Federal Friday has come again, which means another week has passed us by. It's been a busy week for the Moose of Rapid7 with an imminent move for our Boston HQ for on the horizon. We also had a great week at RSA with SC Magazine naming Nexpose the Best Vulerability Management Solution!

The threat landscape has had a wild few days with a major security flaw for Apple desktops and iOS devices as well as another IE zero day being discovered. In addition, a detailed report from FireEye pointed out a zero day vulnerability in Flash (CVE-2014-0502). This particular vuln targeted 3 non-profit institutions; as visitors went to their sites they were redirected to a server hosting the zero day exploit. According to the post by FireEye this is a targeted attack on a specific sector intended to gain additional user data as well as any information regarding public-policy and defense. This nasty exploit targets computers with the following OS' and configurations:

  • Windows XP
  • Windows 7 and Java 1.6
  • Windows 7 and out-of-date versions of MS Office 2007 or 2010

Not to be outdone US-CERT released put out an Alert about Phishing campaigns that will be popping up and on-going through the tax season. It's bad enough that doing your taxes can be stressful, especially if you know you're going to have to write a check to Uncle Sam, but now you need to watch out for these targeted campaigns. Keep in mind, while they cast a wide net, these campaigns will have the look and feel of an email coming from the IRS. To help you protect yourself US-CERT listed the below steps:

Less than 30 days until the boys of summer are back (I'm going to get some heat around here for this)...