CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
February 27th, 2009

Facebook Users Are Still Abused By Rogue Apps

Scoundrels have created another rogue Facebook application, the second to hit the social networking site in less than a week. In the second attack, Facebook users receive notices that they have supposedly being reported for violation of the social networking site’s terms of service by someone in their friends list. A link on the notification leads to an application called “f a c e b o o k – – closing down!!!” which, post installation, spams all the affected user’s friends with the same message.

Last weekend a similar application called Error Check System, which posed as notification of errors in a Facebook user’s profile, used almost identical tricks to spread itself across Facebook.

Searches for the phrase “Error Check System” via Google and the like returned numerous results linking to sites punting rogue antivirus (aka scareware) packages. Security watchers use this factor to support the theory that black-hat search engine optimisation may have been the real motive behind the attack.

The rationale behind the latest (eerily similar) scam is unclear, with some attempt to harvest personal information or building up a database for subsequent spamming among the possibilities. The attack kicked off on Thursday, but has already spawned a Facebook group for victims.

Security watchers urge Facebook to become more active in vetting applications. “These two events in just a single week mean that it’s about time that Facebook reviews its application hosting policy,” said Rik Ferguson, senior security advisor at Trend Micro. “Prevention of rogue applications with extremely dubious intent to propagate freely within the site is needed.”

Credit: The Register

Email, Bookmark or Share:
  • E-mail this story to a friend!
  • Digg
  • del.icio.us
  • StumbleUpon
  • Reddit
  • Technorati
  • Slashdot
  • Propeller
  • Google
  • Live
  • YahooMyWeb
  • TwitThis
  • Facebook
  • LinkedIn
More on CyberInsecure:
  • Four Cross-scripting Vulnerabilities Found on Facebook Pose Serious Privacy Risk
  • iPhone Feature Discovered By Hacker Allows Apple To Remotely Disable Unwanted Apps
  • New Storm Worm Spam Campaign Mentions FBI And Facebook
  • New Security Warning Feature Added On Facebook
  • Facebook Album Privacy Exploit

  • February 27th, 2009

    Camelot Denies SQL Injection Vulnerability On UK National Lottery Website National-Lottery.Co.Uk

    Camelot, the operator of UK National Lottery, claims the website it runs is secure, following the publication of a supposed breach on an underground hacking forum. A Romanian group has recently posted screen shots of supposed flaws on the national-lottery.co.uk site.

    According to a member of the hacker group, “an unsecured parameter allows access to the database” behind the website. Screenshots appear to illustrate partially redacted listings from a database table and partial login credentials for an admin account.

    Camelot, the firm that runs the UK’s National Lottery online version, said it was confident its systems are secure. “Camelot can confirm that the main player site at www.national-lottery.co.uk has not been compromised, as outlined on softpedia.com,” it said in a statement. “As a result, there is no risk to company or player information. We do our utmost to continually ensure that our interactive systems are as secure as possible, and regularly review the extensive measures in place to safeguard our players. We have implemented industry standard technical solutions to protect our systems and to ensure that player information is kept secure at all times.”

    Despite Camelot’s assurance, security watchers think there is a reason for concern. Gareth Catterall, a security analyst at Sophos said SQL injection attacks are nearly always significant. “This is obviously a vulnerability that would need to be cleaned up. In my personal opinion, with an information-revealing vulnerability such as this it can be only a matter of time before full penetration can occur,” he said.

    Credit: The Register

    Email, Bookmark or Share:
    • E-mail this story to a friend!
    • Digg
    • del.icio.us
    • StumbleUpon
    • Reddit
    • Technorati
    • Slashdot
    • Propeller
    • Google
    • Live
    • YahooMyWeb
    • TwitThis
    • Facebook
    • LinkedIn
    More on CyberInsecure:
  • Texas National Guard Website Remains Unavailable After Malware Infection
  • New Lateral SQL Injection Method To Hack Oracle Database
  • SQL Attacks Still Inject Websites Including Government Sites In US, UK
  • NSA Goes Offline Due To A DNS Glitch
  • Unpatched Vulnerability In Microsoft’s SQL Server

  • February 26th, 2009

    UK Justice Minister’s Email Account Used For 419 Scam

    UK Justice Secretary Jack Straw had his web based email account compromised last Thursday. Jack Straw, former Home Secretary used a Hotmail account as his sole public email address.

