Just after Google’s report, Adobe posted their shorter, less-detailed, account of the attack. These reports came in two days ago. Brian Krebs, former security reporter at the Washington Post, has been following this story quite closely. On his blog, he notes that the attackers appear to have targeted source code and trade secrets, and that MS has posted an advisory about the unpatched vulnerability.

This story is a very interesting and is a prime example of why user education is so important. Using this unpatched zero-day exploit and a clever social engineering attack, trade secrets from countless organizations could get stolen–possibly without notice. That’s why educating users is the aim of my new book, Cyber Within. Through education, users will obtain a better understanding of risks and security challenges and will be able to spot social engineering and other malicious schemes instead of giving up corporate secrets. By the way, Cyber Within will be available in a couple of weeks. I’ll keep you posted, but in the mean time, check out a new article by my colleague Kevin Beaver where he outlines the real deal with internal security threats.

The security bulletin with patches can be found here.