Archive for February, 2010
Over 75,000 Systems Compromised in Attack
by Don Fosen on Feb.20, 2010, under Security Updates
Researchers have discovered a highly coordinated attack that has compromised more than 75,000 systems at 2,500 corporations and governments across the world. NetWitness, based in Herndon, VA, discovered a huge cache of stolen information gathered by the Kneber botnet. The Wall Street Journal is reporting that companies like Merck and Co. and Cardinal Health were compromised.
Additional Information:
Wall Street Journal Article
ComputerWorld Article
Adobe PDF’s Account for 80% of Malware Exploits According to One Research Firm
by Don Fosen on Feb.16, 2010, under Security Updates
Adobe has had a lot of issues with the PDF document format and Reader software. Hackers are using PDF’s as a way to deliver malware to PC’s across the world (see my post from January 8th). Now according to one firm, ScanSafe located in San Bruno California, 80% percent of the exploits by the end of 2009 were PDF based. It is extremely important that you keep your anti-virus software up to date to block these attacks. Also, if you are not running Adobe Reader 9, go to Adobe’s site and install it right away. While you are there, install the latest version of Flash, it is something else that is frequently the vector for attacks. Adobe is not great about updating their software, they don’t particularly seem to care that it is being used in this way so it is a great idea to be very careful about what PDF files you open.
Additional Information:
ScanSafe report (registration required)
ComputerWorld Article
Foxit PDF Reader (free safer PDF reader software)
New Adobe Reader and Acrobat Vulnerability
Large-scale attacks exploit unpatched PDF bug
Adobe probes new in-the-wild PDF bug
Another Huge Update from Microsoft
by Don Fosen on Feb.08, 2010, under Microsoft, Security Updates
Microsoft is planning another giant update for February 9th. This round will contain 13 updates to fix 26 bugs in a range of products. Five of these updates are rated “critical” by Microsoft meaning that they address very serious security issues. Please make sure that as you receive Windows Updates you are applying them.
Additional Information:
Microsoft Security Response Center
Microsoft Slates Colossal Windows Update
New Internet Explorer bug exposes confidential files
by Don Fosen on Feb.04, 2010, under Microsoft, Security Updates
Microsoft has acknowledged the latest in a long series of critical Internet Explorer bugs. This one allows remote sites to access files on your computer when Internet Explorer Protected mode is off. Since many people turn Protected Mode off because they believe it causes performance issues or because of annoying warnings this issue can be serious.
Not sure if Protected Mode is on or off? Click here for how to tell and how to set it. Note that the mode only exists in IE 7 and IE 8 on Windows Vista and Windows 7.
Additional Information:
Microsoft Security Advisory
Nasty New IE Bug
