Category Archives: Security Bulletin

Microsoft, Adobe Push Critical Security Fixes

(via KrebsonSecurity.com)

Adobe, Microsoft and Oracle each released updates today to plug critical security holes in their products. Adobe released patches for its Flash Player and Adobe AIR software. A patch from Oracle fixes at least 25 flaws in Java. And Microsoft pushed patches to fix at least two-dozen vulnerabilities in a number of Windows components, including Office, Internet Explorer and .NET. One of the updates addresses a zero-day flaw that reportedly is already being exploited in active cyber espionage attacks…

(Full Article)

Suspected Russian “Sandworm” cyber spies targeted NATO, Ukraine

(via arstechnica.com)

Microsoft plans to release a patch for this during its regular updates, so make sure you update this week.

A group of cyber spies targeted the North Atlantic Treaty Organization (NATO), Ukrainian and Polish government agencies, and a variety of sensitive European industries over the last year, in some cases using a previously unknown flaw in Windows systems to infiltrate targets, according to a research report released on Tuesday.

(Full Article)

7 million Dropbox username/password pairs apparently leaked

(via arstechnica.com)

Popular online locker service Dropbox appears to have been hacked. A series of posts have been made to Pastebin purporting to contain login credentials for hundreds of Dropbox accounts, with the poster claiming that altogether 6,937,081 account credentials have been compromised…

Update: Dropbox sent the following statement to Ars:

Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.

(Full Article)

Dairy Queen Confirms Breach at 395 Stores

(via KrebsOnSecurity.com)

Nationwide fast-food chain Dairy Queen on Thursday confirmed that malware installed on cash registers at some 395 stores resulted in the theft of customer credit and debit card information. The acknowledgement comes nearly six weeks after this publication first broke the news that multiple banks were reporting indications of a card breach at Dairy Queen locations across the country.

(Full Article)

Internet Explorer stars in monster October Patch Tuesday

(via TheRegister.co.uk)

October is stacking up to be a bumper Patch Tuesday update with nine bulletins lined up for delivery — three rated critical.

Top of the critical list is an update for Internet Explorer that affects all currently supported versions 6 to 11, on all operating system including Windows RT. Vulnerabilities discovered in most versions of Windows Server, Windows 7 and 8, and the .NET framework are covered in the other pair of critical bulletins.

(Full Article)

Bug in Bash shell creates big security hole on anything with *nix in it

(via arstechnica.com & Schneier on Security)

“A security vulnerability in the GNU Bourne Again Shell (Bash), the command-line shell used in many Linux and Unix operating systems, could leave systems running those operating systems open to exploitation by specially crafted attacks…”

This only directly effects you if you’re running a machine with MacOS or *nix on it, but is  a big deal, noted by many, many, sources.

(Full Article, Arstechnica & Full Article, Schneier)