Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Adobe Systems is once again rolling out an emergency Flash update that patches a critical vulnerability under active attack to compromise the computers of unsuspecting users.

The latest Flash versions fix a remote code-execution bug that, as Ars reported last week, recently came under attack in the Angler exploit kit. Malware purveyors and other types of online crooks use such kits to seed compromised websites with attack code. Once people visit the sites with vulnerable computers, the booby-trapped pages surreptitiously exploit the vulnerabilities and install backdoors that can be used to log keystrokes, steal passwords, and install new pieces of malware at will.

An advisory Adobe published late last week warned that the bug resides in versions running on Windows, Macs, and Linux systems. So far, reports suggest that in-the-wild exploits are limited only to Windows systems. The vulnerability stems from a so-called use-after-free bug that allows attackers to corrupt the memory of affected computers. Trend Micro has additional technical details here.

Read 5 remaining paragraphs | Comments

 

On Saturday, 24 JAN 2015, Adobe updated their Security Advisory for Adobe Flash Player specific to CVE-2015-0311. From the update:

Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24. This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. For more information on updating Flash Player please refer to this post.

To that end we">GREEN. Please ensure you apply updates as soon as possible and stay tuned here as additional related information">|">@holisticinfosec

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
xa0Credit: BaumNISTA new publication from the National Institute of Standards and Technology (NIST) provides guidance for organizations to improve security as employees move to mobile devicesxa0such as phones and tablets for their work ...
 
LinuxSecurity.com: Unbound could be made to consume resources if it received specially craftednetwork traffic.
 
LinuxSecurity.com: Ghostscript could be made to crash or run programs as your login if itopened a specially crafted file.
 
LinuxSecurity.com: JasPer could be made to crash or run programs as your login if itopened a specially crafted file.
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Security Report Summary
 

Three Reasons Big Companies Should Work With Security Startups
Forbes
While large companies are just as committed to innovation as startups are, most invest in innovation via acquisition not incubation, which means the future of infosec relies heavily on the ability of innovative start-ups to create and validate new ...

 
Adobe Flash Player CVE-2015-0311 Unspecified Security Vulnerability
 
JasPer 'jpc_qmfb.c' Arbitrary Code Execution Vulnerability
 
JasPer 'jpc_dec_process_sot()' Remote Heap Buffer Overflow Vulnerability
 
Internet Storm Center Infocon Status