Homeland Secure IT Alert for Tuesday, March 13, 2012 Welcome to another exciting edition of Microsoft Patch Tuesday! This one is so exciting, it gets two posts dedicated to it. This bunch of patches contains one very important fix for a flaw so serious, according to some security experts, you can’t patch it fast enough (read here). Critical update MS12-020. Of course, …
1
What do you say if someone wants to plug something into your network?
Let’s assume you are a business owner and a man walks in wearing a jumpsuit with an official looking badge, and tells you that he is from the power company, sent there to plug a device into your outlet that will monitor and potentially save you money. What do you do? Let’s assume they say they are from DHEC and …
News Flash! Flash Player Update Released to Correct Two Critical Vulnerabilities
Adobe has released an unexpected update to Adobe Flash Player 11.1.102.62 and earlier, running across all platforms (Mac & Android included) which addresses two critical flaws. This is covered in this security bulletin. It is recommended that you download and install the latest version of the Adobe Flash Player (11.1.102.63 for computers and 11.1.11x.x for Android)). Failure to update could …
SECURE IT ALERT: Update your Adobe Shockwave – Mac users, this means you too…
Adobe released a security bulletin this week warning of nine critical vulnerabilities that affect Adobe Shockwave Player 11.6.3.633 and earlier for Windows and Macintosh. That bulletin can be found here: http://www.adobe.com/support/security/bulletins/apsb12-02.html Basically, it is the same old and busted story… If you are running an unpatched, and therefore vulnerable version of Shockwave Player, and you happen to visit a website …
Smile, You’re on Candid Camera! TRENDnet Security Camera Feeds Exploited
TRENDnet announced that upwards of 50,000 cameras, comprised of 26 vulnerable models have been identified which are vulnerable to the threat of being used for reverse surveillance. An article on BBC.co.uk indicates that as 7 of the 26 vulnerable models have patches to faulty code already released and the owners would be notified of the available updates. The scary thing …
Are you using pcAnywhere? Symantec says to cut that out… #vulnerbilities #hax0rz
If you are using pcAnywhere to remotely access your computer, you probably want to go read the “pcAnywhere Security Recommendations” posted by Symantec. http://www.symantec.com/connect/sites/default/files/pcAnywhere%20Security%20Recommendations%20WP_01_23_Final.pdf The danger is that someone so inclined could potentially access your computer through vulnerabilities exposed from old source code, and gain full access to your computer, files and your network. To sum it up, disabling pcAnywhere …
Using Apple Safari as your web browser on Windows 7 64 bit? You might want to be aware of this…
This is kind of old news, but seeing a blog post by someone else today reminded me that it is not patched yet… Apple Safari web browser can be used as an avenue that would allow malicious code on a web site to be run with whatever privileges you have on that computer. Here’s an actual security bulletin you can …
Coming this October 11th – Microsoft brings you patchy goodness!
Microsoft is bringing you patchy goodness this coming “Patch Tuesday”, October 11th. Please update your machines to insure your network is secure. There is a little something for everyone! Desktops and servers will receive Microsoft’s love. This is from the Microsoft Security Bulletin Advance Notification for October 2011: Critical Security Bulletins ============================ Bulletin 1 – Affected Software: …
mysql.com website hacked and used to serve malware to visitors
In what is becoming way too common, the popular site, mysql.com was exploited, and used to distribute malware by redirecting visitors to another site this week. Anyone browsing to mysql.com yesterday would have been redirected, and without even being prompted, then likely been exploited themselves by the software running on the rogue website which apparently looked for vulnerable browser plugins …
SSL encryption broken – Proof of concept demo later this week #ph33r
My first reaction to the news that read “Hackers break SSL encryption used by millions of sites – Beware of BEAST decrypting secret PayPal cookies” was, “What took ’em so long?” The article above gives all the details you can stand, and a quick search of Google for news articles will tell you everything else you want to know. The …