#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

adobe Vulnerabilities | Breaking Cybersecurity News | The Hacker News

Microsoft, Adobe and Mozilla issue Critical Security Patch Updates

Microsoft, Adobe and Mozilla issue Critical Security Patch Updates
May 13, 2015
This week you have quite a long list of updates to follow from Microsoft, Adobe as well as Firefox. Despite announcing plans to kill its monthly patch notification for Windows 10, the tech giant has issued its May 2015 Patch Tuesday , releasing 13 security bulletins that addresses a total of 48 security vulnerabilities in many of their products. Separately, Adobe has also pushed a massive security update to fix a total of 52 vulnerabilities in its Flash Player, Reader, AIR and Acrobat software. Moreover, Mozilla has fixed 13 security flaws in its latest stable release of Firefox web browser, Firefox 38, including five critical flaws. First from the Microsoft's side: MICROSOFT PATCH TUESDAY Three out of 13 security bulletins issued by the company are rated as 'critical', while the rest are 'important' in severity, with none of these vulnerabilities are actively exploited at this time. The affected products include Internet Explorer (IE),

Adobe patches 2nd Flash Player Zero-day Vulnerability

Adobe patches 2nd Flash Player Zero-day Vulnerability
Jan 25, 2015
Ready to patch your Adobe Flash software now. Adobe has patched one after one two zero-day vulnerabilities in its Adobe Flash that are being actively exploited by the cyber criminals. PATCH FOR FIRST ZERO-DAY On Thursday, the company released an emergency update for one of the critical vulnerabilities in Flash Player. However, the flaw was not the one that security researcher Kafeine reported. Adobe focused on another zero-day, identified as CVE-2015-0310 , that was also exploited by Angler malicious toolkit. PATCH FOR SECOND ZERO-DAY Today, Adobe released an updated version of its Flash player software that patches a zero-day vulnerability , tracked as CVE-2015-0311, spotted by French security researcher Kafeine at the beginning of the week. The vulnerability is " being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below, " Adobe said in a security advisory . The com

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Adobe issues Emergency Flash Player update to patch critical zero-day threat

Adobe issues Emergency Flash Player update to patch critical zero-day threat
Feb 05, 2014
Adobe is recommending that users update their Flash Players immediately. The company has published an emergency security bulletin today, that addresses vulnerabilities the Flash Player and released a patch to fix a vulnerability which is currently being exploited in a sophisticated cyber espionage campaign. " Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users apply the updates referenced in the security bulletin. " The vulnerability ( CVE-2014-0497 ), allows an attacker to remotely take control of the targeted system hosting Flash. " These updates address a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system " advisory said. The security hole affects the version 12.0.0.43 and earlier for both Windows and Mac OSs and Adobe Flash Player 11.2.202.335 and earlier versions for Linux. The vulnerability was discovered by two researchers

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Security updates for available for Adobe Flash Player and ColdFusion vulnerabilities

Security updates for available for Adobe Flash Player and ColdFusion vulnerabilities
Nov 13, 2013
Adobe released critical security patches for its ColdFusion web application server and  Adobe Flash Player for Mac, Windows and Linux. Adobe AIR and the AIR SDK and Compiler are also being updated. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system, dubbed as CVE-2013-5329, CVE-2013-5330. The following software versions are affected and should be updated as soon as possible: Adobe Flash Player 11.9.900.117 and earlier versions for Mac and Windows Adobe Flash Player 11.2.202.310 and earlier versions for Linux Adobe AIR 3.9.0.1030 and earlier versions for Windows and Macintosh Adobe has also released a security hotfix for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and Linux, addresses two vulnerabilities: Cross-site scripting (XSS) vulnerability (CVE-2013-5326) Allow unauthorized remote read access (CVE-2013-5328) Both products have been patched mul

Old School Hackers spying on European governments

Old School Hackers spying on European governments
Mar 02, 2013
Kaspersky Lab's team of experts recently published a new research report that analyzed that Cyber criminals have targeted government officials in more than 20 countries, including Ireland and Romania with a new piece of malware called ' MiniDuke '. In a recent attack, malware has infected government computers this week in an attempt to steal geopolitical intelligence. The computers were infected via a modified Adobe PDF email attachment, and the perpetrators were operating from servers based in Panama and Turkey. According to Kaspersky Lab CEO Eugene Kaspersky," I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s. I wonder if these types of malware writers, who have been in hibernation for more than a decade, have suddenly awoken and joined the sophisticated group of threat actors active in the cyber world. " Last week Adobe released an update that patches the Adobe PDF bug (CVE-2013-6040) used in the atta

Patch released for 7 critical Adobe Flash Player Vulnerabilities

Patch released for 7 critical Adobe Flash Player Vulnerabilities
Nov 06, 2012
Adobe release updates for Flash Player on Windows, Mac, and Linux to address 7 recently identified critical security vulnerabilities. Updated version is now 11.5.502.110 for Windows or Mac OS X users or to 11.2.202.251 for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. A recent Q3 2012 Threat repor t from Kaspersky Lab showed that nearly 30% of the exploits circulating online are targeting Adobe products. Java vulnerabilities were exploited in more than 50% of all attacks. According to Oracle, different versions of this virtual machine are installed on more than 1.1 billion computers. CVE number of 7 critical Adobe Flash Player Vulnerabilities are CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5278, CVE-2012-5279, CVE-2012-5280. Adobe's advisory about this update is available here .
Cybersecurity Resources