the booby-trapped files. "Currently, attacks using PowerPoint files are known to exist, but all Office file types can be used to carry out this attack," Jonathan Leopando, a technical communications staffer at Trend Micro, warns in a blog post. 
No comment yet.
Sign up to comment
Scoop.it!
Versions du document
14 février 2013: Publication intitiale
Description / Résumé
Une faille extrêmement critique a été détectée dans Adobe Reader et Acrobat. Découverte par les spécialistes au travers d’un document piégé sur Internet, elle est actuellement exploitée activement par des fraudeurs et représente pour cette raison un risque pour l’utilisateur.
Gust MEES's insight:
===> BEWARE of the MALWARE!!! <===
Scoop.it!
10 janvier 2013: Publication intitiale
Description / Résumé
Une vulnérabilité extrêmement critique a été découverte dans le plugin Java pour votre navigateur. L'exploitation réussie de cette vulnérabilité autorise l'attaquant à prendre le contrôle de la machine victime.
La vulnérabilité a été introduite dans des kits d'exploitation communs, la rendant ainsi très répandue et de ce fait dangereuse. Le simple fait d'aller sur une page infectée peut mettre votre ordinateur en danger. Il est donc important d'éviter de cliquer sur des liens dans les e-mails.
Faites aussi attention aux publicités des sites légitimes qui pourraient être piégées.
Gust MEES's insight:
===> Be AWARE of the MALWARE! <===
Scoop.it!
The vulnerability is selling for up to $50K on the black market, security researchers say, and has been included in a package of banking Trojans called the Blackhole Exploit Kit, which is the most ...
Read more:
|
Scoop.it!
Ohne vorherige Meldung an Microsoft hat ein Sicherheitsforscher Details einer Schwachstelle im Kernel aller gängigen Windows-Versionen mitsamt Exploit-Code veröffentlicht.
Gust MEES's insight:
Tavis Ormandy ist bereits dafür bekannt, "volle Offenlegung" zu favorisieren und dies auch zu praktizieren – zumindest, wenn es nicht um Google-Software geht.
Scoop.it!
Fresh vulnerabilities, which are being exploited in the wild, have been detected for Adobes PDF Reader and Flash Player.
Gust MEES's insight:
According to researchers from FireEye, there is a PDF zero-day which is being exploited in the wild, with the company's researchers having observed successful exploitation on the Adobe PDF Reader versions 9.5.3, 10.1.5, and 11.0.1.
Scoop.it!
The hackers who maintain Blackhole and Nuclear Pack – competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they’ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java.
Gust MEES's insight:
===> Be AWARE of the MALWARE! <===
Scoop.it!
A Georgian security researcher is due to present details of an unpatched vulnerability in Google's Chrome browser at the Malcon security conference in India over the weekend.
Years ago the circumstances of Ucha Gobejishvili's presentation would hardly have raised an eyebrow but that was before Google began offering up to $60,000 in bug bounties for the low-down on most serious, remotely exploitable bugs in its Chrome web browser software.
Gobejishvili has apparently forgone potential financial rewards by leaving Google in the dark before unwrapping a remotely exploitable hole in the Chrome web browser, which reportedly involves a critical vulnerability in a Chrome DLL. More details are due to emerge at a presentation by Gobejishvili at the International Malware Conference (MalCon) in New Delhi on Saturday (24 November).
Read more: http://www.theregister.co.uk/2012/11/23/mystery_chrome_0_day/
|
The bug (CVE-2014-6352) can be triggered by sending a specially crafted Microsoft Office files to intended targets before tricking them into opening the booby-trapped files. "Currently, attacks using PowerPoint files are known to exist, but all Office file types can be used to carry out this attack," Jonathan Leopando, a technical communications staffer at Trend Micro, warns in a blog post.