Cisco Patches a Rash of Buffer Overflow and DoS Vulnerabilities

Cisco Systems released fixes for 15 vulnerabilities in three of its major product lines on Wednesday, including two different security appliances. The vulnerabilities would either allow an attacker to remotely execute code on a compromised machine, or execute a denial-of-service attack. Cisco said it is not aware of public exploits for any of the vulnerabilities.

More than 300,000 at Risk After Major Breach at Florida College

A security breach initially believed contained to about 50 employee records now appears to involve almost 300,000 students, faculty and employees at a Florida college.Officials at Northwest Florida State College in Niceville today confirmed a massive data breach and hundreds of thousands of stolen records that include names, birth dates and Social Security numbers.

It was only a matter of time before the inevitable wave of malicious, election-tinged spam began to rain down upon internet users. In the wake of last week’s presidential debate between President Barack Obama and Republican nominee Mitt Romney, it appears the floodgates have opened.

Scared is a strong word, but the reality, according to a Websense analysis by Patrik Runald, is that spear-phishers, like the ones that compromised a White House network last week, are implementing new evasion tactics, fundamentally changing their attack strategies, and revolutionizing the targeted threat model, giving business executives plenty of reason to worry.

It can happen to anyone…and when it does it usually catches everybody – the victim and his relatives – completely unprepared. I’m talking about kidnapping. Twice in my life I’ve been involved in helping the police track down and arrest gangs of kidnappers. The first case didn’t directly affect me or my family, but the second time a close friend of mine was kidnapped. And it turns out that our work in tackling cybercrime can also be useful to catch criminals who seem to have little connection with high-tech wrong-doing.

Microsoft rolled out seven security updates today, including a fix for a critical remotely exploitable Word vulnerability. In all, 20 vulnerabilities were repaired by Microsoft, which also issued an advisory regarding poorly generated digital certificates that have to be replaced and the distribution of an automated mechanism that will check for certificate key lengths and revoke any shorter than 1024 bits.

Less than a month after the Nitol botnet takedown, Microsoft has released data casting more scrutiny of supply chain security. In its latest Security Intelligence Report (SIR) for the first half of 2012, Microsoft has connected the most prevalent malware families involved in supply chain compromises, including malicious add-ons pre-installed on PCs by manufacturers, as well as pirated software available on peer-to-peer networks, and music and movie downloads.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.