Advance notice of patches scheduled to be released for November – to be released on Nov 11

Microsoft has just provided advance notice of the patches that are scheduled to be released on Tuesday, November 11. The details are available at https://technet.microsoft.com/library/security/ms14-nov . There are a total of sixteen bulletins scheduled to be released. Five of the bulletins are identified as CRITICAL and (at least two) apply to Internet Explorer and all […]

SSLv3.0 vulnerable to MITM attack – suggest SSLv3.0 be disabled in favor of TLS1.1/1.2

On Tuesday, October 14, a proof of concept exploit was made public for a vulnerability in SSLv3.0. SSL version 3.0 is a cryptographic protocol that is used by both web servers and clients to encrypt data during transmission. If successful, the exploit could enable a Man-in-the-middle attack that could divulge data intended to be encrypted.  […]

Oracle patches to be released on October 14

Oracle is scheduled to release their quarterly patch update on Tuesday, October 14. The patch is expected to include a new release of Java. Please see the following URL for details. http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html  

Advance notice of October Microsoft patches – to be released on Oct 14

Microsoft has just provided advance notice of the patches that are scheduled to be released for October. There are a total of nine patches scheduled to be released. Three of which are identified as CRITICAL and the remaining patches classified as IMPORTANT (five) or MODERATE (only 1).  Bulletin #1 applies to all current workstation versions […]

Vulnerabilty in BASH being actively exploited on Unix systems

During the afternoon on September 24, an actively exploited BASH vulnerability was identified on Unix systems.  The following systems have been identified as vulnerable. RedHat Enterprise Linux (version 4-7) – bash is the default shell for RedHat enterprise systems CentOS – versions 5-7 – http://lists.centos.org/pipermail/centos/2014-September/146099.html Ubuntu – versions 10.04LTS, 12.04LTS, and 14.04LTS – http://www.ubuntu.com/usn/usn-2362-1/ Debian […]

Two factor authentication available for iCloud backups

As of Tuesday, September 16, Apple has enabled two factor authentication for iCloud backups. Additional information is available at http://arstechnica.com/security/2014/09/apples-two-factor-authentication-now-protects-icloud-backups/

Advance notice of Microsoft patches scheduled to be released on Sept 9

Microsoft has just provided advance notice of the patches that are scheduled to be released on Tuesday, September 9. There details as currently known, are available at https://technet.microsoft.com/library/security/ms14-sep There are a total of four patches scheduled to be released. One of the patches is classified as CRITICAL (for Windows Workstations) and the remaining three are […]

Advance notice of August Microsoft patches – to be released on August 12

Microsoft just provided advance notice of the patches that are scheduled to be released on Tuesday, August 12. There are a total of nine patches; two of the patches are assigned a CRITICAL designation and the remaining seven are assigned an IMPORTANT designation. Bulletin #1 applies to all current versions of Internet Explorer. However, it […]

Vulnerability in USB implementation allows covert malware actions

A topic scheduled to be presented during Blackhat 2014 deals with malicious actions that could originate from USB devices that have been altered to exfiltrate data from any computer that they are attached. The condition is not limited to only USB storage devices. It can also be performed on USB hardware such as keyboards, mice […]

Previous versions feature in Windows might assist in data recovery after cryptolocker

The SANS diary recently posted an article about utilizing the previous versions feature of Windows for data recovery in the case of cryptolocker. You can read more details about using the feature at the following link – https://isc.sans.edu/forums/diary/Windows+Previous+Versions+against+ransomware/18439