Advance notice of Microsoft patches scheduled to be released on December 9

Microsoft just provided advance notice of the patches scheduled to be released on Tuesday, December 9. The details as they are currently known are available at https://technet.microsoft.com/library/security/ms14-dec There are a total of seven bulletins to be released. Three of which are designated as CRITICAL and the remaining four are designated as IMPORTANT. At least one […]

Sophos has published an advisory on the five things to lookout for this black friday and cyber monday.

https://nakedsecurity.sophos.com/2014/11/25/5-online-scams-to-watch-out-for-this-black-friday-and-cyber-monday/

US cert advisory on REGIN malware

On November 25, the US-Computer Emergency Readiness Team issued the following advisory on the Regin Remote Access Trojan. https://www.us-cert.gov/ncas/alerts/TA14-329A A definition for this malware has been available for the workstations running Sophos since November 25. Please see the following URLs for additional details. https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Regin-F.aspx https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Regin-I.aspx http://www.computerworld.com/article/2851060/security0/regin-state-sponsored-malware-itbwcw.html      

Advance notice of patches scheduled to be released for November – to be released on Nov 11

Microsoft has just provided advance notice of the patches that are scheduled to be released on Tuesday, November 11. The details are available at https://technet.microsoft.com/library/security/ms14-nov . There are a total of sixteen bulletins scheduled to be released. Five of the bulletins are identified as CRITICAL and (at least two) apply to Internet Explorer and all […]

SSLv3.0 vulnerable to MITM attack – suggest SSLv3.0 be disabled in favor of TLS1.1/1.2

On Tuesday, October 14, a proof of concept exploit was made public for a vulnerability in SSLv3.0. SSL version 3.0 is a cryptographic protocol that is used by both web servers and clients to encrypt data during transmission. If successful, the exploit could enable a Man-in-the-middle attack that could divulge data intended to be encrypted.  […]

Oracle patches to be released on October 14

Oracle is scheduled to release their quarterly patch update on Tuesday, October 14. The patch is expected to include a new release of Java. Please see the following URL for details. http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html  

Advance notice of October Microsoft patches – to be released on Oct 14

Microsoft has just provided advance notice of the patches that are scheduled to be released for October. There are a total of nine patches scheduled to be released. Three of which are identified as CRITICAL and the remaining patches classified as IMPORTANT (five) or MODERATE (only 1).  Bulletin #1 applies to all current workstation versions […]

Vulnerabilty in BASH being actively exploited on Unix systems

During the afternoon on September 24, an actively exploited BASH vulnerability was identified on Unix systems.  The following systems have been identified as vulnerable. RedHat Enterprise Linux (version 4-7) – bash is the default shell for RedHat enterprise systems CentOS – versions 5-7 – http://lists.centos.org/pipermail/centos/2014-September/146099.html Ubuntu – versions 10.04LTS, 12.04LTS, and 14.04LTS – http://www.ubuntu.com/usn/usn-2362-1/ Debian […]

Two factor authentication available for iCloud backups

As of Tuesday, September 16, Apple has enabled two factor authentication for iCloud backups. Additional information is available at http://arstechnica.com/security/2014/09/apples-two-factor-authentication-now-protects-icloud-backups/

Advance notice of Microsoft patches scheduled to be released on Sept 9

Microsoft has just provided advance notice of the patches that are scheduled to be released on Tuesday, September 9. There details as currently known, are available at https://technet.microsoft.com/library/security/ms14-sep There are a total of four patches scheduled to be released. One of the patches is classified as CRITICAL (for Windows Workstations) and the remaining three are […]