Una operación coordinada entre Symantec y otras compañías de seguridad dio un importante golpe a Backdoor.Hikit y a otras herramientas de malware utilizadas por el grupo de ciberespionaje llamado Hidden Lynx. La Operación SMN permitió que las compañías más importantes de la industria de la seguridad compartieran inteligencia y recursos, lo que ha posibilitado el desarrollo de una protección integral que podría incapacitar la efectividad de este malware.
Critical new Windows zero-day has reportedly been used in a limited number of targeted cyberespionage attacks to deliver a back door on to the victim’s computer.
Uma nova vulnerabilidade crítica no sistema operacional Windows está sendo explorada em um número limitado de ataques contra alvos nos EUA e na Europa. A vulnerabilidade Microsoft Windows OLE Package Manager Remote Code Execution Vulnerability (CVE-2014-4114) permite que os atacantes incorporem arquivos Object Linking and Embedding (OLE) a partir de locais externos. A vulnerabilidade pode ser explorada para baixar e instalar malware no computador do alvo e parece ter sido usada por um grupo de ciberespionagem conhecido como Sandworm para entregar o Backdoor.Lancafdo.A (também conhecido como Black Energy) a organizações-alvo.
Critical new Windows zero-day has reportedly been used in a limited number of targeted cyberespionage attacks to deliver a back door on to the victim’s computer.
Revision Note: V4.0 (October 14, 2014): Rereleased advisory to announce the release of updates that provide additional protection for users’ credentials when logging on to a remote host server. See Updates Related to this Advisory and Advisory FAQ for details. Summary: Microsoft is announcing the availability of updates for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 that improve credential protection and domain authentication controls to reduce credential theft.
Revision Note: V1.0 (October 14, 2014): Advisory published.Summary: Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, and Windows RT for the M…
Revision Note: V30.0 (October 14, 2014): Added the 3001237 update to the Current Update section.Summary: Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows S…
Revision Note: V1.0 (October 14, 2014): Advisory publishedSummary: Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0, affecting the Windows operating system. This vulnerabil…
Revision Note: V30.0 (October 14, 2014): Added the 3001237 update to the Current Update section.Summary: Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows S…