By Liam Reimers | April 5, 2011
On Thursday, March 31st, information security firm Websense reported that a massive SQL injection attack, dubbed “LizaMoon,” was rapidly circulating the Internet.
In response to this attack, the ISM team added a pair of rules to the Intrusion Prevention System (IPS) to protect both servers and users behind the ISM. Today, the BBC reported that due to the quick response of security firms like the ISM team, very few people were actually affected by the attack.
By Liam Reimers | October 14, 2010
Today, BlackBerry released patches to address a vulnerability in the PDF distiller component of the BlackBerry Attachment Service for BlackBerry Enterprise Server (BBES).
Listed as BlackBerry KB24547, the have scored it using the Common Vulnerability Scoring System (CVSS) at 7.6. This scale ranges from zero (0) through ten (10), and 7.6 is classified as “High” risk, just one rating below the most severe rating of “Critical.” This score is due to the nature of the vulnerability – buffer overflow errors that could lead to a DoS condition or even arbitrary code execution on the system with BBES installed.
BlackBerry Enterprise Server Administrators are urged to patch immediately.
CVSS at Wikipedia:
Topics: Security News
By Liam Reimers | October 12, 2010
It’s “Patch Tuesday,” and Microsoft has issued patches to correct a record 49 separate vulnerabilities in its Windows operating systems and other Microsoft software.
These updates include patches rated “Critical,” Microsoft’s most severe security rating, reserves for vulnerabilities that are currently being exploited to allow attackers to remotely control affected systems. Some of the critical patches affect Internet Explorer versions 6 through 8, meaning a computer could be compromised simply by web surfing to a malicious site.
Microsoft and UIA recommend all users and system administrators patch their systems immediately.
Microsoft Windows Update:
Microsoft Security Research and Defense Blog:
ISC SANS Black Tuesday Roundup:
By Liam Reimers | September 28, 2010
Today, Microsoft released an out-of-band security bulletin that addresses a vulnerability in ASP.Net. ASP.Net is a software component used in the Microsoft web services software, and according to the Microsoft Security Blog, affects “all versions of the .NET Framework when used on Windows Server operating systems. Windows desktop systems are listed as affected, but consumers are not vulnerable unless they are running a Web server from their computer.” The listed operating systems include Windows XP, Vista, Windows 7, Server 2003, and Server 2008.
The vulnerability has been classified as “Important,” just one step below “Critical.” An “Important” rating is described by Microsoft as, “a vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.”
This is a publicly disclosed vulnerability, and attacks have already begun. The Microsoft Security Blogs notes: “Based on our comprehensive monitoring of the threat landscape, we have determined an out-of-band release is needed to protect customers as we have seen limited attacks and continued attempts to bypass current defenses and workarounds.”
System administrators should update their servers and any workstations running web services immediately. The update will be available immediately through the Microsoft Download Center, and through Windows Update and WSUS in the coming days.
Microsoft Advance Security Bulletin:
Microsoft Download Center:
Topics: Windows Security News
By Kevin Rhodes | September 20, 2010
An announcement was made on September 19, 2010, that a vulnerability has existed in the 64-bit Linux kernel for approximately two years. The vulnerability requires local access to the server in question to exploit, but the exploit is trivial to execute. While local root access to the server is bad enough, there is also a back-door that is installed that allows remote execution of code on the exploited server.
Several Linux distributions have already published kernel updates that address the issue, with others soon to follow. There are also third-party patch and detection tools that can be utilized to discover and treat an exploited system.
This type of exploit points out the need for a tiered security policy. In this case sound physical security would preclude a machine being hacked by this mechanism. But if you don’t know that your system has been physically protected 24/7… You may be a victim.
Topics: Security News
By Liam Reimers | July 15, 2009
On Monday, July 13, Microsoft published a security advisory that describes a flaw in Microsoft Office Web Components that could allow an attacker to take over your PC just by visiting a web page in Internet Explorer or opening an HTML email in Outlook, Outlook Express, or any client that utilizes the Microsoft HTML rendering engine. This affects your Windows PC even if you don’t have Microsoft Office installed, and even if you have all the latest updates and service packs from Microsoft. In other words, everyone is vulnerable!
