Websense® Security Labs™ has received reports of a proof-of-concept (PoC) exploit code circulating in the wild, exploiting a vulnerability in Adobe Reader 8.1.2, and Adobe Acrobat 8.1.2.

The flaw is a stack buffer overflow that results when parsing specially crafted PDF files (CVE-2008-2992). Successful exploitation allows the attacker the same level of permission rights to the desktop as the victim who opened the PDF file.

We urge customers to update to the latest version of Adobe Reader and Adobe Acrobat. We will continue to monitor the development of this threat. Read more

Alexandria, Va., October 20, 2008 – NCUA has placed an updated share insurance estimator on its website to provide members of insured credit unions an opportunity to estimate the amount of coverage the National Credit Union Share Insurance Fund now provides. The estimator, known as the Electronic Share Insurance Calculator (E-SIC), bases computations on the rules in effect as of October 3, 2008.

Fight identity theft by monitoring and reviewing your credit report. The FTC site has information regarding free credit reports available from AnnualCreditReport.com.   Don’t be fooled by other for-pay sites that try to trick you into using their services.  Other websites that claim to offer “free credit reports,” “free credit scores,” or “free credit monitoring” are not part of the legally mandated free annual credit report program. In some cases, the “free” product comes with strings attached. For example, some sites sign you up for a supposedly “free” service that converts to one you have to pay for after a trial period. If you don’t cancel during the trial period, you may be unwittingly agreeing to let the company start charging fees to your credit card. You may request your free credit report online, by phone or through the mail. Free credit reports requested online are viewable immediately upon authentication of identity. Free credit reports requested by phone or mail will be processed within 15 days of receiving your request.

In Jeffery Deaver’s new thriller, The Broken Window, the villan is an identity thief.  Deaver relied on his own experiences with identity theft when creating this villain.  Read about his experience with identity theft as well as some tips about protecting yourself at Parade Magazine.

From the article:

Each year close to 9 million people are victims of identity theft in the U.S. alone. The cost to businesses and individuals is up to $50 billion annually, and victims spend about 300 million hours a year re-establishing their identities.

Read the whole article.

VIENNA, Va. - The Financial Crimes Enforcement Network (FinCEN) is reminding the public to be alert to ongoing financial scams that attempt to solicit funds from unsuspecting victims.

In some of these scams, individuals misrepresent themselves as FinCEN officials and try to trick victims into revealing confidential information. These scams may involve the fraudulent use of FinCEN’s seal in a letter or email that claims to be an official correspondence. These scams often involve the enticement of a phony inheritance or sum of money, and claim that FinCEN is holding or blocking the transfer of funds.

Recipients of these letters or emails should not respond to such messages, and should not send money or provide any personal or confidential information. Those who believe that they are or have been a victim of a financial scam, should report this information to local, state, or federal law enforcement authorities.

FinCEN does not send unsolicited requests and does not seek personal or financial information from members of the public. FinCEN does not have authority to freeze assets or block funds transfers. In addition, these fraudulent letters or emails may purport to be from an overseas office of FinCEN. FinCEN does not have any offices outside of the United States.

As part of its mission to deter and detect criminal activity, FinCEN devotes significant resources to the discovery and prevention of fraud. FinCEN supports law enforcement and regulatory agencies through the sharing and analysis of Bank Secrecy Act (BSA) information. As illustrated in its most recent strategic analytical reports on the real estate, mortgage loan, and insurance industries, FinCEN is committed to detecting and preventing money laundering and fraud.

For additional information on money laundering scams, please see the following:

• FinCEN Issues a Warning Notice Against Fraudulent Stop Order Scams
• Treasury Warns Public About E-Mail Scams
• Help for Victims
• Federal Trade Commission’s Identity Theft website
• U.S. Treasurer’s Financial Literacy Initiatives

The mission of the Financial Crimes Enforcement Network is to safeguard the financial system from the abuses of financial crime, including terrorist financing, money laundering, and other illicit activity. They achieve this mission by: administering the Bank Secrecy Act; supporting law enforcement, intelligence, and regulatory agencies through sharing and analysis of financial intelligence; building global cooperation with our counterpart financial intelligence units; and networking people, ideas, and information.

It’s vacation season, the time of year when you leave your home for a week to spend that quality time with your family.  But while you are away, is your home secure?

The guys over at the Institute for Security and Open Methodologies (ISECOM) have put together a Home Security guide.  Basically, the took general security principles and applied them to your home.  There’s both no brainers and some good tips inside.

Take a look.

Websense Security Labs^TM has discovered a run of spam emails that attempt to dupe users into downloading and installing a video of the solar eclipse. We have also seen similar blocks of spam purporting to contain videos of movie stars, singers, and other entertainers.

Sample subject lines include:

Lunar Eclipse Video
Your guide to the total lunar eclipse.
Shocking video with Total moon eclipse
Total Moon Eclipse Video on NASA TV
Moon Eclipse is visible today
Read more