Month: January 2015

Fear The Killer Malware

by

Killer Malware…  what does it mean?  When is it coming? It means a distributed spam network (hard to blacklist)   (as John Stewart from Cisco mentioned http://oversitesentry.com/john-stewart-cisco-security-exec-interviewed-by-bloomberg/ ) A Zero-day malware included in well written (targeted) spam.  Like the Flash vulnerability that just came out. https://nakedsecurity.sophos.com/2015/01/23/adobe-issues-emergency-fix-for-flash-zero-day/   And then we come to the “Killer” part, Ransomware … Read more

John Stewart Cisco Security Exec interviewed by Bloomberg

by

Cisco Chief Security and Trust Officer John Stewart discusses cybersecurity threats on “Bloomberg West.” (Source: Bloomberg) http://www.bloomberg.com/video/will-companies-change-cybersecurity-strategies-k5cirOKjQeaeHPB0upsCFg.html Interesting conversation (only a few minutes): Experience only 25 years so far (Internet Cyber security) Where does the gap need to be closed (the board versus operations communications and understanding) The spam delivery mechanism changed the game last … Read more

Patches? “We don’t need those stinkin’ Patches”

by

Yet another Adobe Flash patch is out: Here is where they are all located: http://helpx.adobe.com/security.html Yesterday 2 patches (fixing vulnerabilities found) were released http://helpx.adobe.com/security/products/flash-player/apsa15-01.html “Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems … Read more

Reviewing all #cybersecurity changes in 2015

by

the biggest one in my book is Windows 2003 no more patches after the summer. http://www.microsoft.com/en-us/server-cloud/products/windows-server-2003/ From the Microsoft website: Windows Server 2003 support will end: 173 Days: 12 Hours :56 Minutes : 29 Seconds 173 days come faster than you think, so please do  the right thing – Philotimo update your servers. Our Youtube video (regarding ΦΙΛΟΤΙΜΟ- Philotimo in case you are … Read more

New Cisco Annual Security Report is Out

by

It is good to review this Annual report: http://www.cisco.com/web/offers/pdfs/cisco-asr-2015.pdf   (may have to fill out some information to get it)   key discoveries: 1) 1% of all high urgency CVE (Common vulnerabilities and Exposure) were actively exploited. This means organizations must prioritize and patch high urgency vulnerabilities. 2) Since Blackhole exploit kit in 2013, it … Read more