February 9, 2010 - As previously announced in the Microsoft Security Bulletin Advance Notification released last week, this month’s patch cycle includes 13 bulletins intended to patch 26 vulnerabilities in several versions of Windows OS and Office. (continue reading...) Read more
February 9, 2010 - Hello and welcome to this month’s blog on the Microsoft patch releases. This is a busy month—the vendor is releasing 13 bulletins covering a total of 26 vulnerabilities. Eight of the issues are rated “Critical” and affect SMB Server, SMB Client, (continue reading...) Read more
February 8, 2010 - TrendLabs recently spotted a new phishing site spoofing CenturyLink’s secure login page from one of its anti-phishing resources. CenturyLink, created by (continue reading...) Read more
February 7, 2010 - Critical Control 7: Application Software Security When a programmer creates code for a program, their main focus is to ensure they deliver working code on time. They do not take the time to ensure that all of the code is free (continue reading...) Read more
February 6, 2010 - Critical Control 6: Maintenance, Monitoring, and Analysis of Audit Logs The power of logs is that they can potentially tell us what happened on one or more systems at a given time. When attackers compromise systems, those systems can dutifully report and (continue reading...) Read more
February 5, 2010 - (continue reading...) Read more
February 4, 2010 - (continue reading...) Read more
February 4, 2010 - The PUSHDO botnet has been in the news lately as the culprit in a distributed denial-of-service (DDoS) attack against a variety of well-known websites. Some publications even documented this recent attack extensively. After spending some months last year studying (continue reading...) Read more
February 4, 2010 - Critical Control 4: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches Most systems are installed with a default installation and not properly hardened for the organization that is using the device. Therefore hardened images need to be created for (continue reading...) Read more
February 3, 2010 - (continue reading...) Read more
February 3, 2010 - Well, it looks that way. We are only just into the second month of 2010 and yet we can now see, in prospect, a whole new raft of innovation coming our way. At CES a lot of the attention was (continue reading...) Read more
February 2, 2010 - Critical Control 2: Inventory of Authorized and Unauthorized Software While we are starting to see some research being done on hardware level attacks (i.e. BIOS level viruses have been proven to be a viable concept), most exploitation of systems revolve around (continue reading...) Read more
February 2, 2010 - While analyzing W32.Zimuse recently I was surprised to find two different passwords used within the threat: one of these decrypts a Word document that contains information about some members of a Slovakian motorbike forum. In order to spread via USB drives, (continue reading...) Read more
February 2, 2010 - Today, I was scanning through various industry blogs when I stumbled upon an entry from Kaspersky Labs. What was interesting was that under the veil of improving testing quality, the blog openly admitted that the organization in question (continue reading...) Read more
February 1, 2010 - As we start off the month of February, let’s look at the “20 Critical Controls” and how McAfee solutions can be used to achieve each control. Each day we will cover one of the 20 controls, highlighting key ways that (continue reading...) Read more
February 1, 2010 - February has already begun, which means Valentine’s Day is close at hand. As usual, spammers will definitely hype up their malicious activities. It is only the first day of the so-called “love month” but we have already seen at least (continue reading...) Read more
February 1, 2010 - The Internet has grown to become a massive venue for information exchange that everything a user encounters on the Web may potentially be treacherous, including supposed antivirus software. Trend Micro Threat Encyclopedia has, so far, over 2,000 entries related (continue reading...) Read more
January 29, 2010 - Backdoor.Tidserv.K Often when a Trojan arrives on a computer, it saves itself to a specific location. It can save itself on the C: drive, the D: drive, or even somewhere more unusual; for example, in a location with a folder name (continue reading...) Read more
January 29, 2010 - If you have been following this series on Trojan.Hydraq over the last week you may have noticed that the blog entries have been well, boring. Because of its profile in the media and varying assessments of the threat posed (continue reading...) Read more
January 28, 2010 - The use of search engines to deliver malware is well known. Previously we reported that attackers were using Google-sponsored search results to promote malicious websites. Instead of using techniques such as search engine optimization (SEO) poisoning to get the (continue reading...) Read more