Patch Tuesday has passed, but the ramifications have not. All over sysadmins are deciding what patches to apply and when. Here is the report of what is happening: https://support.microsoft.com/kb/2992611 MS14-066 Schannel vulnerability is a bad remote code execution bug (must be patched) Internet Storm Center recommends this is a patch now kind of … Read more
Microsoft Security research and Defense Blog has the scoop: Also Internet Storm center Post “If you are using Internet Explorer 11, either on Windows 7 or Windows 8.1, and have deployed EMET 5.0, it is particularly important to install EMET 5.1 as compatibility issues were discovered with the November Internet Explorer security update and the … Read more
I am going to list various events and their lessons that we “should” learn from(my weekend reading): Home Depot hack from KrebsonSecurity Nov7 post: 56 million emails were harvested as well as the 53 million credit card numbers. “Home Depot said the crooks initially broke in using credentials stolen from a third-party vendor. The company … Read more
This router has a big security hole: Integrity Labs says there is a guest wifi Zero-day exploit, this means that an unportected (without a password) wifi zone can be attacked and the machine can be taken over by the hacker. If you have a Belkin N750 you should consider replacing it ASAP. Believe … Read more
I say “again” because we have had BIOS malware before the famous CIH (Chernobyl) virus from 1998. Sophos recount And the last time the Chernobyl virus activated (April 26th) it caused $250mil dollars of damage in 1999 for South Korea alone. Even Mac’s can have BIOS infections as from Trendmicro Blog post Intel and MITRE … Read more
