Adobe Hacked, Microsoft Vulnerable, Oracle Patches Galore

ADOBE: HACKED

Adobe Update Server HackedCyber Criminals gained access to Adobe’s Update Servers. It appears Adobe Systems has once again become a prime target. But this time, instead of focusing on finding new vulnerabilities in the Adobe Acrobat Reader software, Cyber criminals (and maybe Nation states or Cyber Terrorists, tbd) have found a new way in – the new Adobe Updater – a Cloud-based updating service for all of Adobe’s major applications. The compromise allowed hackers to create at least two malicious files that were digitally signed using a valid Adobe certificate, according to Adobe security chief Brad Arkin.

Risk = It is possible that your Adobe applications could be compromised after an update. However, Adobe plans (and may have already) revoked the compromised server certificates in early October. According to Adobe, one of the two digitally signed malware files is a utility that extracts password hashes from the Microsoft Windows operating system. This is typically used in a multi-pronged attack as one of the first phases – first gain escalated privileges, then compromise other system resources and eavesdrop without notice or cause harm. It’s hard to tell just yet how extensive the damage is although Adobe claims they have it under control.

What to do about it? Adobe says they have already resolved the problem, however, you might want to run alternative programs such as Foxit PDF viewer and other non Adobe tools for a few weeks throughout October while we wait and see the damage and if Adobe’s really fixed the problem. Remember, never disable your anti-virus software and firewall, if they are warning about issues with Adobe, there’s probably a good reason.

 

 

Microsoft Vulnerable

MICROSOFT: VULNERABLE

Microsoft also had a month full of issues with a bulletin full of major critical security updates, here: http://technet.microsoft.com/en-us/security/bulletin/ms12-oct

 

 

 

 

 

ORACLE: PATCHES
Oracle PatchedOracle’s Critical Patch Update for October 2012: 109 Vulnerabilities Fixed.

These vulnerabilities run the gambit from holes in the Oracle Database Server, to their acquired assets of the open source MySQL system to JAVA.

For more information, visit them here: http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

 

 

 

SOURCES: Adobe, Microsoft, Oracle and USCERT.gov

[big_header]This CDM News Update Sponsored By:[/big_header]
[column width=”280px” padding=”10px”]
Adobe Hacked, Microsoft Vulnerable, Oracle Patches Galore[/column]
[column width=”280px” padding=”10px”]
Global Protection[/column]
[column width=”280px” padding=”10px”]
Antivirus -5%[/column]
[end_columns]

Haven’t yet registered for your always FREE electronic edition to our Magazine? Don’t delay, click here, today!

Subscribe to Cyber Defense Magazine

Join our mailing list, no strings attached. We never sell your data. We'll send you monthly e-magazines, webinar invites from us and our partners, cybersecurity trade show updates, awards, infosec news, cybersecurity tips and so much more on all things cyber defense.
Subscribe

Related News

Vulnerable Today, Hacked Tomorrow: How a Lack of OT Cybersecurity Affects Critical Infrastructure
October 17, 2012

CyberDefenseMagazine Follow 24,016 54,487

Cyber Defense Magazine - The Premier Source for IT Security and Compliance Information. https://t.co/748STKH6k0.

cyberdefensemag

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Global InfoSec Awards for 2024 are now Open! Take advantage of co-marketing packages and enter today!

Show Me!
X