Browsing Author: Ryan Naraine

Microsoft Issues Fix-It Workaround for IE Zero-Day

Categories: Malware, Vulnerabilities

[img_assist|nid=3789|title=|desc=|link=none|align=left|width=100|height=100]Microsoft has released a one-click “fix-it” workaround to help Internet Explorer users block malware attacks against an unpatched browser vulnerability.The Fix-It workaround, available here, effectively disables peer factory in the iepeers.dll binary in affected versions of Internet Explorer.  

Read more...

The Cadence of Microsoft Security Patches

Categories: Vulnerabilities

By Andrew Storms[img_assist|nid=2543|title=|desc=|link=none|align=left|width=100|height=100]Every month, like clockwork, Microsoft releases security bulletins and every month people ask me if it’s small or a big release. While the exact details of the patches are generally treated as news, the expected workload each month really shouldn’t be a guessing game because Microsoft’s patch releases are predictably cyclical.

Read more...

Andy Jaquith on Measuring Meaningful Information Security Metrics

[img_assist|nid=3771|title=|desc=|link=none|align=right|width=100|height=100]The March issue of Information Security magazine is out this week. The cover story is a look at how security information management systems need to evolve, in particular by integrating identity management with SIM in order to tie policy violations to user activity. Also, expert Andrew Jaquith writes about how to measure meaningful information security metrics. Finally, editor Marcia Savage takes on the HITECH Act’s impact on HIPAA and how health care organizations must up their security game. Download the issue here [PDF]

Read more...

Apple Plugs 16 Safari Security Holes

Categories: Vulnerabilities

[img_assist|nid=3763|title=|desc=|link=none|align=left|width=100|height=100]Apple has shipped a new version of its Safari browser to plug multiple serious security vulnerabilities.The Safari 4.0.5 update, available for Mac OS X and Windows, fixes flaws that could lead to remote code execution if a user is tricked into surfing to a maliciously rigged Web site.

Read more...

VA Investigating Security Breach of Veterans’ Medical Data

Categories: Compliance, Data Breaches

[img_assist|nid=3743|title=|desc=|link=none|align=left|width=130|height=85]The Veteran Affairs Department’s inspector general has launched a criminal investigation into a physician assistant’s alleged downloading of veterans’ clinical data at its Atlanta medical center.The assistant allegedly recorded two sets of patient data on to a personal laptop for research purposes. One set included three years’ worth of patient data and another held 18 years of medical information.  Read the full story [nextgov]

Read more...

Exploit Code Published for Latest IE Zero-Day

[img_assist|nid=3731|title=|desc=|link=none|align=right|width=100|height=100]Using obvious clues from a McAfee blog post, an Israeli hacker was able to pinpoint the latest Internet Explorer zero-day vulnerability and create working exploit code.The exploit code, which provides a clear roadmap to launch drive-by download attacks against IE 6 and IE 7 users, is being fitted into the Metasploit point-and-click tool.

Read more...

Recently Patched Adobe PDF Flaw Being ‘Actively Exploited’

Categories: Malware, Vulnerabilities

[img_assist|nid=3716|title=|desc=|link=none|align=left|width=100|height=100]Malicious hackers have pounced on a newly patched Adobe PDF Reader vulnerability to plant Trojan downloaders on tardy Windows users.According to researchers in Microsoft’s malware protection center, the vulnerability (CVE-2010-0188) was patched less than a month ago, proving that malicious hackers are quick to find fresh targets for malware.

Read more...

Microsoft Warns of New IE Zero Day Attacks

Categories: Vulnerabilities

A zero-day (unpatched) vulnerability in Microsoft’s Internet Explorer is being exploited in the wild, the company warned in an advisory issued today.

On the same day it issued software fixes as part of its Patch Tuesday schedule, Microsoft released a pre-patch advisory to warn of the risk of remote code execution attacks against users of IE 6 and IE 7.

Read more...

Energizer Battery Charger Contains Remote Access Backdoor

Categories: Malware, Vulnerabilities

[img_assist|nid=3649|title=|desc=|link=none|align=left|width=100|height=100]The United States Computer Emergency Response Team (US-CERT) has warned that the software included in the Energizer DUO USB battery charger contains a backdoor that allows unauthorized remote system access.

Read more...

Charlie Miller on Safari Bugs, Predictions for PWN2OWN and Mobile Security

Independent Security Evaluators’ Charlie Miller discusses Safari bugs, his predictions for this year’s PWN2OWN and mobile security with Ryan Naraine at RSA 2010.

Read more...