Tag: Adobe

Report: Adobe Data Breach Ten Times Bigger Than First Reported

The huge security breach at software maker Adobe is even bigger than first reported, with more than 150 million credentials stolen, including records on up to 38 million active customers, according to a report by Brian Krebs at the web site Krebsonsecurity.com. Krebs said in a story posted Tuesday that Adobe’s initial estimates that user names and passwords for around three million customers was well short of the actual number taken by hackers who breached the company’s network. Citing a file posted by the website Anonnews.org, Krebs said the actual number of affected Adobe accounts stolen is much larger: 150 million username and hashed password pairs including credentials for 38 million “active” accounts, according to Adobe spokesperson Heather Edell. Edell told Krebs that Adobe has just completed a campaign to contact active users whose user IDs and encrypted passwords were stolen (including this author). Those customers are being encouraged to change […]

Bombshell: Adobe Says Massive Hack Netted Source Code, Customer Info

In what sounds like a worst-case scenario, Adobe Corp. admitted on Thursday that a massive breach of its corporate network resulted in the theft of information on close to three million customers and source code for two widely-used products: Adobe Acrobat, Acrobat Publisher, Cold Fusion and “other” as-yet undisclosed products. The news came in a string of announcements late Thursday on Adobe’s corporate blog as well as the news site Krebsonsecurity.com. The revelation came after Brian Krebs, the reporter behind that site, and Alex Holden, the Chief Security Officer of Hold Security, discovered what is described as “a massive 40 GB source code trove stashed on a server used by the same cyber criminals believed to have hacked into major data aggregators earlier this year, including LexisNexis, Dun & Bradstreet and Kroll.” After being informed of the find, Adobe investigated and acknowledged the theft. In a blog post by Chief […]

With $Pi Million At Stake, Chrome Withstands Hacker Assault

With $3.14159 million in prize money at stake, Google’s Chrome OS has withstood attempts to hack it in the company’s semi-annual Pwnium contest in Vancouver, a Google spokeswoman told The Security Ledger. In a statement Thursday, Google spokeswoman Jessica Kositz said that the company did not receive any winning entries during the day-long contest, but that the company is evaluating work that may qualify for a partial prize:  a potentially infinite series of Google Wallet transfers in the amounts:  $1 followed by $.50 followed by $.25 followed by $.125 and so on. OK – We made that last part up. Pwnium runs alongside the better known pwn2own contest at CanSecWest. This year, Google is providing funding for both contests. However, in 2012 the company pulled its support for pwn2own, objecting to the lack of a requirement of “responsible disclosure” – in which entrants must disclose the details of their exploits to the […]

Browser Security Still A Sore Spot For Companies (Podcast)

Podcast: Play in new window | Download (3.9MB)Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | RSS | https://www.securityledger.com/subscribeClueless “end users” are a common straw man (or woman) in the security industry. They’re blamed for everything from data breaches to malware infections. Accepted wisdom is that companies “get it” when it comes to security – consumers (their employees) don’t. But what if it is the other way around? That’s one tantalizing bit of data you could take away from Qualys’s Browser Check service. The free online vulnerability scanning service has assessed millions of endpoints in its two years of existence. And, by and large, it has found that consumers – not corporate users – are following good security practice by migrating to more modern, and secure web browsers. In  our inaugural Security Ledger Podcast, we sat down with Wolfgang Kandek, the Chief Technology Officer […]

Adobe Pushes Fix For Flash Player, Cites Attacks On Windows, Mac, Android

Adobe released an urgent fix on Thursday for recent versions of Flash Player, citing ongoing attacks against both Windows, Apple Mac, Linux and Android systems. Adobe released the security updates to fix a vulnerability, CVE-2013-0633 in Flash Player, noting that the vulnerability is being exploited “in the wild” (that is: on the public Internet) in targeted attacks. The attacks involve both web based attacks via malicious or compromised web sites and e-mail based attacks. The web based attacks use malicious Flash (SWF-format) content and target vulnerable versions of the Flash Player for the Firefox and Safari web browsers. The e-mail attacks use a malicious Microsoft Word document delivered as an e-mail attachment. The document contains malicious Flash (SWF) content and the email tries to trick the recipient into opening it. The vulnerability in question, CVE-2013-0633 is described as a buffer overflow in Adobe Flash Player that “allows remote attackers to execute […]