|
According to our friends at Offensive Security, the Abysssec Security Team has started publishing exploit details as part of their declared Month Of Abysssec Undisclosed Bugs (MOAUB). According to their blog announcement a few days ago, the security community can expect Abysssec to release at least one vulnerability announcement for each day of September.
The band of independent "security researchers" have already publicized security holes for Adobe Acrobat Reader, Apple QuickTime, and Trend Micro Internet Security Pro 2010. Exploit details will be posted to ExploitDB, a central repository of exploits and vulnerable software that officially took over the popular Milw0rm database back in November 2009.
In preemptive response, Trend Micro made a blog post on August 31 that, besides the usual banter against non-responsible disclosure, contained a rather whiney tone. I found Trend's blog post unfairly portrays users as helpless, ill-equipped, and "burdened" by security responsibilities. They close their post with a call for user vigilence, patching, and a sales pitch for their products. Hmmm, FUD anyone? Anyway...
The Security and Compliance team here at BankITProgram will be monitoring ExploitDB more closely this month. Customers on BankIT subscriptions will be alerted to any items of concern.
Finally, something cool to look at. Remember when US-CERT released a notice a few weeks back on how many Windows applications are vulnerable to DLL injection attacks? To see this exploit in action, see..., well, Microsoft DLL Hijacking Exploit in Action - http://bit.ly/daHTy3
Cheers.
|
