Microsoft patched nine vulnerabilities this month for Patch Tuesday. Among them are two critical flaws that have come under attack by hackers. - Microsoft released six security bulletins for this months Patch Tuesday, including fixes for vulnerabilities impacting DirectShow and the Video ActiveX Control that have been targeted by attackers.
The bulletins address a total of nine vulnerabilities. Three of the bulletins the ones affecting...
Microsoft Fixes Nine Flaws in Monthly Patch Release
Trend Micro Pushes Virtualization Security
Trend Micro has plans for a new virtualization security product designed to protect virtual machines whether they are active or offline. The product, called Trend Micro Core Protection for Virtual Machines, is aimed at providing new levels of malware protection for virtual machines. - Trend Micro is pushing ahead with plans to bolster its virtualization security portfolio with a new offering designed to protect VMware ESX/ESXi environments.
Dubbed Trend Micro Core Protection for Virtual Machines, the product is slated to be available next month. Designed to protect both active...
HTC smartphones left vulnerable to Bluetooth attack
If you have an HTC smartphone running Windows Mobile 6 or Windows Mobile 6.1, you may want to think twice before connecting to an untrusted device using Bluetooth. A vulnerability in an HTC driver installed on these phones can allow an attacker to access any file on the phone or upload malicious code using Bluetooth, a Spanish security researcher warned Tuesday.
Read more »Turkish government site hacked amid spat with China
An attacker who defaced the Web site of Turkey's embassy in China on Monday left behind a pro-China note as the two countries worked through a diplomatic spat.
Read more »Real Viagra sales power global spam flood
The truism that spam mostly consists of inducements to buy products such as Viagra turns out to spot on, a security company has found.
Read more »Survey finds one in six consumers act on spam
About one in six consumers have at some time acted on a spam message, affirming the economic incentive for spammers to keep churning out millions of obnoxious pitches per day, according to a new survey.
Read more »Microsoft Warns of New Attack as Patch Tuesday Nears
Microsoft is warning of limited attacks targeting a vulnerability in Microsoft Office Components. The warning comes the day before Patch Tuesday, which this month is slated to include fixes to a number of critical vulnerabilities. - On the eve of Patch Tuesday, Microsoft is warning users about a flaw in Microsoft Office Web Components that is under attack.
Microsoft Office Web Components are a collection of Component Object Model (COM) controls for publishing and viewing charts, spreadsheets, and databases on the Web. In thi...
How to Plan for Smartphone Security in the Enterprise
One of the major challenges CIOs face is the deployment and security of smartphones in the enterprise. It's important for CIOs to assess how their organization should secure the smartphones employees use to access corporate resources. Here, Knowledge Center contributor Chris De Herrera explains how CIOs can deal with some common security concerns regarding smartphones deployed in the enterprise, including Apple iPhone, RIM Blackberry, Windows Mobile, Google Android and Palm Pre devices. - If you are a CIO, you face several challenges when it comes to deploying smartphones in your enterprise. Among the most important, you must determine the security requirements of your organization. Just like laptops and notebooks used in the enterprise, smartphones often contain corporate data and c...
Read more »Security Researchers Exploit Vulnerability in Handling of EV SSL Certificates
Two researchers will demonstrate a man-in-the-middle attack at the Black Hat security conference this month that allows them to silently sniff traffic on EV SSL protected Web sites. The vulnerability in the way browsers treat EV SSL certificates makes them no more valuable than the cheapest SSL certificate, the researchers say. - Two researchers have discovered a design flaw in Web browsers that can be exploited to launch man-in-the-middle attacks on extended validation
SSL
certificates.
Mike Zusman, principal consultant at Intrepidus Group, and independent security researcher Alex Sotirov plan to reveal the details of...
Confidence in the Cloud
Cloud storage is pay as you go, with no capital outlay and no need to buy extra equipment for future storage needs. But will IT managers trust their data to the cloud?
Read more »Researcher Says IE Bug Could Spread Quickly
A security analyst warns that a critical IE flaw that Microsoft has confirmed -- but has yet to patch -- is a prime candidate for another Conficker-scale attack
Read more »Five of the biggest IPv6-based threats facing CIOs
The IETF has identified many security threats related to IPv6, the long-anticipated upgrade to the Internet's main communications protocol.
Read more »Invisible IPv6 traffic poses serious network threat
IPv6 — the next-generation Internet protocol — isn't keeping too many U.S. CIOs and network managers up worrying at night. But perhaps it should.
Read more »Tagged.com faces legal action for data fraud
Accused of falsifying hits and spamming users.
Read more »Microsoft responds to criticism over late fix
Flaw in ActiveX Control first reported in early 2008.
Read more »Quick Stats Around the US-KR DDoS Attacks
It’s been a busy week here in the office, between investigating, helping customers and the operator community, investigating some more, and of course talking to the press. Here’s some quick stats I have been running this afternoon on the attack using ATLAS data. This data comes from our monitors used in the backbone monitoring live traffic rates and actual DDoS attacks. We didn’t see all of the attacks against all of the victims (some 47 unique victims counted by ShadowServer by analyzing all of the configuration files) but this, we think, may be representative of the attacks.
The peak attack size we measured was about 182Mbps. The average size of an attack was about 39Mbps. Earlier investigations a couple of days ago showed smaller attacks but I would still classify these as “garden variety” in their intensity (most things below a couple hundred Mbps are pretty easily filtered).
The attacks lasted between a few minutes and 10 hours, with an average duration of about 3 hours.
In almost all cases these were low level anomalies to the devices monitoring the traffic. The bps and pps (packet per second) rates were barely above threshholds in many cases.
As such our original analysis made a couple of days ago that this was a pretty modest sized attack stands.
Read more »NY Attorney General Takes on Tagged Social Networking Site
New York Attorney General Andrew Cuomo plans to sue social networking site Tagged.com for allegedly stealing the identities of its members, raiding their e-mail contact lists and sending out spam in a bid to lure recipients to the site. Tagged's CEO denies the accusations. -
New York
Attorney General Andrew Cuomo threw a legal right-hook at social networking site Tagged.com Thursday, charging the site with spamming and stealing the identities
from 60 million of its users.
Cuomo served
the site a notice of intent, marking his plan to sue Tagged...
Text message scammers quietly prey on regional banks
You get a text message from your bank telling you there's been suspicious activity on your account. You call the number on your phone to see what's going on, and before you know it, you're a victim.
Read more »Botnets infect fewer computers in China
The number of botnets and of computers controlled by them in China has fallen in recent years, though the country remains a top host for the networks of compromised computers, according to the government and independent researchers.
Read more »Twitter suspends accounts of users with infected computers
Twitter is suspending the accounts of some users whose computers have fallen victim to a well-known piece of malicious software that has targeted other sites such as Facebook and MySpace.
Read more »