Adobe Releases Security Updates for Flash Player, Adobe Reader and Acrobat

Original release date: August 12, 2014

Adobe has released security updates to address multiple vulnerabilities in Flash Player, Adobe Reader and Acrobat. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system.

Users and administrators are encouraged to review Adobe Security Bulletins APSB14-18 and APSB14-19, and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

New study: Activists pose easy target for nation-state attackers

Lean operations and a lack of technical staff make non-governmental organizations a prime, and relatively soft, target for well-funded adversaries, according to an academic study of a four-year campaign targeting one such group.

In a paper to be delivered at the USENIX Security Conference next week, six academic researchers analyzed nearly 1,500 suspicious e-mail messages targeting the World Uyghur Congress (WUC). The team found that, while the malware managed to reliably evade detection by many antivirus programs, the attacks were relatively unsophisticated, using known vulnerabilities that had already been patched. The social engineering tactics, however, were very targeted and convincing, with the majority written in the native language, referring to events of interest to the NGO and appearing to come from known contacts, said Engin Kirda, a professor of computer science at Northeastern University and a co-author of the paper.

"You read about sophisticated attacks, but the malware that we analyzed was pretty standard," Kirda said. "It was not some ground breaking obfuscation or malware."

Read 9 remaining paragraphs | Comments

Blackphone goes to Def Con and gets hacked—sort of

When the Blackphone team arrived at Def Con last week, they knew they were stepping into a lion’s den. In fact, that's exactly why they were there. The first generation Blackphone from SGP Technologies has been shipping for just over a month, and the company’s delegation to DefCon—including Silent Circle Chief Technology Officer Jon Callas and newly hired SGP Technologies Chief Security Officer Dan Ford—was looking to both reach a natural customer base and get help with further locking down the device.

Ask and you shall receive. Jon “Justin Case” Sawyer, the CTO of Applied Cybersecurity LLC, walked up to the Blackphone table at Def Con and told them he rooted the phone. And those who followed him on Twitter received an abbreviated play-by-play.

What followed, however, was not what Sawyer or the Blackphone team counted on: a BlackBerry blogger at N4BB leapt on one of Sawyer’s tweets and wrote a story with the erroneous headline, “Blackphone Rooted Within 5 Minutes.” By the time Sawyer was presenting on Sunday at Def Con with Tim Strazzere, the story had been picked up by a number of blogs and websites—and nearly all of them didn’t bother getting further details from Sawyer or Blackphone.

Read 19 remaining paragraphs | Comments