10Fold – Security Never Sleeps – 88

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Hackers are already exploiting a new critical vulnerability in Flash Player, and Adobe Systems is still working on the patch. Brian Krebs reported that Wendy’s investigation into a credit card breach uncovered malicious software on point-of-sale systems in 5 percent of their restaurants–the source of the breach was compromised third party credentials. Symantec has reported that Internet Explorer zero-day vulnerability is being exploited to attack South Korea. PerezHilton.com was under a malvertising attack as discovered by Cyphort.

Hackers are exploiting an unpatched Flash Player vulnerability, Adobe warns – Publication: PCWorld – Reporter name: Lucian Constantin

Adobe Systems is working on a patch for a critical vulnerability in Flash Player that hackers are already exploiting in attacks. In the meantime, the company has released other security patches for Reader, Acrobat, and ColdFusion.


Wendy’s: Breach Affected 5% of Restaurants – Publication: Krebs on Security – Reporter name: Brian Krebs

Wendy’s said today that an investigation into a credit card breach at the nationwide fast-food chain uncovered malicious software on point-of-sale systems at fewer than 300 of the company’s 5,500 franchised stores. The company says the investigation into the breach is continuing, but that the malware has been removed from all affected locations.


​South Korea victim of Internet Explorer zero-day vulnerability – Publication: ZDNet- Reporter name: Asha Barbaschow

Security firm Symantec has reported that South Korea has been affected by targeted attacks that exploited an Internet Explorer zero-day vulnerability.


PerezHilton.com Hit by Malvertising – Publication: InfoSecurity Magazine – Reporter name: Tara Seals

Visitors to pop culture website PerezHilton.com have been redirected to an Angler Exploit Kit variant as a result of a malvertising attack. Researchers at Cyphort have discovered that the EK, dubbed som.barkisdesign.com, is automatically downloaded to website visitors’ computers without any interaction triggers. PerezHilton.com sees a half-million visitors per day, looking for celebrity gossip.