Cryptowall malware in circulation – sophos definition mal/zbot-rk

  A new variant of the cryptolocker/cryptowall malware has been identified.  When successful, the malware encrypts all data retained on the workstation before the process can be halted.  As of June 10, the malware has a current definition in Sophos (identified as mal/zbot-rk) but at least one user has suffered a data loss.   Some […]

Advance notice of patches to be released for June – to be released on June 10

Microsoft has just provided advance notice of the patches that are scheduled to be released on June 10 at 12 (noon). The details as they are currently known are available at – https://technet.microsoft.com/library/security/ms14-jun There are a total of seven patches; two of which are assigned a designation of CRITICAL and five are assigned a designation […]

Vulnerability in all gnuTLS versions released prior to 5/30

A vulnerability has been identified in the several open source TLS libraries that are commonly used on Linux systems. The vulnerability would allow a buffer overflow if exploited. If you run a Ubuntu or RedHat system, please check to see if a patch is available. The TLS versions that are vulnerable include all versions prior […]

Advance notice Microsoft patches for May – to be released on May 13

Microsoft has just provided advance notice of the patches that are scheduled to be released on May 13. The details are available at – http://technet.microsoft.com/en-us/security/bulletin/ms14-may  There are a total of eight patches scheduled to be released. Two of those are identified as CRITICAL (for workstation operating systems) and six of those are identified as IMPORTANT. […]

Zero day exploit identified for all current versions of Internet Explorer

On Saturday, April 26, Microsoft provided an announcement of a remote code execution vulnerability that affects all current versions of Internet Explorer (versions 6-11) and that is actively being exploited.  The vulnerability exists in how Internet Explorer manages flash code. No patch is currently available.  See the following URLs for additional information. https://technet.microsoft.com/en-US/library/security/2963983 http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html As […]

Heartbleed OpenSSL vulnerability – What is known and what should be done

This blog entry will attempt to offer some current info (and a little background) on the OpenSSL heartbleed vulnerability that became known to the public late in the day on April 7. Initial announcement – At approximately 5 p.m. Pacific time on Monday, April 7, a vulnerability was identified in the versions 1.0.1 through 1.0.1f […]

Advance notice of patches to be released on April 8

Microsoft has just provided their advance notice of the patches that will be released on Tuesday, April 8.  The information is available at – http://technet.microsoft.com/en-us/security/bulletin/ms14-apr  There are four patches scheduled to be released, two of which are designated as CRITICAL.  Critical bulletins are identified as bulletin #1 and #2. Bulletin #1 concerns the zero-day vulnerability […]

Topics on the Information Security Forum for April 3

The next Information Security Forum is scheduled for April 3 at 3 p.m. in Room 601 Rudder tower. Topics scheduled to be discussed include the following:   *Email Transition Update  *April IT Forum  *Windows XP reminder  *Code Maroon Website Update and Mobile Notifier App  *ITAC Update  *Four Winds Digital Signage The topic that is likely […]

Vulnerability in all versions of word being actively exploited

Microsoft has just provided an advisory about a vulnerability in all current versions of Word that is being actively exploited.  They have provided a fix-it utility and advise that the patch should be applied to all Office installs.  Details are available at  http://technet.microsoft.com/en-us/security/advisory/2953095 The link with the fixit utility on that page is listed as […]

Five tips on Macintosh security

I just found the article below that offers five tips for better mac security. Number 0 on their list of 5 (really 6) is upgrade to Mavericks OS.  Having had a look at the number of AgriLife Mac systems that are running OS-X prior to 10.7, I see their statement about businesses lagging behind on […]