Microsoft Releases Security Intelligence Report for your reading pleasure… SIRv11

Microsoft has released Volume 11 of their “Microsoft Security Intelligence Report” or SIRv11, which provides “An in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in the first half of 2011”. One tidbit of interesting information contained in the report is that in the first half of 2011, less than one percent of exploits were …

Which security standards and awareness compliance requirements apply to your organization?

I came across a very handy document from www.securingthehuman.org that explains which security standards and awareness compliance requirements might apply to your organization. It is by no means a complete listing, but gives the one minute run-down of the majority of the biggies…. — Last Updated: 19 July, 2011 1. Executive Summary The purpose of this document is to identify …

Google is planning to put an end to SSL exploits, hopefully before they happen with Chrome

The other day I posted about the BEAST that can circumvent SSL encryption used with websites and how a proof of concept would be demonstrated soon and actual exploits in the wild even sooner. No sooner had I posted about that than Google’s Chrome development team had posted that they have an update already prepared for the Chrome browser that …

Old and busted – MBR viruses… New hotness – BIOS viruses (again)

This may come as no surprise to those who have been around computer security for a while, but the BIOS viruses are making a comeback! One of the first made its debut back in 1999 and was known as “CIH”.  But Symantec is reporting a new killer on the block called “Trojan.Mebromi” that affects the Award BIOS and seizes control …

Trend Micro Titanium 2012 anti-virus / anti-malware now available

Trend Micro has unveiled their Titanium update for 2012! Keep your identity, data and social network protected from a new generation of threats. Staying safe online these days is about more than just avoiding malware. You have to protect your device, your privacy, your personal data, your social network, and your family against an army of new threats. Given that abandoning …

Your mailbox has NOT exceeded the storage limit as set by your administrator

One thing I am asked weekly is, “I just received an email alert telling me my mailbox exceeded the storage limit, why is that?”. Wellllllll, first of all, these messages, though they come in email and look all official, signed by “System Administrator” or something similar, are likely phishing attempts. If you hover over the URL listed to “re-validate” your …

Security consultancy advises enterprise clients to steer clear of adopting large numbers of Macs

An article in The Register states, “Beware of Macs in enterprise” due to the findings by iSec Partners who claim large numbers of Macs are “in many ways more vulnerable than recent versions of Windows.” The vulnerability they specifically mention is the DHX authentication scheme which is easy to compromise and apparently “trivial to force OS X server to resort …

Secure IT Alert: Microsoft to unleash a ration of updates in August Patch Tuesday….

Homeland Secure IT Alert for Friday, August 5th, 2011 Tired of boring Tuesdays? Feeling deprived by Microsoft? Well, coming this Patch Tuesday, something to make every Microsoft user smile!  Updates! You read that right, Microsoft has updates galore coming your way!  They cover every current version of the Microsoft Operating system including the almost forgotten Windows XP, Windows Server 2003, …

Secure IT Alert: CERT Issues Security Recommendations to Prevent Cyber Intrusions

Homeland Secure IT Alert for Wednesday, July 21st, 2011 The United States Computer Emergency Readiness Team has issued their recommendations for protection against network intrusions.  I have included the entire document below, but the most current version of the document can be found here.  Please keep in mind that these recommendations are not related to any one platform. These are …

Hacking: The Good, the Bad and the Murky (From IEEE Spectrum)

Over on the IEEE Spectrum site is a neat article on “The Two Faces of Hacking” which was last updated on July 6, 2011 as of this writing and it shows a graph of hacks, which is interactive to allow you to select only the “Good”, “Bad” or “Murky” hacks or any combination. The graph was created to outline the differences …