A new zero day flaw in Windows XP and Server 2003 is being exploited in the wild to bypass the sandbox on unpatched versions of Adobe Reader, security firm FireEye has reported.
According to the firm’s analysis, the vulnerability allows for a standard user running XP SP3 to elevate privileges to admin level, allowing a targeted attack on users running Reader versions 9.5.4, 10.1.6, 11.0.02 and before using a malicious PDF.
Because data is often the most valuable corporate asset - especially when customer information is concerned - staying alert for potential compromise is a critical IT job. Unfortunately, looking into a potential data breach is not easy.
In a typical organization there are usually a great number of privileged users accessing sensitive data on a daily basis. Where, then should organizations start looking for potential cracks? What behavior should they be on the lookout for, and when is an attack just a smokescreen, creating cover for a more targeted, critical breach?
Microsoft is mum on the matter for the moment, but some analysts are hopeful that a security feature originally planned for Windows 8.1 -- code-named "Provable PC Health' -- will some day see the proverbial light of day.
First, an introduction: I write about hackers, and for the past few years that has meant I write about Anonymous. At the time of the Stratfor hack I was working for Wired covering Anonymous — notably the antics of Antisec anons much of the time. I had missed the Lulzsec period, which I spent under federal investigation myself. From February to July of that year I stayed away from the hacker world, unsure if my computer would be seized and unwilling to draw my sources into a possible fishing expedition.
Air passengers can now refuse to go through a security scanner on health grounds or privacy reasons, just as the government introduces such scanners at 11 further airports.
But passengers refusing to go through a scanner will have to submit to a private search by security staff.