Archive for May, 2009

Microsoft Security Advisory Notification – vulnerability in Directshow

Friday, May 29th, 2009

A vulnerability has been identified in Windows Directshow for Quicktime (apple) files. Specifics of the exploit: An attacker would try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in e-mail. Secunia rates this as the highest criticality http://secunia.com/advisories/35268/ The […]

Emails that appear to be from the FBI are likely scams

Wednesday, May 27th, 2009

http://www.fbi.gov/page2/june06/jury_scams060206.htm THE VERDICT: HANG UP Don’t Fall for Jury Duty Scam

Microsoft Offers Free Template For Secure Software Development Process

Wednesday, May 20th, 2009

http://www.darkreading.com/security/app-security/showArticle.jhtml;jsessionid=FKJIYMT5NWH3QQSNDLOSKHSCJUNN2JVN?articleID=217500728 Microsoft Offers Free Template For Secure Software Development Process SDL Process Template plugs directly into development tools

Two Big Mistakes and 12 Practical Tips to Avoid Them

Tuesday, May 19th, 2009

http://www.sans.org/reading_room/whitepapers/application/protecting_your_web_apps_two_big_mistakes_and_12_practical_tips_to_avoid_them_33038

Vulnerability in WebDAV under IIS6

Tuesday, May 19th, 2009

Microsoft IIS Flaw Exposes Sensitive Files Security experts are urging administrators using Microsoft’s Internet Information Services version 6 to take extreme caution following the discovery that the web server is vulnerable to an attack that exposes password-protected files and folders. The vulnerability lies in the part of IIS6 that processes commands based on the WebDAV […]

New Malware – Gumblar – Setting Infection Records

Monday, May 18th, 2009

A new malware attack is setting infection records and raising red flags throughout the security industry. Called ‘Gumblar’, the malware uses prolific attack methods and carries a dangerous payload. Researchers say that the attack spreads by compromising websites and injecting malicious JavaScript code into certain components of the site. A potential victim runs the risk […]

How to ensure your desktop workstation is secure

Thursday, May 14th, 2009

May 14, 2009 There is no shortage of products, practices and solutions to improve the security of workstations. But it really can be reduced to a relatively few rules of thumb. 1. Run a vulnerability scanner regularly (I would suggest at least once every two weeks) Patch software that is identified as having vulnerabilities. Remove […]

Update for Adobe reader

Thursday, May 14th, 2009

May 14, 2009 A patch has been issued for Adobe Reader – It can be downloaded from http://www.adobe.com/support/security/bulletins/apsb09-06.html

Vulnerability of Symantec Products

Friday, May 8th, 2009

May 8, 2009 >>> “Luevano, Ana” <ana.luevano@dir.state.tx.us> 5/8/2009 9:31 AM >>> MULTI-STATE INFORMATION SHARING AND ANALYSIS CENTER CYBER SECURITY ADVISORY MS-ISAC ADVISORY NUMBER: 2009-023 Updated DATE(S) ISSUED: 4/29/2009 5/8/2009 UPDATED SUBJECT: Multiple Vulnerabilities in Symantec Products Could Allow For Remote Code Execution ORIGINAL OVERVIEW: Multiple vulnerabilities have been identified within various Symantec security products which […]

SPAM phishing effort from news@tamu.edu

Friday, May 8th, 2009

May 8, 2009 The following is being sent as a phishing attempt. It has since been blocked. Some users will have received it already – it should be tagged as spam. Subject: [SPAM] Urgent news – please read. Message-ID: <1241778330.14544.qmail@poste.it> From: “Texas A&M University ” <news@tamu.edu> Please read our new and important news using the […]