Below is a list of important security articles from the last few days. The biggest being:
- Java 0-Day Exploit (affects all versions of Java, disable now!)
- Cool Exploit Kit (new more expensive Blackhole Exploit Kit)
- IE 0-Day Exploit (word is, fixIt doesn't work)
Biggest news of the day: The vulnerability exists in all versions of Java 7, including the latest — Java 7 Update 10 . You should uninstall Java or unplug Java from your browser:
http://www.kb.cert.org/vuls/id/625617
http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/
Article on the “Cool Exploit Kit”, high end Blackhole kit:
http://krebsonsecurity.com/2013/01/crimeware-author-funds-exploit-buying-spree/
http://www.theregister.co.uk/2013/01/10/cool_exploit_kit/
Speaking of the Java 0-Day and the Cool Exploit Kit… Cool is serving it.. “Not cool”…
http://www.symantec.com/connect/blogs/java-zero-day-dished-cool-exploit-kit
IE 0-Day Exploit :
http://technet.microsoft.com/en-us/security/advisory/2794220
Article on “DDOS Attacks on US Banks” – Good example of a BAD PASSWORD POLICY, the password was admin/admin
http://thehackernews.com/2013/01/under-hood-of-recent-ddos-attack-on-us_10.html
Adobe patches for Flash Player, Reader and Acrobat:
http://www.networkworld.com/news/2013/010913-adobe-patches-critical-vulnerabilities-in-265656.html
Article on more information sharing between government and private sector to address cyber attacks, seems like the Government will need to pass a bill for this one:
http://www.networkworld.com/news/2013/010913-business-government-cyberthreats-265666.html?page=1