Network Security
Posted on Jan 04, 2013
It all started at the beginning of the week with the discovery of an attack against the Washington DC based Council on Foreign Relations website. A malicious Adobe Flash file was discovered on the site. The file infects unknowing visitors that are using Internet Explorer 8 (and possibly IE 6 and IE 7 users as well). In a nutshell, a malicious Adobe Flash file (called “today.swf”) launches an attack against IE causing a memory overrun that enables an attacker to remotely execute code on an infected computer. Since its initial discovery at the beginning of the year, the website attack, coined the “IE Zero-Day Watering Hole Attack”, has expanded to several other websites including a handful of political websites. It should be noted that since the majority of users have already upgraded to IE 9 and IE 10, the scope of the attack is rather limited.
Nevertheless, Microsoft has already issued a Fix It for the Watering Hole Attack. The fix is the first release in what is surely to be a very busy 2013 cyberwar season. Microsoft has also confirmed that the fix is a temporary resolution. Indeed, Microsoft plans to release a more robust IE update in the near future. Unfortunately, the update will not be part of Tuesday’s upcoming Patch Tuesday security updates.
We strongly recommend that users running IE 6, 7, and 8 deploy the Fix It as soon as possible.
Posted on Dec 11, 2012
Today, Microsoft released its final group of updates for 2012 for its products. Patch Tuesday, as it’s known in the industry, signals the time when IT professionals should ensure that all their users are up to date to avoid any critical issues or potential security threats. It seems that Microsoft saved one of the biggest updates for last.
Posted on Nov 20, 2012
Hurricane Sandy is still wreaking havoc but at least the storm is over, right? Not for Hackers! In a time of tragedy and need, for many whom have lost everything, it’s a shame to have to write about scams involving the victims. Unfortunately, hackers are hoping to take advantage of your generosity. Phishing scams are nothing new and they continue to deceive people even those familiar with their scams. It’s just as simple as an email or website leading you towards donating right into their pockets.
Posted on Aug 28, 2012
If you receive an email from eFax and think that there is something strange with its content, you are probably right. I recently received a Fax Message and at first glance, everything seemed legitimate. However my curiosity got the better of me and after further review,
I noticed that there were problems with the email. I do own an eFax account but the number shown below along with the highlighted link looked a bit odd to me. I read a lot about IT security matters and I write blogs about a variety of IT support and network security topics. I can say that without reservation, it’s common to see fake phishing emails like these from reputable establishments like Bank of America, UPS, and even eFax.
Posted on Aug 16, 2012
Webroot has recently been successful with its tool for PC’s, smartphones and tablets. Secure Anywhere Complete 2012- 3 is a faster and less-intrusive software that doesn’t take-up large amounts of space and allows your devices to run smooth and quickly.
Posted on Aug 15, 2012
Malware and viruses are no longer a conversation of the past; in fact, it has become a national security issue for the U.S. government in fighting daily cyber-attacks. This issue is not just a local IT department issue — it affects the entire world — and hackers are showing us just how vulnerable security is for enterprises and small businesses alike. Think of it this way, it is not a simple Norton Anti-virus solution we spend a little extra on when you buy a PC.
Posted on Aug 13, 2012
Malware is a force to be reckoned with. Over 30% of computers are now infected with Malware in the United States alone. IT departments are combating daily potential attacks that infect many users’ computers. Malware can take many forms, and attackers are creating new ways of spreading this to users. Scareware is a new form of malware that tricks users into thinking they are being watched and videotaped by law enforcements through their web cams.
Posted on Aug 09, 2012
Apple and Amazon — what can we say about their security issues? What we do know is that there is obviously a major flaw with both of their security policies. This is almost embarrassing, if not, absolutely negligent, to say the least. One would think that Apple, one of the leading technology companies in the world, would have better security policies in place.
Posted on Aug 08, 2012
With the arrival of smartphones, traditional use of a mobile phone has tremendously evolved from just placing calls or sending a text. We search the internet, make purchases, use navigation, and store information. The technology has changed the way companies and organizations alike are viewing mobile technology and the importance of all its uses.
Posted on Aug 07, 2012
Every day, hackers are finding unique ways to breach domains. They are getting by IT departments’ firewalls and protections at ease. Now, they have adopted another method to prolong the life of Web-based attacks, according to the security firm Symantec.
A domain-generation technique has recently been witnessed in a series of drive-by download attacks to infect Web users with malware. This botnet-type malware is targeted towards compromised sites, and then launches the attack by relying on rogue code injected into the website and redirects their visitors to external domains that host exploit toolkits, such as Black Hole. This process is done through hidden iframe HTML tags.
