The OpenSSL Heartbleed bug may have finally fallen out of the Headlines this week. In fact, thinking about it as I write this very article, it\u2019s nearly 3 PM, and I haven\u2019t read a Heartbleed article all day, which is wonderful. Don\u2019t worry, though, even without the Heartbleed, we\u2019ve got plenty to talk about:<\/p>\n
Zero-Days<\/b><\/p>\n
Kaspersky Lab announced that it uncovered an Adobe Flash Player zero-day<\/a> earlier this week. The company uncovered the bug \u2013 oddly enough \u2013 using one of the very same tools it uses to uncover new malware samples. When it was discovered, the zero-day exploit was being used to target victims in Syria with a type of threat called a watering hole attack. A watering hole is a type of targeted attack where an attacker plants a piece of malware on a website he thinks his victim is likely to visit. This way, when and if that victim visits the infected website, the victim then becomes infected with malware. Adobe has since provided a patch for the bugs here, so you should install any updates from that company as soon as possible.<\/p>\n Microsoft had its own zero-day problems<\/a> in its Internet Explorer browser. I won\u2019t go into the technical details of the vulnerability. However, I will tell you that the zero-day has been exploited in the wild to launch attacks against various targets and that it was apparently serious enough to warrant what Microsoft calls an \u201cOut of Band\u201d patch. Such patches are those that are shipped out on any day other than the company\u2019s well-established monthly Patch Tuesday releases. If a bug receives an out-of-band patch, this is usually a pretty good indicator that the bug in question was a serious one.<\/p>\n Just When I Thought I Was Out, They Pull Me Back In<\/b><\/p>\n Speaking of Patch Tuesday: remember earlier this month when we told you that Windows XP would no longer receive security updates<\/a>? We were wrong (at least technically speaking). Because the Internet Explorer zero-day referenced above is being used to actively target Windows XP machines, Microsoft found it in their heart to send the out-of-band Internet Explorer patch to XP users as well<\/a>.<\/p>\n AOL is Back!<\/b><\/p>\n A number of AOL email users found themselves in a pickle recently after their accounts appeared to be used to send out spam messages to the people on their contact lists. We discussed this in last week\u2019s news recap<\/a>. AOL claimed that the incident was all part of what they called a \u201cspoofing\u201d attack. They said there was no compromise and that it only appeared as if the emails were coming from AOL user email accounts. In reality, the company initially claimed, the sender of the emails was merely making it appear as if the emails were coming from AOL user email accounts.<\/p>\n If I call recall correctly, last week we said that AOL\u2019s explanation of events was odd in that \u2013 while there may have indeed been spoofing going on \u2013 it failed to account for how the attacker would have gotten his hands on all those contact lists. Sure enough, AOL admitted<\/a> this week that it was in fact breached in an announcement urging users to change their passwords. So, if you have an AOL account, this is probably a good time to change up your password.<\/p>\n Facebook and Privacy<\/b><\/p>\n