Adobe has confirmed a zero-day vulnerability in its Reader and Acrobat software and plans to release a patch on Jan. 12 for the dangerous bug.According to an an advisory issued late Tuesday, the vulnerability impacts version 9.2 and earlier for Windows, Mac and UNIX platforms. A successful exploit can allow an attacker to crash or take control of a targeted system.As users await an updated version of the popular PDF management products, the company recommended IT administrators utilize the... Read Full Story
A hacker was able to break into the database of RockYou and obtain 32 million clear-text passwords through an SQL vulnerability.Researchers at database security firm Imperva discovered the flaw in RockYou.com, which provides applications and services for social networking sites like Facebook and MySpace. Imperva notified the site then issued a warning about the flaw, Amichai Shulman, CTO of Imperva, told SCMagazineUS.com on Tuesday.But before RockYou could fix the bug, at least one hacker... Read Full Story
Congressional leaders on Tuesday accepted five new cybersecurity policy recommendations aimed at protecting sensitive information belonging to the U.S. House and securing its IT systems from attack.The proposed changes were crafted by Daniel Beard, the House's chief administrative officer, who was asked by Speaker Nancy Pelosi and Minority Leader John Boehner to conduct an assessment of the lower chamber's information security policies.The new guidelines, set to take effect next year... Read Full Story
Adobe is looking into what researchers term a "very bad" zero-day vulnerability in its popular Reader and Acrobat software. The flaw is being actively exploited through the spread of malicious PDF files, according to Symantec. The executable is disguised as part of an email attachment. If users who have any version of Reader or Acrobat installed on their machines were to click on the attachment -- even if their PCs are fully patched -- they will be hit with the exploit. Ben Greenbaum, senior... Read Full Story
In a notable policy shift, American and Russian officials have met to discuss cybersecurity issues, such as collaboration among law enforcement bodies and the use of cyberweapons, the New York Times reported in its Saturday editions.Under the Bush administration, U.S. officials simply “refused to engage” with the Russians on cyberissues, James Lewis, director of technology and public policy at the Center for Strategic International Studies, told SCMagazineUS.com on Monday. But in mid... Read Full Story
More than 60 credit unions have lost their legal battle against BJ's Wholesale Club after the Massachusetts Supreme Judicial Court last week affirmed a lower court ruling to dismiss the case.The lawsuit stems from a data breach at BJ's that was discovered in 2004 in which hackers gained access to the retailer's network and stole 9.2 million credit card numbers. Thieves subsequently racked up millions of dollars in transactions using the stolen cards. As a result of the breach, the credit... Read Full Story
Updated on Thursday, Dec. 10 at 11:05 a.m. A U.S. District Court judge in New Jersey has tossed out a class-action lawsuit filed by shareholders against Heartland Payment Systems, the credit card processor announced Wednesday.Judge Anne Thompson granted Heartland's motion to dismiss the action, which was filed in the wake of Heartland's massive breach that was reported earlier this year, according to a company statement. The suit, filed against Heartland, Heartland's Chairman and CEO Bob... Read Full Story
After admitting to the TJX hacks three months ago, Albert Gonzalez has now agreed to plead guilty to charges he broke into the network of Heartland Payment Systems and several other companies to steal more than 130 million credit and debit card numbers.The plea agreement was filed Tuesday in U.S. District Court in New Jersey. Gonzalez, 28, of Miami admitted to hacking into Heartland, 7-Eleven, and Hannaford Bros. supermarket chain. In August, he was charged with conspiracy and conspiracy to... Read Full Story
Microsoft delivered its monthly security update on Tuesday to rectify 12 vulnerabilities, five of which are present in Internet Explorer (IE) and comprise the most pressing patch to deploy.That bulletin -- MS09-072 -- is the only patch that carries both a "critical" severity rating and Exploitability Index grade of 1, meaning consistent exploit code is likely. One of the five flaws was a zero-day, for which proof-of-concept code was publicly available."[The patch] is at the top of deployment... Read Full Story
A months-old cross-site scripting (XSS) vulnerability affecting the website for the Pentagon was brought to light again this week when a researcher posted two attack scenarios.The researcher, using the alias "Ne0h," found the vulnerability on the Pentagon's "Tours" page and posted two proof-of-concept scripts.None of the exploits, however, could lead to any sensitive Pentagon data being compromised because the site only is used to provide information on visiting the headquarters of the U.S... Read Full Story
