Adobe8
Adobe released a security update for Adobe Reader 8 and Acrobat 8 that covers 8 different CVEs today.
http://www.adobe.com/support/security/bulletins/apsb08-19.html
This update covers these CVEs: CVE-2008-2992, CVE-2008-2549, CVE-2008-4812, CVE-2008-4813, CVE-2008-4817, CVE-2008-4816, CVE-2008-4814, CVE-2008-4815.
It affects Adobe Reader 8.1.2 and earlier and Acrobat Pro, 3d and Std 8.1.2 and earlier.
Adobe recommends you upgrade to Reader 9 or 8.1.3 or upgrade to Acrobat 8.1.3 depending on which product(s) you use.
This set of vulnerablies can lead to Internet Security options being changed, priviledge escalation, DOS or in the worse cases remote code execution.
Cyber Security Awareness Month 2008 - Summary and Links
On behalf of the volunteer handlers of the SANS Internet Storm Center, I'd like to pass along our deep appreciation to all of the readers who sent in hundreds of comments and ideas during the past month! As promised, below is an index to all of the Cyber Security Awareness Month diaries that were published over the past several weeks. You can also find the daily subjects by searching on the keyword "Awareness2008" in our diary archive. Because we chose to focus on the six steps of incident handling, we went a bit longer than 31 days to allow for the inclusion of step six, Lessons Learned. So as a bonus this year you get 34 days rather than 31!
Here is the schedule that we followed:
Preparation: October 1-4
Identification: October 5-11
Containment: October 12-18
Eradication: October 19-25
Recovery: October 26-31
Lessons Learned: November 1-3
We are working on producing a full document that has all of the submissions (cleaned up, reformatted, and sanitized if needed) that were received. As you can imagine it will be a while before it's ready for downloading due to the volume of information that was sent to us. If you have any final thoughts or want to add some additional tips to the subjects, please send send them to us via our contact form.
1. Preparation
1 Policies, Management Support, and User Awareness
2 Building a Response Team
3 Building Checklists
4 What Goes Into a Response Kit
2. Identification
5 Events versus Incidents
6 Network-based Intrusion Detection Systems
7 Host-based Intrusion Detection Systems
8 Global Incident Awareness
9 Log and Audit Analysis
10 Using Your Help Desk to Identify Security Incidents
11 Other Methods of Identifying an Incident
3. Containment
12 Gathering Evidence That Can be Used in Court
13 Containment on Production Systems Such as a Web Server
14 Containing a Personal IdentityTheft Incident
15 Containing the Damage From a Lost or Stolen Laptop
16 Containing a Malware Outbreak
17 Containing a DNS Hijacking
18 Containing Other Incidents
4. Eradication
19 Forensic Analysis Tools - What Happened?
20 Eradicating a Rootkit
21 Removing Bots, Keyloggers, and Spyware
22 Wiping Disks and Media
23 Turning off Unused Services
24 Cleaning Email Servers and Clients
25 Finding and Removing Hidden Files and Directories
5. Recovery
26 Restoring Systems From Backups
27 Validation via Vulnerability Scanning
28 Avoiding Finger Pointing and the Blame Game
29 Should I Switch Software Vendors?
30 Applying Patches and Updates
31 Legal Awareness (Regulatory, Statutory, etc.)
6. Lessons Learned (November)
1 (32) What Should I Make Public?
2 (33) Working With Management to Improve Processes
3 (34) Feeding The Lessons Learned Back to the Preparation Phase
Marcus H. Sachs
Director, SANS Internet Storm Center
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago