October 16, 2009, 1:31 PM

Oracle Mega-Patch Coming Next Tuesday

By Ryan Naraine

Oracle has announced plans to ship a Critical Patch Update (CPU) with fixes for at least 38 security vulnerabilities in a wide range of database and server products.

The most serious vulnerabilities affect Oracle Core RDBMS, Oracle JRockit and Oracle Network Authentication.  Read the Oracle advance notice [oracle.com]  More »

  • Comments
October 16, 2009, 12:30 PM

On the Outlook Web Access Attacks, Adobe and Microsoft Patch Releases

By Dennis Fisher

In this episode, Ryan and Dennis discuss the Outlook Web Access phishing attacks, the huge Microsoft and Adobe patch releases and the massive scope of the botnet problem.

You are missing some Flash content that should appear here! Perhaps your browser cannot display it, or maybe it did not initialise correctly.

   More »

  • Comments
October 15, 2009, 8:50 AM

Study: Only 4% of Corporate IT Users Stick to Password Rules

By Ryan Naraine

Just 4% of users of corporate systems abide by IT security policies, even when that system handles very sensitive private information according to an academic survey [pdf] that has revealed humans to be the main flaw in any security system.

Researchers at the University of Wisconsin-Madison and  IT University, Copenhagen found that just 4% of the people surveyed obey best practice rules for passwords. The rest use the same passwords for different systems or use words that appear in the dictionary or write their passwords down on post-it notes beside the computer.  Read the full story [out-law.com]  More »

  • Comments
October 15, 2009, 8:47 AM

Abdicating on a Cyber Security Czar?

In May, President Obama completed his long-awaited "cyberspace policy review," concluding that cyberspace is a strategic asset that must be safeguarded from attack as a national security priority. 

The president promised to appoint a permanent "cyber czar" who would coordinate the work of federal agencies charged with protecting us. But since "acting cyber-security czar" Melissa Hathaway resigned in August, the post has been unfilled.  Why?   Read the full op-ed [LA Times/James D. Zirin]  More »

  • Comments
October 15, 2009, 8:02 AM

Zeus Trojan Part of New Outlook Web Access Phishing Scam

By Dennis Fisher

The attackers behind the Zeus Trojan have unleashed a new phishing scam that is specifically targeted at users of the popular corporate webmail tool Outlook Web Access. The phishing emails include the recipient's actual email address and appear to be an update to the OWA application.  More »

  • Comments
October 15, 2009, 7:09 AM

Microsoft Finally Shuts Door on ATL Bugs

By Ryan Naraine

Computerworld's Gregg Keizer brings word that this week's record-setting batch of patches from Microsoft actually closed the book on the vexing ATL code library issues that first surfaced in July 2009.

Keizer quotes Ryan Smith, one of the hackers credited with discovering the flaw, as saying that the latest Microsoft Office updates shut the door on the last big attack vector for the ATL vulnerability.  Read the full story [computerworld.com]  More »

  • Comments
October 15, 2009, 7:09 AM

How to Steal a Botnet

By Dennis Fisher

Botnets have become a major problem in the last few years, with massive networks such as Storm, Nugache and others comprising hundreds of thousands of infected machines. This video lays out the foundation of the problem and explains the efforts of researchers to take over the Torpig botnet.  More »

  • Comments
October 14, 2009, 1:48 PM

New Koobface Campaign Spoofs Adobe's Flash Updater

By Ryan Naraine

The botnet masters behind the most efficient social engineering driven botnet, Koobface, launched a new campaign currently spreading across Facebook with a new template spoofing Adobe’s Flash updater embedded within a fake YouTube page.  Read the full story [zdnet.com/Dancho Danchev]  More »

  • Comments
October 14, 2009, 11:31 AM

Virginia Loses Records for 103,000 Adult Education Students

By Dennis Fisher

The parade of large-scale data losses is continuing unabated. The latest incident involves an unencrypted Flash drive containing the personal information of more than 100,000 adult education students in Virginia.  More »

  • Comments
October 14, 2009, 7:48 AM

October Microsoft Patch Tuesday Has Something for Everyone

By Jason Miller

Microsoft has released 13 new security bulletins in the October 2009 version of Patch Tuesday.  Eight bulletins have a severity rating of Critical. The remaining five security bulletins have a severity rating of Important. For the first time, Windows 7 and Windows 2008 R2 are affected by security bulletins. The sheer volume of bulletins and subsequent patches this month will likely give administrator fits.  More »

  • Comments
October 14, 2009, 7:23 AM

Phishing Attacks Continue to Evolve

By Dennis Fisher

Antispam vendors, browser makers and Internet service providers have been on the front lines in the battle to contain phishing attacks, but the cybercriminals behind phishing campaigns are getting savvy at defeating technologies and tricking victims into giving up their credentials and other data. Read the full story [SearchSecurity.com].  More »

  • Comments
October 14, 2009, 6:50 AM

Adobe Ships 29 Patches for Reader and Acrobat

By Dennis Fisher

On the same day that Microsoft unleashed a torrent of 34 patches on its customer base, Adobe on Tuesday published patches for 29 vulnerabilities in its Acrobat and Reader products as part of its new quarterly patch release program.  More »

  • Comments

 

Top Five Security Vunlnerabilites by Secunia

  1. Adobe Flash Player Multiple Vulnerabilities
  2. Microsoft Products GDI+ Multiple Vulnerabilities
  3. XML-RPC for PHP PHP Code Execution Vulnerability
  4. Adobe Reader/Acrobat Arbitrary Multiple Vulnerabilities
  5. Microsoft Windows ActiveX Controls ATL "OleLoadFromStream()" Vulnerability
more
more

Stay Connected