There are already confirmed cases of this ActiveX exploit being used on the World Wide Web, but even more dangerous, you could be vulnerable to it just by opening an email in Outlook or Outlook Express. If you have configured your email program to block the execution of ActiveX and Active Scripting controls, you could still be vulnerable if you click a link that takes you to an external web page that contains an attack using this vulnerability.
Microsoft plans to deploy a critical security update to repair the problem, however, until that happens, your computer is vulnerable to being taken over. Microsoft has issued a temporary workaround for the problem, and the Security Desk recommends that all its customers run this fix immediately to protect your computer from attackers.
Please visit this link right away and apply the fix by clicking the “Fix It” icon:
Knowledge Base Article (and Fix): http://support.microsoft.com/kb/973472
Security Advisory: http://www.microsoft.com/technet/security/advisory/973472.mspx
Topics: Windows Security News
By Craig Cocca | May 27, 2009
Microsoft has released two critical updates for its Exchange product, to patch two security holes that permit remote code execution and DoS attacks. We recommend that all customers using Exchange apply the patch referenced in the following MS Technet bulletin immediately:
If you have an Internet Security Manager running in Mail Forward Exchange mode with Spam and Virus protection enabled, you will be protected from these exploits, but you should still patch Exchange as soon as possible.
By Craig Cocca | March 31, 2009
Tomorrow is April 1st, which is the date that security experts predict that the prevalent Conficker/DownADUp Worm will receive new commands from its creator and possibly wreak havoc on infected computers throughout the world. Researchers do know that the worm will evolve on this date, but they don’t know for sure what will happen once this evolution occurs. Most experts agree that “probably nothing” will happen, but users are urged to take precautions to make sure they’re protected with the latest updates, as well as virus and malware scanning software.
For the past several months, the Internet Security Manager team has been working to block Conficker from being able to connect to its command and control server through proxy blocks and Intrusion Detection Rules. Nevertheless, this virus is best at spreading throughout Windows networks internally, and we have received many reports of networks being attacked when one computer on the network becomes infected via a USB drive or other removable media, and then the entire network falls victim to the virus soon after. Therefore, we are advising customers to make sure their Windows PCs are patched with the latest Windows updates, and to run the Microsoft Malicious Software Removal Tool, which can be found at:
More on the worm can be found at:
By Craig Cocca | February 11, 2009
Microsoft issued several patches yesterday to correct critical vulnerabilities in Exchange and Windows. The Exchange vulnerabilities are particularly alarming, as they allow an attacker to send a specially crafted e-mail to an Exchange server, which triggers the exploit and allows the attacker to take control of the Exchange server remotely.
The Internet Security Manager provides a comprehensive spam e-mail filtering system that stops not only spam, but also viruses, trojans, and other e-mail threats in their tracks. The ISM can be placed inline with an Exchange server using our Mail Forward Exchange technology to stop e-mail threats in their tracks before they ever reach your mail server. Placing the ISM in front of an Exchange server provides a safe, secure, easy to install solution that can eliminate spam and protect your mail server. For more information, please contact your ISM sales representative.
For more information on this week’s Microsoft security patches, please see http://voices.washingtonpost.com/securityfix/2009/02/critical_ie_exchange_flaws_in.html?wprss=securityfix?hpid=sec-tech
By Craig Cocca | February 9, 2009
Over the weekend, a new (and completely novel) malware attack vector came to light in several website and blog posts. Someone in Grand Forks, North Dakota has been placing fake parking notices on the windshields of cars in the area, with instructions to take care of the ticket by going to a certain web site. When that web site is visited with Internet Explorer, it installs a malicious Browser Helper Object (BHO) that propagates the malware to the visitor’s computer. This is an excellent example of social engineering being used to compel users to install malicious software on their computer, despite other security measures that might be in place to prevent such an attack.
More on this story can be found at http://community.zdnet.co.uk/blog/0,1000000567,10012076o-2000331828b,00.htm
|« Previous Entries||Back to Top|