    In a variation of a theme currently being used on social networking sites, 419 scammers used the compromised account to send hundreds of email messages to Jack Straw’s constituents and others in his address book and inbox. The bogus message, purporting to be from Mr. Straw, claimed that he had lost his wallet while in Nigeria promoting a charity called “Empowering Youth to Fight Racism” and asked the recipient if the could help him our by sending $3,000 to fly home.

    “It was an issue for constituents, not the government. We are checking all that and I am assured there’s no evidence that confidentiality of constituents was affected” the MP told the Telegraph newspaper in the UK.

    Aside from the fact that constituent confidentiality was clearly breached, in that their email addresses were all available to, and used by, the hacker and clearly any emails in the Hotmail inbox or filed away in online folders would have been visible, it surprises me that he was using Hotmail in the first place. The service is routinely abused by e-criminals for this kind of email scam. Of course, as a past Home Secretary who set up the High Tech Crime Unit, you would have expected him to know better. But the real issue here is; why isn’t the UK Government adopting the same strict guidance given by the US Government – don’t use anything other than anything other than a government email address for parliamentary business?

    These accounts are neither under the control, security protocols or jurisdiction of any government IT program, will not be backed up or indexed by government and almost certainly will not be subject to any Freedom of Information request made against the government data. In addition, shouldn’t privileged communication between Member of Parliament and constituents be routinely encrypted, especially given that Identity Based Encryption services now offer the opportunity to send encrypted email to anyone with no need for any kind of pre-enrolment or key management?

    Credit: Rik Ferguson, Threat Marketing Communications, Trend Micro

    Email, Bookmark or Share:
    • E-mail this story to a friend!
    • Digg
    • del.icio.us
    • StumbleUpon
    • Reddit
    • Technorati
    • Slashdot
    • Propeller
    • Google
    • Live
    • YahooMyWeb
    • TwitThis
    • Facebook
    • LinkedIn
    More on CyberInsecure:
  • Paypal Is Being Used In Popular Nigerian 419 Scam
  • Hackers Hijack Sarah Palin’s Yahoo Account, E-mails Published Online
  • Another Google Adwords Phishing Attack In Progress
  • Turkish Prime Minister Website Hacked In Prostest Of Pay Increase Proposal
  • Fort Jennings State Bank Website Hacked, Hosting A Phishing Page For Italian “Poste Italiane” Bank

  • February 25th, 2009

    Gmail Downtime Exposes Attempts To Distribute Malicious Files And Phishing Attacks

    During the Gmail downtime experienced yesterday cybercriminals managed to squeeze in an attempt to distribute malicious files to unknowing users. During the downtime, searches for the string “gmail down” yielded a Google Group page also named Gmail down as the top result. The page was found displaying a banner with images related to pornography, which then pointed to a pornographic website. According to Trend Micro Researcher Loucif Kharouni, links in the said webpage also lead to malicious files.

    The link “Really young good looking teenager-547b4.html” redirects to two different URLs. First, the URL hxxp:// {BLOCKED}worldx.com/software/f352d5ac52/10410/1/Setup.exe prompts the download of a file detected as TROJ_PROXY.AEI. TROJ_PROXY.AEI drops two files—a BAT file and a DLL file. The BAT file is used to load the DLL file, which in turn modifies the registry entries related to proxy server settings. This causes the results to user queries to be redirected to remote sites mostly related to advertising.

    The second URL, hxxp:// {BLOCKED}cktube.com/new/n/Exclusive+Free+porno/3913744, leads to the download of a malicious file detected as TROJ_AGENT.FAKZ. The link “The Dark Knight torrent.zip” leads to the download of the BAT file main_movie_torrent.bat. The said file modifies the attributes of the following files: c:autoexec.bat, c:boot.ini, c:ntldr, c:windowswin.ini.

    It displays a popup message stating “Virus Activated,” then deletes the abovementioned files, which are all critical files related to loading Windows. After doing so, another pop-up message is displayed, this time stating “Computer Over. Virus=Very Yes.” The computer will then shut down after 10 seconds, and will no longer be able to boot into the operating system. This file is now being studied for detection. Please stand by for updates.

