Week in review: Microsoft and Adobe flaws, SQL injection attack, Wikileaks

Here’s an overview of some of last week’s most interesting news and articles:

Critical Adobe Flash, Reader 0-day flaw exploited in the wild
Adobe released the security advisory detailing the particulars of the critical vulnerability, saying that it “could cause a crash and potentially allow an attacker to take control of the affected system.”

U.S. intelligence analyst arrested for passing on classified items to Wikileaks
An Army intelligence analyst has been arrested by U.S. Federal officials after he boasted about providing Wikileaks with combat videos and classified State Department records.

The termination of a spyware business
The Federal Trade Commission has put the brakes on the business practices of an operation that was selling spyware and showing customers how to remotely install it on other people’s computers without their knowledge or consent.

A preventative, layered approach to head off sophisticated malware threats
IT security professionals are realizing that even the most robust endpoint security strategy isn’t enough to protect computers from malicious attacks.

1 in 10 IT pros cheat on an IT audit
Amongst those who have cheated lack of time and resources are cited as the main reasons, underlining the ever increasing pressure on today’s IT departments.

Fixing the Internet is…easy?
I have to agree that sometimes the issue Internet security seems insurmountable, but not everybody feels the same. Roger Grimes, computer security veteran, thinks the solution to the problem within our reach.

34 vulnerabilities fixed in June Patch Tuesday
Microsoft delivered 10 security bulletins that address 34 vulnerabilities affecting Windows, Office and Internet Explorer.

Olympus Stylus Tough camera shipped with malware
Olympus Japan has admitted that a little over 1700 units of the Stylus Tough 6010 digital compact camera that was available for sale in Japan contain a virus on the memory card shipped with it.

48 flaws patched with new version of Safari
A new version of the Safari browser for Windows and Mac has been released, and with it Apple patched 48 security flaws – most of which were located in the WebKit technology.

Twitter’s new service reveals what’s behind shortened links
Since March, Twitter has been routing all submitted direct messages through a URL service called twt.tl. Now, the time has come for this service to be available for all tweets.

Google patches 11 vulnerabilities in new Chrome, awards $2000 to researcher
The discovery of the cross-origin bypass in DOM methods by Sergey Glazunov has earned him $2000, but there’s no mention of the reason for this unusually high reward.

A closer look at My Lockbox PRO
My Lockbox PRO (v. 2.0) enables you to hide, lock and password protect almost any folder on your computer.

114,000 iPad owners’ emails and account IDs exposed
News that vulnerabilities on the AT&T network allowed a group calling itself Goatse Security to harvest emails and AT&T authentication IDs of 114,000 early-adopters of Apple’s iPad shocked potential victims.

Mass SQL injection attack compromises IIS/ASP sites
Thousands of websites and who knows how many visitors were affected by the recently discovered mass SQL injection attack that targeted – among others – The Wall Street Journal and The Jerusalem Post websites.

Drive-by download attack disguised by Canadian Pharmacy website
Red Condor issued a warning of a new sophisticated email malware threat that spoofs YouTube and uses a redirect on a compromised website to a common Canadian Pharmacy web site to distribute malicious PDFs via drive-by download.

0-day Windows flaw published by Google researcher
Tavis Ormandy – the well-known Google security researcher who discovered the feature/vulnerability in Java back in April and forced Sun to patch it up swiftly by releasing the details to the public – has done it again.

What every CEO should know about advanced persistent threats and industrialized hacking
What’s the difference between APT and industrialized hacking, and how should you respond?

Don't miss