This is considered client side vulnerability.
Where the user on their computer can click on a webpage or link using Flash and then the system will be compromised (a malware would kick off and the system will do the master program bidding).
this is a good reason why I use Chrome and firefox to reduce some exposure liability.
KrebsonSecurity has some more info.
The Storm center announces patch Tuesday with a typical list of new vulnerabilities
And a big reminder – Windows XP will have its last update in April
But also Office 2003 will have its last update in April as well. So please update our operating systems and Office versions in case you have not yet.
(even to the old machine in the back that should just be retired.) It is not a good idea to reuse computers and not watch them. reusing a computer has too many risks.
When PHP says new software is available: http://www.php.net/downloads.php
Then it is a good idea to perform the updates, as security enhancements are done for a reason.
You dont want to end up in the headlines.
Our more advanced service: Sigma (Σ) is the one to check if you have old software running
Internet Storm Center has captured the Linksys E1200 exploit.
This is another reason to patch your systems, and if you don’t the bad hackers out there will use your machine for their ends.
A full Packet Capture of the exploit has a link in ISC in case you want to review.
let’s discuss the credit card number fiascos of Target and Michaels. Krebs on Security Blog got the scoop on Jan 14.
No business wants to be the focal point of an investigation: a large credit card processor was seeing hundreds of cards that all had been recently used at Michaels.
And unfortunately Michaels has had this happen before(May of 2011).
There are problems in your IT security when these types of breaches occur again and again.
In all Security operations one must test the configurations, and preferably with an independent set of eyes, that is where we come in aty OversiteSentry.