    The said Google Group was already deleted, and was reported up for about 25 minutes. This incident serves proof of how keen cybercriminals’ instincts can get in seeing opportunites to distribute their malicious files.

    Hours after the blackout, Gmail users were also hit with a widespread phishing attack. The malicious message spread via the Google Talk instant messaging chat system, urging users to a video by clicking on a link connected via the TinyURL service. The link points to a website called ViddyHo, which invited users to submit their Gmail usernames and passwords. The attack was more plausible because malign messages came via the instant chat system built into Gmail rather than by email directly.

    TinyURL has blacklisted the site, rendering the attack inert, but that action is too late for those duped by the ruse, who now need to act quickly. “If you think you might have been duped, make sure you change your Gmail password immediately otherwise your entire address book and all your correspondence, including information that you may have archived about other online accounts, will quickly become rich pickings for the hackers,” warned Graham Cluley, senior technology consultant at Sophos.

    Victims were urged to change their passwords before hackers have a chance to abuse their webmail account.

    Credit: JM Hipolito, Technical Communications, TrendMicro

    Credit: Graham Cluley, Sophos

    Email, Bookmark or Share:
    • E-mail this story to a friend!
    • Digg
    • del.icio.us
    • StumbleUpon
    • Reddit
    • Technorati
    • Slashdot
    • Propeller
    • Google
    • Live
    • YahooMyWeb
    • TwitThis
    • Facebook
    • LinkedIn
    More on CyberInsecure:
  • Google Adds User Enabled HTTPS Secure Connections Into GMail
  • Gmail Exploit May Allow Attackers Steal E-mails By Setting Forwarding Filters
  • Royal Bank of Canada Phishing
  • Gmail Being Blocked By Some Anti-Spam Vendors
  • Phishing Attacks Doubled In UK

  • February 24th, 2009

    Google’s DoubleClick Spreads Malicious Ads On Eweek Website

    Google’s DoubleClick ad network has once again been caught distributing malicious banner displays, this time on the home page of eWeek, the online version of the popular business computing magazine. Unsuspecting end users who browse the site were presented with malvertisements with invisible iframes that redirect them to attack websites, according to researchers at Websense. The redirects use one of two methods to infect users with malware, including rogue anti-virus software.

    In one case, a PDF with heavily obscured javascript shunted victims to a subdomain at inside.com. In other scenarios, a generic index.php file did the bidding.

    Once users were redirected, the site dropped a series of malicious files, including one named winratit.exe, into a user’s temporary files folder and then prompted them to be automatically called the next time the machine rebooted. The result was the installation of Anti-Virus-1. It invites users to divulge their payment details and also alters their host file to make it hard to disinfect the machine.

    The scourge of malvertisements has been a lingering threat over the past few years, and as the world’s biggest ad network, DoubleClick has repeatedly been caught playing an unwitting role. Booby-trapped banner ads are the perfect vector because they hit users while visiting trusted sites, so their guard is down.

    Catching the tainted banners has been challenging for DoubleClick and its competitors because the perpetrators often go to great lengths to conceal their activities. Miscreants often set up fictitious advertising agencies that appear to be legitimate. They also have the ability to turn the attacks on and off at the drop of a dime to evade sensors seeking out the malicious ads.

    Given DoubleClick’s tremendous reach, it’s possible the rogue ads have shown up on websites other than eWeek. A Google spokesman said that their scanners have found a few instances of these malware ads in the DoubleClick network. As such, they’ve added these domains to malware list and are in the process of removing any offending ads from the ad network.

    It is unclear how long the attacks had been active, how many websites they affected or how the attackers were able to bypass Doubleclick’s defenses. According to WebSense, eWeek has rectified the problem and eWeek website is now safe.

    Credit: The Register, WebSense

    Email, Bookmark or Share:
    • E-mail this story to a friend!
    • Digg
    • del.icio.us
    • StumbleUpon
    • Reddit
    • Technorati
    • Slashdot
    • Propeller
    • Google
    • Live
    • YahooMyWeb
    • TwitThis
    • Facebook
    • LinkedIn
    More on CyberInsecure:
  • MLB.com Major League Baseball Website Infected Visitors Through Ads
  • Malicious Adobe Flash Ads Hit High-Profile Websites
  • Yahoo Banner Ads Infecting Visitors With Malware
  • Daily Mail Serves Malicious Ads, Readers Redirected To Malware Installing Server
  • Property Stolen Due To Craigslist Scam

  • February 24th, 2009

    Remote-Execution Vulnerability In Adobe Flash 9.0.124.0

    A remote code execution vulnerability has been confirmed in Adobe Flash for Windows and is believed to also affect versions that run on Linux and Apple’s OS X, according to an advisory from VeriSign’s iDefense Labs. There is no patch yet but Adobe is expected to release one soon, said iDefense Intelligence Director Rick Howard.

