On September 22, 2011, Cody Kretsinger, a 23-year-old from Phoenix, Arizona was arrested and charged with conspiracy and the unauthorized impairment of a protected computer, according a federal indictment.  How did the Feds track down the alleged LulzSec member? It turns out that a VPN service reportedly used to mask his online identify and location was the one who handed over data to the FBI. According to the federal indictment (embedded below), Kretsinger registered for a VPN account at HideMyAss.Com under the user name “recursion”. Following that, the indictment said that Kretsinger and other unknown conspirators conducted SQL injection attacks against Sony Pictures in attempt to extract confidential data.

Adobe released a security update for its Flash Player. The out of cycle update addresses critical security issues in flash player as well as an important universal cross-site scripting issue. The critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.186.6 and earlier versions for Android. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. Adobe reported that one of the vulnerabilities (CVE-2011-2444) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message. To illustrate the importance of keeping systems up to date, including Adobe Flash products, the fact that the RSA cyber attack was executed using a spear phishing attack with an embedded flash file should serve as a friendly reminder. RSA was breached after an employee opened a spreadsheet that contained a zero-day exploit that installed a backdoor through an Adobe Flash vulnerability.

On 9/23/2011, in a rare move, Oracle broke its normal procedures and issued an emergency patch due to concerns about the impact of a successful attack.  This security alert addresses the security issue CVE-2011-3192, a denial of service vulnerability in Apache HTTPD, which is applicable to Oracle HTTP Server products based on Apache 2.0 or 2.2. This vulnerability may be remotely exploitable without authentication, i.e. it may be exploited over a network without the need for a username and password. A remote user can exploit this vulnerability to impact the availability of un-patched systems.  The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

Bank social engineering trojan attack successfully steals money by inviting users to engage in a Dummy Transfer that actually transfers money to the hackers account.