Many online merchants use Magento, a leading digital commerce platform, to host their online store. Last week, thousands of these merchants found themselves under attack. This massive, automated campaign dubbed “Cardbleed” by Sansec, because of its ability to steal credit card information from online store customers, is the largest of its kind to date.

On top of the RDP vulnerability out there, additional Microsoft Windows zero-days are out there, which can exploit enterprises and give attackers full system control. The RDP vulnerability had the potential to be used in a WannaCry like worm. 

One of the themes of this blog is that IP reputation - when delivered in an actionable form the way we do at ThreatSTOP - can protect against threats that you had no idea existed. There's an interesting Reuter's report that explains the problem:

Adobe have just announced yet another Zeroday Flash etc. exploit that has been seen in the wild in emailed Microsoft Word documents. The document installs the usual sort of backdoor trojan.

There are times when I disagree strongly with Steve Jobs, and times when I think he may just have a point. The point in question being his dislike of Adobe's Flash. Flash, and Adobe Reader, are in the news again because of yet another security hole that's being actively exploited by the bad guys while Adobe can only promise to fix its code sometime the week after next.

Since yet another Zero-day* vulnerability in Adobe Flash was announced yesterday it seems appropriate to explain how ThreatSTOP subscribers are protected against zero-day attacks on both client and server computers.