    The exploit occurs as a result of the way Flash handles Shockwave files. By creating a particular object and then deleting it, attackers can gain arbitrary execution control over uninitialized memory locations where the invalid object resided, iDefense said. The technique involves the use of so-called heap molding and heap spraying, allowing memory contents to be overwritten with attack code.

    “iDefense considers this vulnerability to be of HIGH severity due to the possibility of arbitrary code execution with minimal user interaction,” Howard wrote in an email.

    The vulnerability affects version 9.0.124.0 of Flash. The advisory didn’t say whether version 10 is also susceptible.

    The vulnerability is separate from a security bug in Adobe’s Acrobat Reader program that is currently under attack. The company only notified users of the threat last week, after independent security researchers released their own advisory. According to IDG News, the attack has been in the wild for more than six weeks.

    Credit: The Register

    Email, Bookmark or Share:
    • E-mail this story to a friend!
    • Digg
    • del.icio.us
    • StumbleUpon
    • Reddit
    • Technorati
    • Slashdot
    • Propeller
    • Google
    • Live
    • YahooMyWeb
    • TwitThis
    • Facebook
    • LinkedIn
    More on CyberInsecure:
  • Potential Vulnerability In Adobe Flash
  • Critical Security Vulnerability Patched In Adobe AIR 1.5
  • Adobe Flash Player SWF File Zero-Day Remote Code Execution Vulnerability
  • Adobe Fixes Clickjacking Vulnerability In Flash Player 10
  • Malware Served Through Flash Exploits By MSN Norway

  • February 24th, 2009

    Microsoft Excel 0-day Code Execution Vulnerability Exploited In The Wild

    SecurityFocus reports a new vulnerability in Microsoft Excel, MS Excel 2007 SP1 and SP2 are vulnerable, other versions may also be affected. Excel is prone to an unspecified remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

    Symantec has detected active in-the-wild exploit attempts and detects this issue as ‘Trojan.Mdropper.AC‘. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. The Trojan drops the file %Temp%rundll.exe and then it may attempt to download more files on to the compromised computer from the following locations:

    [http://]61.59.24.55/sb.php?id=[19 RANDOM ASCII CHARACTERS]
    [http://]61.59.24.45/sb.php?id=[19 RANDOM ASCII CHARACTERS]
    [http://]61.221.40.63/sb.php?id=[19 RANDOM ASCII CHARACTERS]

    Failed exploit attempts will result in a denial-of-service condition.

    Currently there are no vendor-supplied patches and no known workarounds. As usual, users should not open anything that looks like an Excel document from sources that can not be fully verified.

    Update: Microsoft has confirmed that the code execution vulnerability in Excel is real and provided recommendations on how to avoid being compromised by the vulnerability until a patch is available.

    Email, Bookmark or Share:
    • E-mail this story to a friend!
    • Digg
    • del.icio.us
    • StumbleUpon
    • Reddit
    • Technorati
    • Slashdot
    • Propeller
    • Google
    • Live
    • YahooMyWeb
    • TwitThis
    • Facebook
    • LinkedIn
    More on CyberInsecure:
  • Zero-day Microsoft Windows NSlookup.exe Vulnerability Exploited In The Wild
  • Microsoft Word Unspecified Remote Code Execution Vulnerability
  • Microsoft’s Patch Fix Critical Vulnerabilities In IE And Office
  • Microsoft Releases February Security Bulletin For 8 Security Vulnerabilities
  • Microsoft Releases Emergency Patch For Critical Windows Vulnerability

  • February 23rd, 2009

    Google Detects Malware Infection On eBay Solutions Provider Auctiva.com

    eBay solutions provider Auctiva.com suffered a malware attack during the weekend. As a result, the website has been tagged as malicious in Google. The warning “this site may harm your computer” most likely affected hundreds of thousands of customers and their eBay auctions.

