Last week I blogged about the CVE-2011-2110 Adobe Flash vulnerability being actively exploited in the wild. Adobe released its patch exactly a week ago (Tuesday, June 14) ... I wanted to do a follow up to identify the patch rate within our enterprise customers.
Mike's follow-up review of the numbers of vulnerable Flash installations after Adobe's update released last week... scary numbers of vulnerable systems out there.
Zscaler Safe Shopping is already available for Firefox, Firefox Mobile (aka Fennec) and Google Chrome. Now, you can also download the extension for your Opera 11 browser. A version for Safari will be available soon as well.
Julien has been busy - he's now ported his Safe Shopping browser plugin to Opera, joining the existing versions for Firefox, Firefox Mobile and Chrome.
Opera users should download it now from https://addons.opera.com/addons/extensions/details/zscaler-safe-shopping/1.0/...
The "Dad walks in on Daughter.. EMBARRASSING!" Facebook scams have become very prevalent. I listed a few examples on our new blog, Zscaler Analyst Scrapbook. I'll go into more detail in this post.
There's no end to the scam attempts on Facebook. As ever, be very careful what you click on, and make sure your security solutions are up to date and effective.
This past Tuesday, June 14, a vulnerability (CVE-2011-2110) in the Adobe Flash Player was patched. This vulnerability is actively being exploited in the wild - prior to the patch, the earliest exploitation that we have seen in our logs thus far, dates back to early last Thursday (June 9th).
Flash and Acrobat are still topping the charts of active exploits - make sure your Flash Player is up to date!
The ultimate dream of a phisher it to be able to set up thousands of phishing sites freely, anonymously, and quickly. Luckily for them, PasteHtml.com offers a service which empowers them to do just that. It is a "Free anonymous web hosting" site, which allows anyone to create any page with a simple POST request.
Trust the phishers and scammers to find a way to abuse a useful service. Be careful of any site that links you out to hosting services such as pastehtml.
Recently, I have noticed a significant increase in the usage of the Incognito exploit kit. Similar to the Blackhole exploit kit, Incognito also targets vulnerabilities in Java and Adobe products.
Use of the Incognito exploit kit is on the rise. Incognito attempts to exploit known vulnerable ActiveX controls, the Java Deployment Toolkit and Acrobat Reader.
Zscaler, working with Microsoft through their MAPPs program, has proactively deployed protections for twenty-two web-based client side vulnerabilities included in the June 2011 Microsoft patch cycle.
multiple domains using IP "178.18.243.219" were found to be Blackhole exploit kit. Further analysis confirmed distribution of evil contents using these domains.
Very often while we're conducting log analysis across our cloud in order to add security protections (signatures, black listing, reputation scoring, etc.) we find interesting scraps of information. While this information may not be interesting to the masses - it may help those working in security operations centers (SOCs) or other roles to add similar protections for their users.
The Analyst Scrapbook can be found at http://scrapbook.zscaler.com. If you're a regular follower of the Research blog, you're going to want to add this one to your reader list as well.
Following a previous post on a malicious Google News search, we identified additional domains related to this attack, also serving malicious code. The method of infection remains the same by injecting a malicious script, which will redirect victims to one of several malicious domains.
Umesh has indentified 27 additional domains that are being used to host malicious code related to the compromised news search results. As ever, exercise vigilance when looking at search results.
