Adobe patch released for Zero day flash vulnerability.

As of January 22, Adobe has released a patch for a zero day exploit for Flash. Details are available at http://helpx.adobe.com/security/products/flash-player/apsb15-02.html The flash version that should address the vulnerability is 16.0.0.287. Details for the flash update for Internet Explorer are available at https://technet.microsoft.com/en-us/library/security/2755801.aspx   Extract from Microsoft Announcement. On January 22, 2015, Microsoft released an […]

Oracle Critical Patch Update (including new Java) to be released on Jan 20.

Oracle is scheduled to release their quarterly patch updates (which includes a new version of Java) on Tuesday, January 20. Please see the following URL for details. http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html The current version of Java is 1.8.25. According to content on http://www.oracle.com/technetwork/java/javase/downloads/index-jsp-138363.html, when the new version is released, all systems running version 7 will automatically be updated […]

Microsoft and Adobe patches for January – released on Jan 13

Microsoft has released the security bulletins for January. The details are available at http://blogs.technet.com/b/msrc/archive/2015/01/13/january-2015-updates.aspx There are a total of eight security bulletins released for January. Only one patch is designated as CRITICAL. The remaining seven patches are designated as IMPORTANT. The one critical patch applies to telnet. By default, telnet is installed but not enabled […]

Changes to Microsoft Advance notification process

On Jan 8, Microsoft changed their Advance Notification Process associated with bulletins/patches.  If you desire email notification, you will now have to add the selected products via the http://mybulletins.technet.microsoft.com interface (after you have signed in).  Alternatively, they seem to indicate the web content will still be available at https://technet.microsoft.com/security/bulletin/ or at https://technet.microsoft.com/en-us/library/security/dn631937.aspx but neither of […]

Advance notice of Microsoft patches scheduled to be released on December 9

Microsoft just provided advance notice of the patches scheduled to be released on Tuesday, December 9. The details as they are currently known are available at https://technet.microsoft.com/library/security/ms14-dec There are a total of seven bulletins to be released. Three of which are designated as CRITICAL and the remaining four are designated as IMPORTANT. At least one […]

Sophos has published an advisory on the five things to lookout for this black friday and cyber monday.

https://nakedsecurity.sophos.com/2014/11/25/5-online-scams-to-watch-out-for-this-black-friday-and-cyber-monday/

US cert advisory on REGIN malware

On November 25, the US-Computer Emergency Readiness Team issued the following advisory on the Regin Remote Access Trojan. https://www.us-cert.gov/ncas/alerts/TA14-329A A definition for this malware has been available for the workstations running Sophos since November 25. Please see the following URLs for additional details. https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Regin-F.aspx https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Regin-I.aspx http://www.computerworld.com/article/2851060/security0/regin-state-sponsored-malware-itbwcw.html      

Advance notice of patches scheduled to be released for November – to be released on Nov 11

Microsoft has just provided advance notice of the patches that are scheduled to be released on Tuesday, November 11. The details are available at https://technet.microsoft.com/library/security/ms14-nov . There are a total of sixteen bulletins scheduled to be released. Five of the bulletins are identified as CRITICAL and (at least two) apply to Internet Explorer and all […]

SSLv3.0 vulnerable to MITM attack – suggest SSLv3.0 be disabled in favor of TLS1.1/1.2

On Tuesday, October 14, a proof of concept exploit was made public for a vulnerability in SSLv3.0. SSL version 3.0 is a cryptographic protocol that is used by both web servers and clients to encrypt data during transmission. If successful, the exploit could enable a Man-in-the-middle attack that could divulge data intended to be encrypted.  […]

Oracle patches to be released on October 14

Oracle is scheduled to release their quarterly patch update on Tuesday, October 14. The patch is expected to include a new release of Java. Please see the following URL for details. http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html