| This Week's computer security threats - in Brief - Posted Thursday, December 22, 2011A vulnerability has been reported in VLC Media Player, which
potentially can be exploited by malicious people to compromise a user's
system. http://secunia.com/advisories/47325/ Multiple vulnerabilities have been reported in Mozilla SeaMonkey, where
one has an unknown impact and others can be exploited by malicious
people to disclose sensitive information and compromise a user's
system. http://secunia.com/advisories/47334/ Multiple vulnerabilities have been reported in Mozilla Firefox and
Thunderbird, where one has an unknown impact and others can be
exploited by malicious people to disclose sensitive information and
compromise a user's system. http://secunia.com/advisories/47302/ A vulnerability has been discovered in Microsoft Windows, which can be
exploited by malicious people to potentially compromise a user's
system. http://secunia.com/advisories/47237/ A vulnerability has been reported in Tor, which can be exploited by
malicious people to compromise a user's system. http://secunia.com/advisories/47276/ ========================================================================
This Weeks Top Ten Most Read Advisories: For more information on how to receive alerts on these vulnerabilities,
subscribe to the Secunia business solutions:
http://secunia.com/advisories/business_solutions/ 1. [SA47237] Microsoft Windows win32k.sys Memory Corruption
Vulnerability
2. [SA46406] Microsoft .NET Framework / Silverlight Class Inheritance
Restriction Vulnerability
3. [SA47161] Adobe Flash Player Unspecified Code Execution
Vulnerability
4. [SA45665] RSA SecurID Software Token Insecure Library Loading
Vulnerability
5. [SA47133] Adobe Reader/Acrobat Multiple Vulnerabilities
6. [SA47231] Google Chrome Multiple Vulnerabilities
7. [SA46512] Oracle Java SE Multiple Vulnerabilities
8. [SA47216] Zabbix Two Script Insertion Vulnerabilities
9. [SA47274] Nagios XI Mass Acknowledgement Component URL Cross-Site
Scripting Vulnerability
10. [SA47249] Drupal Meta tags quick Module Script Insertion
Vulnerability ========================================================================
This Week in Numbers During the past week 40 Secunia Advisories have been released. All
Secunia customers have received immediate notification on the alerts
that affect their business. This weeks Secunia Advisories had the following spread across platforms
and criticality ratings: Platforms:
Windows : 5 Secunia Advisories
Unix/Linux : 15 Secunia Advisories
Other : 0 Secunia Advisories
Cross platform : 20 Secunia Advisories Criticality Ratings:
Extremely Critical : 0 Secunia Advisories
Highly Critical : 6 Secunia Advisories
Moderately Critical : 16 Secunia Advisories
Less Critical : 15 Secunia Advisories
Not Critical : 3 Secunia Advisories
|
| Typosquatters set up booby-trapped High Street names - Posted Wednesday, December 14, 2011
Xmas shoppers who carnt spel targeted
Fraudsters have again established thousands of typosquatting sites this year, designed to hoodwink customers of popular shopping sites into handing over personal information to fraudulent gangs.
Utilizing slightly misspelled domain names, prospective marks are taken to mirror sites designed to harvest personal data and credit card details. >From channelregister.co.uk
|
| Firefox determined to be the most INsecure web browser software - Posted Friday, December 09, 2011During a recent technical comparison of Internet Explorer, Chrome and Firefox, Firefox came in last because it didn't implement a sandbox yet.
Story at TheRegister.
|
| Still using Adobe .pdf Reader after all these warnings? - Posted Wednesday, December 07, 2011 |
| Java tops for hackers, warns Microsoft - Posted Sunday, December 04, 2011
Apply patches to known holes
>From theregister.co.uk
Patch up warmly this winter if you’re running Java. That’s the advice from .NET shop Microsoft, which reckons Oracle’s platform is the single biggest target for hackers.
Java proved the single most popular target in the 12-month period to the end of June, according to Microsoft’s latest Security Intelligence Report … How do you know if your computer software is up-to-date?
