Microsoft and Adobe patches for January – released on Jan 13

Microsoft has released the security bulletins for January. The details are available at http://blogs.technet.com/b/msrc/archive/2015/01/13/january-2015-updates.aspx There are a total of eight security bulletins released for January. Only one patch is designated as CRITICAL. The remaining seven patches are designated as IMPORTANT. The one critical patch applies to telnet. By default, telnet is installed but not enabled […]

Changes to Microsoft Advance notification process

On Jan 8, Microsoft changed their Advance Notification Process associated with bulletins/patches.  If you desire email notification, you will now have to add the selected products via the http://mybulletins.technet.microsoft.com interface (after you have signed in).  Alternatively, they seem to indicate the web content will still be available at https://technet.microsoft.com/security/bulletin/ or at https://technet.microsoft.com/en-us/library/security/dn631937.aspx but neither of […]

Advance notice of Microsoft patches scheduled to be released on December 9

Microsoft just provided advance notice of the patches scheduled to be released on Tuesday, December 9. The details as they are currently known are available at https://technet.microsoft.com/library/security/ms14-dec There are a total of seven bulletins to be released. Three of which are designated as CRITICAL and the remaining four are designated as IMPORTANT. At least one […]

Sophos has published an advisory on the five things to lookout for this black friday and cyber monday.

https://nakedsecurity.sophos.com/2014/11/25/5-online-scams-to-watch-out-for-this-black-friday-and-cyber-monday/

US cert advisory on REGIN malware

On November 25, the US-Computer Emergency Readiness Team issued the following advisory on the Regin Remote Access Trojan. https://www.us-cert.gov/ncas/alerts/TA14-329A A definition for this malware has been available for the workstations running Sophos since November 25. Please see the following URLs for additional details. https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Regin-F.aspx https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Regin-I.aspx http://www.computerworld.com/article/2851060/security0/regin-state-sponsored-malware-itbwcw.html      

Advance notice of patches scheduled to be released for November – to be released on Nov 11

Microsoft has just provided advance notice of the patches that are scheduled to be released on Tuesday, November 11. The details are available at https://technet.microsoft.com/library/security/ms14-nov . There are a total of sixteen bulletins scheduled to be released. Five of the bulletins are identified as CRITICAL and (at least two) apply to Internet Explorer and all […]

SSLv3.0 vulnerable to MITM attack – suggest SSLv3.0 be disabled in favor of TLS1.1/1.2

On Tuesday, October 14, a proof of concept exploit was made public for a vulnerability in SSLv3.0. SSL version 3.0 is a cryptographic protocol that is used by both web servers and clients to encrypt data during transmission. If successful, the exploit could enable a Man-in-the-middle attack that could divulge data intended to be encrypted.  […]

Oracle patches to be released on October 14

Oracle is scheduled to release their quarterly patch update on Tuesday, October 14. The patch is expected to include a new release of Java. Please see the following URL for details. http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html  

Advance notice of October Microsoft patches – to be released on Oct 14

Microsoft has just provided advance notice of the patches that are scheduled to be released for October. There are a total of nine patches scheduled to be released. Three of which are identified as CRITICAL and the remaining patches classified as IMPORTANT (five) or MODERATE (only 1).  Bulletin #1 applies to all current workstation versions […]

Vulnerabilty in BASH being actively exploited on Unix systems

During the afternoon on September 24, an actively exploited BASH vulnerability was identified on Unix systems.  The following systems have been identified as vulnerable. RedHat Enterprise Linux (version 4-7) – bash is the default shell for RedHat enterprise systems CentOS – versions 5-7 – http://lists.centos.org/pipermail/centos/2014-September/146099.html Ubuntu – versions 10.04LTS, 12.04LTS, and 14.04LTS – http://www.ubuntu.com/usn/usn-2362-1/ Debian […]