Archive for May, 2009
Microsoft Security Advisory Notification – vulnerability in Directshow
Friday, May 29th, 2009A vulnerability has been identified in Windows Directshow for Quicktime (apple) files. Specifics of the exploit: An attacker would try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in e-mail. Secunia rates this as the highest criticality http://secunia.com/advisories/35268/ The …
Emails that appear to be from the FBI are likely scams
Wednesday, May 27th, 2009http://www.fbi.gov/page2/june06/jury_scams060206.htm THE VERDICT: HANG UP Don’t Fall for Jury Duty Scam
Microsoft Offers Free Template For Secure Software Development Process
Wednesday, May 20th, 2009http://www.darkreading.com/security/app-security/showArticle.jhtml;jsessionid=FKJIYMT5NWH3QQSNDLOSKHSCJUNN2JVN?articleID=217500728 Microsoft Offers Free Template For Secure Software Development Process SDL Process Template plugs directly into development tools
Two Big Mistakes and 12 Practical Tips to Avoid Them
Tuesday, May 19th, 2009http://www.sans.org/reading_room/whitepapers/application/protecting_your_web_apps_two_big_mistakes_and_12_practical_tips_to_avoid_them_33038
Vulnerability in WebDAV under IIS6
Tuesday, May 19th, 2009Microsoft IIS Flaw Exposes Sensitive Files Security experts are urging administrators using Microsoft’s Internet Information Services version 6 to take extreme caution following the discovery that the web server is vulnerable to an attack that exposes password-protected files and folders. The vulnerability lies in the part of IIS6 that processes commands based on the WebDAV …
New Malware – Gumblar – Setting Infection Records
Monday, May 18th, 2009A new malware attack is setting infection records and raising red flags throughout the security industry. Called ‘Gumblar’, the malware uses prolific attack methods and carries a dangerous payload. Researchers say that the attack spreads by compromising websites and injecting malicious JavaScript code into certain components of the site. A potential victim runs the risk …
How to ensure your desktop workstation is secure
Thursday, May 14th, 2009May 14, 2009 There is no shortage of products, practices and solutions to improve the security of workstations. But it really can be reduced to a relatively few rules of thumb. 1. Run a vulnerability scanner regularly (I would suggest at least once every two weeks) Patch software that is identified as having vulnerabilities. Remove …
Update for Adobe reader
Thursday, May 14th, 2009May 14, 2009 A patch has been issued for Adobe Reader – It can be downloaded from http://www.adobe.com/support/security/bulletins/apsb09-06.html
Vulnerability of Symantec Products
Friday, May 8th, 2009May 8, 2009 >>> “Luevano, Ana” <ana.luevano@dir.state.tx.us> 5/8/2009 9:31 AM >>> MULTI-STATE INFORMATION SHARING AND ANALYSIS CENTER CYBER SECURITY ADVISORY MS-ISAC ADVISORY NUMBER: 2009-023 Updated DATE(S) ISSUED: 4/29/2009 5/8/2009 UPDATED SUBJECT: Multiple Vulnerabilities in Symantec Products Could Allow For Remote Code Execution ORIGINAL OVERVIEW: Multiple vulnerabilities have been identified within various Symantec security products which …
SPAM phishing effort from news@tamu.edu
Friday, May 8th, 2009May 8, 2009 The following is being sent as a phishing attempt. It has since been blocked. Some users will have received it already – it should be tagged as spam. Subject: [SPAM] Urgent news – please read. Message-ID: <1241778330.14544.qmail@poste.it> From: “Texas A&M University ” <news@tamu.edu> Please read our new and important news using the …