    Goole Safe Browsing Diagnostic page for www.auctiva.com shows:

    What is the current listing status for www.auctiva.com?

    This site is not currently listed as suspicious.

    Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

    What happened when Google visited this site?

    Of the 129 pages we tested on the site over the past 90 days, 40 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-02-23, and the last time suspicious content was found on this site was on 2009-02-23.

    Malicious software includes 44 scripting exploit(s), 21 trojan(s). Successful infection resulted in an average of 11 new processes on the target machine.

    Malicious software is hosted on 2 domain(s), including auctlva.com/, luckffxi.com/.

    1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including me9x.cn/.

    This site was hosted on 1 network(s) including AS174 (COGENT).

    Has this site acted as an intermediary resulting in further distribution of malware?

    Over the past 90 days, www.auctiva.com appeared to function as an intermediary for the infection of 1 site(s) including octiva.com/.

    Following the complaints of users who started receiving antivirus software warnings appearing upon visiting Auctiva.com, the company took measures to ensure the transparency of the clean-up process which they finalized yesterday.

    According to Auctiva’s update log, the engineering team is still investigating this situation but, at this point, it appears the reason these virus alert warnings started showing up is because some of their machines were injected with malware originating in China. The malware has also hit a number of other high profile websites over the past 6 months. The affected machines are no longer available so it is currently safe to navigate the Auctiva website. According to Kevin K. from community.auctiva.com forums, some auctiva.com webservers to be raken offline due to additional monitoring.

    Users who visited the site between Thursday evening and Saturday afternoon at about 2 PM PT, should take precautionary measures, as explained on Auctiva website to ensure that the computers are not infected:

    1. Clear your browser cache, delete ALL temporary internet files, and restart your browser.
    2. If using a Windows machine, make sure you are updated with all the current Microsoft updates and patches.
    3. Make sure you are running some reputable antivirus software (AVG is available for free at http://free.avg.com and is known to catch this malware)
    4. Use the Firefox browser if possible, as it has been shown to be less susceptible to this sort of malware than Internet Explorer.

    According to Dancho Danchev post on ZDNet, Auctiva.com appears to have been embedded with malware on the 18th of February, several days ahead of the company’s announcement according to affected users. The exploits serving URLs, luckffxi .com and auctlva .com — both domains parked at the same IP 67.229.127.42 — are typical exploits serving sites courtesy of Chinese attackers which despite the fact that several Russian web malware exploitation kits are already localized to Chinese, continue using the same descriptive file structure for the client-side exploits in a manual fashion. For instance luckffxi .com/flash.htm, luckffxi .com/14.htm, luckffxi .com/office.htm, luckffxi .com/real.htm.

    Email, Bookmark or Share:
    • E-mail this story to a friend!
    • Digg
    • del.icio.us
    • StumbleUpon
    • Reddit
    • Technorati
    • Slashdot
    • Propeller
    • Google
    • Live
    • YahooMyWeb
    • TwitThis
    • Facebook
    • LinkedIn
    More on CyberInsecure:
  • Another Cross-Site Scripting Vulnerability On eBay Domain Sites Allows Phishing
  • 5534 Stolen Ebay Logins And Passwords Accidentally Found Online By Security Firm
  • Nigerian Spammers – Now In Google Calendar
  • Genuine Microsoft Software Trojan Infection
  • Malware Posing As Youtube Codec

  • February 20th, 2009

    SMS Malware Targets Symbian S60 Devices

    F-Secure and Fortinet are investigating a newly discovered mobile malware identified as SymbOS/Yxes.A!worm or “Sexy View”. The malware is affecting S60 3rd Edition series devices, and has a valid certificate signed by Symbian tricking the mobile device user into thinking it’s a legitimate application.

    “Sexy View” propagates by collecting all the phone numbers from the infected device, and then SMS-es itself to all of them including a link to a web site hosting a copy of it. SymbOS/Yxes.A!worm is the second mobile malware detected in the wild for 2009, followed by last month’s discovery of Trojan-SMS.Python.Flocker by Kaspersky Labs.

    F-Secure describes the malware as a Trojan but other vendors describe it as a worm, in recognition of the discovery of what might be described as auto-spreading capabilities.

