VPN Creative’s Online Security Report – Week 46

Hey everyone, Chris here. Today I thought I’d try something a little different, instead of giving you the same high quality, up-to-the-minute breaking news on all things internet security you’ve come to expect from our blog in the past 10 months.

Starting this Friday, we’ll be updating you on a weekly bug report that features previews of the latest fixes, links to security research bulletins, and quirky stories that might signal something interesting happening just over the next horizon.

So without further ado, here are the top bug, cracks, hacks, spyware, malware, and viruses you should keep an eye out for this week.

Microsoft Office is Fried

Just yesterday, we reported on a particularly nasty piece of code that was automatically opening = itself through the email accounts and Office programs of thousands of users around the world. Malware attackers and spyware spammers alike have been pouring through the new hole for days now, and security researchers at Websense predict that almost 40% of all Microsoft Office users are currently vulnerable to this specific variety of crack. Perhaps even more dismally, they also surmised that a mere 12% of that original number are up to date on the latest information about the viruses that hit the market, and of those even less have taken the necessary precautions to hold the attack vector at bay.

The security bulletin makes it clear their upcoming patch will NOT cover the .TIFF exploit, and Microsoft has been clear that we shouldn’t expect anything until December at the earliest.

“The November Patch Tuesday Advance Bulletin is out and I think everyone is breathing a sigh of both relief and frustration,” Michael Barrett, head of Microsoft Office security commented. “Relief because for the first time in a few months, this is a relatively straightforward Patch Tuesday, with fixes for most Windows versions, the ever-present IE roll up patch, and some Office components, but nothing esoteric or difficult to patch. No SharePoint plugins, no complicated .NET patching, no esoteric office extensions.”

BitCoin Wallet Pickpocketed

Bitcoin owners should keep their wallets extra close today, as reports have surfaced about a heist of nearly $1.2 million USD that took place over the past weekend.

4100 of the randomly generated c0ins were stolen from an Australian user who (ironically) goes by the name “TradeFortress”, and at each one trading at $290 per coin, that’s a lot of virtual cash trading hands with just a couple strokes of a keyboard. Although the servers themselves were not corrupted, its believed the attacker somehow gained access to Trade’s encryption keys, thereby opening them up to trade the account out to wherever they see fit.

Trade Fortress has since told Fairfax Media the server at inputs.io, a Bitcoin depository, was breached. That site now offers only a “sorry” notice advising depositors their Bitcoin are gone.

Adobe Admits Over 150 Million Accounts Stolen

And last but not least — the leak from Adobe only continues to swell in severity, as the company came forward on Thursday to confirm that all 152 million Adobe accounts have been compromised. This figure represents the entirety of their user base, while simultaneously taking the record for the largest data heist in modern history.

We’ve already mentioned it once, but we’ll say it once more just to be sure: if you have an Adobe account, change your username, password, and registered email immediately. The entire server has been compromised, and any sensitive data you used to register your details with could now be in the hands of hackers everywhere.

That just about wraps things up. Stay tuned to VPN Creative for all the latest updates and security news, and I’ll see you guys next week!