According to a new report, published today by SANS, the overwhelming majority of all cyber-security risks can be laid at the door of just two areas: unpatched client-side software and vulnerable Internet facing web sites. The report was compiled by Rohit Dhamankar, Mike Dausin, Marc Eisenbarth and James King of TippingPoint with assistance from Wolfgang Kandek of Qualys, Johannes Ullrich of the Internet Storm Center, and Ed Skoudis and Rob Lee of the SANS Institute faculty. But, to be fair, I'm not sure that attack data from systems protecting 6000 organisations and vulnerability data from 9,000,000 systems was really needed …

Member Avatar
+1 forum 0

Adobe has issued a security advisory following the discovery of what it describes as a "critical vulnerability" which exists within the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) across all platforms, Windows, Macintosh and Linux operating systems, The same vulnerability can be found within the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems and has the potential to cause a crash which could then allow an attacker to take control of the system. Well, I say potential, but [URL="http://www.adobe.com/support/security/advisories/apsa09-03.html"]Adobe admits[/URL] that there are "reports that this vulnerability is being actively …

Member Avatar
+0 forum 0

Hackers managed to get root access to a large Internet Service Provider, reportedly via a zero day vulnerability over the weekend, and destroy data from 100,000 websites as a result. The UK-based ISP, VAServ, has [URL="http://www.theregister.co.uk/2009/06/08/webhost_attack/"]stated[/URL] that the attackers apparently exploited a vulnerability in virtualisation software called HyperTM in order to gain access to the servers. It would appear that around 100,000 of the websites hosted at Vaserv had data destroyed in one hit on Sunday, possibly courtesy of a recursive delete 'rm -rf' Unix command. Unfortunately, many VAServ customers have an unmanaged account with no data backup. It is …

Member Avatar
Member Avatar
+0 forum 1

The bad guys of the IT business are always looking for the most effective ways to infect the innocent Internet user, and increasingly that means turning to commonly used web browser plug-ins such as Flash or PDF readers. A couple of years ago we were [URL="http://www.daniweb.com/blogs/entry1537.html"]reporting critical vulnerabilities[/URL] for all Adobe Flash platforms, and towards the end of last year there were [URL="http://www.itwire.com/content/view/21493/53/"]reports[/URL] of a critical vulnerability in Adobe Reader. Cue Jaws soundtrack: just when you thought it was safe to go back in the Adobe PDF water. According to an [URL="http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html"]official Adobe security warning[/URL] "All currently supported shipping versions …

Member Avatar
Member Avatar
+1 forum 1

The End.