    Fortinet adds that the malware gains information on the infected victim (such as serial number of the infected phone, subscription number etc) and posts this data to a remote server likely controlled by cyber criminals. It’s unclear how many users have fallen victim to the attack or its ultimate motives.

    Email, Bookmark or Share:
    • E-mail this story to a friend!
    • Digg
    • del.icio.us
    • StumbleUpon
    • Reddit
    • Technorati
    • Slashdot
    • Propeller
    • Google
    • Live
    • YahooMyWeb
    • TwitThis
    • Facebook
    • LinkedIn
    More on CyberInsecure:
  • New Symbian OS Malware Silently Transfers Mobiles Account Credit
  • New J2ME Security Vulnerabilities Affect Nokia S40 Phones
  • Malware In Online Game For Mobile Phones Launders Money
  • USB Devices Containing Worms Threaten US Army, All Removable Devices Temporarily Banned
  • New PDF Exploits Toolkit Targets Windows Users With Unpatched Adobe Reader

  • February 20th, 2009

    Fully-patched Adobe Reader 8.1.3 and 9.0.0 Vulnerable To New In-the-wild Attacks

    Adobe confirmed yesterday a critical vulnerability affecting Adobe Reader and Acrobat versions 9.0 and earlier, originally detected by the Shadowserver Foundation last week.

    The ongoing targeted attacks have since been confirmed by both, Symantec and McAfee urging users to disable JavaScript in Adobe Reader and Acrobat until Adobe issues a patch on the 11th of March. According to Symantec, so far these attacks appear to be targeted and not widespread. Symantec is continuing to monitor the vulnerability’s use in the wild.

    While examining the JavaScript code used for “heap-spraying” in these PDFs, it seems that these separate exploit attempts come from the same source. It seems likely that the people behind this threat are using targeted attacks against high-ranking people within different organizations—for example, locating the CEO’s email address on the company website and sending a malicious PDF in the hope that their malicious payload will run. Once the machine is compromised, the attackers may gain access to sensitive corporate documents that could be costly for companies breached by this threat.

    The original targeted attacks detected by the Shadowserver Foundation are once again using a well known and previously abused Chinese DNS provider js001.3322.org. There are multiple variants of the exploit that are actively circulating, one of which installs a remote access trojan known as Gh0st RAT.

    “Right now we believe these files are only being used in a smaller set of targeted attacks,” Shadowserver’s advisory read. “However, these types of attacks are frequently the most damaging and it is only a matter of time before this exploit ends up in every exploit pack on the internet.”

    Several anti-virus programs are already detecting the booby-trapped PDFs. Trend Micro and Symantec flag the attack as TROJ_PIDIEF.IN and Trojan.Pidief.E respectively. Both companies rate the threat as low, but this analysis appeared to be a week old, so it’s likely attackers have stepped up the exploit since then.

    Adobe has issued an advisory acknowledging a “critical vulnerability” in Reader. Updates won’t be available until March 11 for version 9 and a later date for earlier versions. InsecureWeb has also issued details here.

    The toxic PDFs attack a vulnerability that resides in a non-javascript call and “use some javascript to implement a heap spray for successful code execution,” according to an analysis security researcher Matthew Richard provided for Shadowserver. “The malicious PDFs in the wild contain javascript that is used to fill the heap with shellcode.”

    Users can disable JavaScript in Adobe Reader and Acrobat until Adobe by clicking “Edit -> Preferences -> JavaScript” and uncheck “Enable Acrobat JavaScript”.

    Email, Bookmark or Share:
    • E-mail this story to a friend!
    • Digg
    • del.icio.us
    • StumbleUpon
    • Reddit
    • Technorati
    • Slashdot
    • Propeller
    • Google
    • Live
    • YahooMyWeb
    • TwitThis
    • Facebook
    • LinkedIn
    More on CyberInsecure:
  • Adobe Patches Older Reader PDF Flaw, In Total 8 Vulnerabilities Patched
  • Recently Patched Adobe Reader Flaw Used By Miscreants To Hijack PCs
  • Critical Security Vulnerability Patched In Adobe AIR 1.5
  • New PDF Exploits Toolkit Targets Windows Users With Unpatched Adobe Reader
  • Remote-Execution Vulnerability In Adobe Flash 9.0.124.0