As promised, Microsoft only released one patch today, but boy is it a doozy. According to Microsoft’s security bulletin, the Windows SMB component suffers from three security vulnerabilities — the worst being a buffer overflow flaw that could allow a remote attacker to gain complete control of your Windows PC.
Critical SMB flaws in Windows may help spread the next botnet
January 22nd, 2009 · Comments Off
Oracle Releases Critical Patch Update with 41 Fixes
January 22nd, 2009 · Comments Off
Oracle releases 41 security fixes in its first critical patch update of 2009. The CPU includes fixes for a number of flaws with the highest possible severity rating. Oracle delivered 41 security fixes to its customers in its first CPU (Critical Patch Update) of 2009.
MD5 Hack Interesting, But Not Threatening
January 12th, 2009 · Comments Off
A few days ago at the Chaos Communication Congress in Berlin, researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL certificate using the RapidSSL brand of SSL certificate.
Microsoft Urges Organizations to Patch Server Vulnerability as New Attacks Surface
January 12th, 2009 · Comments Off
Microsoft is again urging users to apply a patch for a vulnerability in the Windows Server service. The company reported earlier that a new variant of the Conficker worm has surfaced to target the flaw.
NetWitness releases free version of security software
November 24th, 2008 · Comments Off
NetWitness, a vendor of networking threat-analysis software, is offering a free version of its NetWitness Investigator package by download, the company said Monday. NetWitness Investigator is different from most other network-scanning software in that it uses forensic tools to examine applications and changes on content on the network, as well as attacks coming from outside [...]
Three Reasons Why Users Won’t Buy Into Security
November 24th, 2008 · Comments Off
In this series we are looking at the subject of computer security and how we as an industry can do a better job convincing the general public that security does matter. Last week we opened up with a look into the problem, and highlighted several really big problems that the security community has to overcome. [...]
Automated security testing & its limitations
November 24th, 2008 · Comments Off
The team I work in uses both automated scanners, along with a few humans testing (minimum of 2)… A good tester should know the weaknesses of the automated testers. The problem with automated testers, is, simply put, they are not human.
How to Use Network Behavior Analysis Tools
November 14th, 2008 · Comments Off
What’s happening on the enterprise network-or more to the point, what’s occurring on the network that should not be-is a major concern of security executives. If someone is trying to hack in, or a virus or worm is spreading, or a denial-of-service attack is underway, there might be evidence of these types of activities before [...]
The insider security threat in IT and financial services
November 7th, 2008 · Comments Off
RSA announced the findings of its latest insider threat survey, conducted among attendees at industry events in North America and Latin America in 2008. The survey polled 417 individuals – including delegates at the RSA Conference – who confessed to their work-related security behaviors and attitudes.
Top 10 Network Security Threats
November 4th, 2008 · Comments Off
Over the last 10 years, our world has become interconnected in ways not previously imaginable. Today, for instance, people in Spain, the U.S., and Brazil can find out simultaneously that soccer-star Wayne Rooney is starting to look a bit more like himself – at last!