Adobe Flash Player 11.3 Font Parsing Code Execution
07 September 2012
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 184.108.40.206 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.
CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Too many of today’s networks are easy to sink. One attack pierces the perimeter, and all of the organisation's most sensitive data comes rushing out. Soon after, their logo is slapped across the evening news as the pundits start circling the water.
Security researcher Lyon Yang has released details about a number of vulnerabilities in routers made by California-based Zhone Technologies, the exploitation of some of which can result in the routers being hijacked.
Whenever people think of APTs and targeted attacks, people ask: who did it? What did they want? While those questions may well be of some interest, we think it is much more important to ask: what information about the attacker can help organizations protect themselves better?
You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.