CERT Technical Cyber Security Alert TA11-350A – Adobe Vulnerabilities – Windows, Mac, Unix

A little something to keep you busy…   Adobe vulnerabilities that affect Microsoft Windows, Mac and Unix machines. Patch ’em up!   —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA11-350A Adobe Updates for Multiple Vulnerabilities Original release date: December 16, 2011 Last revised: — Source: US-CERT Systems Affected * Adobe Reader X (10.1.1) …

Microsoft Releases Security Intelligence Report for your reading pleasure… SIRv11

Microsoft has released Volume 11 of their “Microsoft Security Intelligence Report” or SIRv11, which provides “An in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in the first half of 2011”. One tidbit of interesting information contained in the report is that in the first half of 2011, less than one percent of exploits were …

Which security standards and awareness compliance requirements apply to your organization?

I came across a very handy document from www.securingthehuman.org that explains which security standards and awareness compliance requirements might apply to your organization. It is by no means a complete listing, but gives the one minute run-down of the majority of the biggies…. — Last Updated: 19 July, 2011 1. Executive Summary The purpose of this document is to identify …

IronKey D200 32GB USB storage devices offer high speed transfer and auditable encryption

I’m often asked which is the best USB flash drive you can buy. My answer varies with the requirements of the individual or business that will utilize the device. The average person requires a fast and reliable storage device to shuttle files to/from work or school, and does not require security features at all, but for those who do require …

Google is planning to put an end to SSL exploits, hopefully before they happen with Chrome

The other day I posted about the BEAST that can circumvent SSL encryption used with websites and how a proof of concept would be demonstrated soon and actual exploits in the wild even sooner. No sooner had I posted about that than Google’s Chrome development team had posted that they have an update already prepared for the Chrome browser that …

Old and busted – MBR viruses… New hotness – BIOS viruses (again)

This may come as no surprise to those who have been around computer security for a while, but the BIOS viruses are making a comeback! One of the first made its debut back in 1999 and was known as “CIH”.  But Symantec is reporting a new killer on the block called “Trojan.Mebromi” that affects the Award BIOS and seizes control …

Trend Micro Titanium 2012 anti-virus / anti-malware now available

Trend Micro has unveiled their Titanium update for 2012! Keep your identity, data and social network protected from a new generation of threats. Staying safe online these days is about more than just avoiding malware. You have to protect your device, your privacy, your personal data, your social network, and your family against an army of new threats. Given that abandoning …

Your mailbox has NOT exceeded the storage limit as set by your administrator

One thing I am asked weekly is, “I just received an email alert telling me my mailbox exceeded the storage limit, why is that?”. Wellllllll, first of all, these messages, though they come in email and look all official, signed by “System Administrator” or something similar, are likely phishing attempts. If you hover over the URL listed to “re-validate” your …

Security consultancy advises enterprise clients to steer clear of adopting large numbers of Macs

An article in The Register states, “Beware of Macs in enterprise” due to the findings by iSec Partners who claim large numbers of Macs are “in many ways more vulnerable than recent versions of Windows.” The vulnerability they specifically mention is the DHX authentication scheme which is easy to compromise and apparently “trivial to force OS X server to resort …

Secure IT Alert: CERT Issues Security Recommendations to Prevent Cyber Intrusions

Homeland Secure IT Alert for Wednesday, July 21st, 2011 The United States Computer Emergency Readiness Team has issued their recommendations for protection against network intrusions.  I have included the entire document below, but the most current version of the document can be found here.  Please keep in mind that these recommendations are not related to any one platform. These are …