Here at 1USA we use the FileHippo Update Checker software. BarryZ
|
| About the Free version of AVG anti-virus software - Posted Thursday, January 06, 2011Per the page on the AVG website that compares the different versions of the AVG software, <here> the free version of AVG anti-virus software does not fully protect a computer. The free version primarily is for weekly scanning of a hard drive, and if it finds a virus at that time, it will try to remove it.
So this tells me that people who use the free version and don't run frequent hard drive scans have the potential to end up with an infected computer, which can probably infect their friends' computers also. Plus, Avast Pro version loads web pages into virtual memory, thereby protecting the computer from drive-by downloads... a feature that AVG does not have yet. So to you skeptics... which is cheaper? A paid subscription of a good brand of anti-virus software, or three hours of Repair Time at your local Computer Repair Shop? BarryZ
|
| Microsoft reports "unprecedented wave" of Java malware exploits - Posted Thursday, October 28, 2010According to data from Microsoft's malware protection center, there has been an "unprecedented wave" of exploits against vulnerabilities in Oracle Sun's Java software in 2010.
 What this means to 1USA customers:
- that threats on websites can bypass some anti-virus software that doesn't specifically provide protection of the JRE Java Runtime Environment that's on most PCs.
- that scammers and thieves are finding new ways to separate you from your money. - The computer can become infected with a type of computer virus called Malware.
- The malware can install itself deep in the Operating System... where the only way to remove it is to completely re-install Windows. (and if you don't make frequent Backups of your photos, documents, emails... then you will lose all those)
- The computer would need to go to a Computer Repair Shop, which costs additional money... above and beyond the cost of your Intenet Sevice Provider.
(This is one of the reasons why "cheap" internet services are cheap -- they don't provide you with the level of protection needed.)
So if you are not yet a 1USA customer who is reading this. This is a strong hint to switch to better quality service at 1USA.
BarryZ
|
| Critical vulnerabilities in Adobe Shockwave - Posted Saturday, September 04, 2010If you're running Adobe's Shockwave Player, be aware that the company has shipped an update to patch twenty security vulnerabilities, rated "critical." Some could allow an attacker to take over control of the system. Check your version number; if it's 11.5.7.609 or earlier, you need to upgrade immediately. A good tool to ensure that your interrnet-facing software is kept up-to-date is the UpdateChecker by FileHippo. Read More...
|
| Alternative browsers need updates, too - Posted Tuesday, June 29, 2010If you believed everything you read on web sites, you might think that IE is the only web browser that ever has security flaws, and if you just use an alternative browser, you’re completely safe. Of course, the reality is very different. All browsers are vulnerable to security threats and need regular updating. So if your organization’s users are using different browsers, be sure they have the latest and most secure versions. On June 21, 2010 - Opera released version 10.54 that corrects a number of critical vulnerabilities: http://isc.sans.edu/diary.html?storyid=9055&rss On June 23, Mozilla released a new version of Firefox, 3.6.4, that addresses 7 vulnerabilities: http://isc.sans.edu/diary.html?storyid=9052&rss Safari 5, a major overhaul of Apple’s browser, was released earlier this month: http://www.macnn.com/articles/10/06/08/most.corrected.through.webkit.upgrade/ And Google’s Chrome version 5.0.375.86 includes security updates along with the incorporation of Flash: http://www.internetnews.com/security/article.php/3889846/Chrome+Gets+Security+Flash+Integration+Update.htm
|
| Fraud Games & Links - Posted Wednesday, June 23, 2010 |
| Google Street View snooped WiFi for personal data - Posted Sunday, May 16, 2010Google has said that its world-roving Street View cars have been collecting information sent over open WiFi networks, contradicting previous assurances by the company.
This means that Google may have collected emails and other private information if they traveled over WiFi networks while one of the cars was in range. More Details.
|
| Keeping your software updated - Posted Wednesday, May 12, 2010Secunia.com has software called Personal Security Inspector which goes through your computer looking for obsolete & hackable versions of software. Sometimes, it can get complicated.
Mozilla.org today announced a feature that checks your computer for obsolete or insecure browser plug-ins. The page is at http://www.mozilla.com/en-US/plugincheck/
|
| Microsoft Confirms 17-Year-Old Windows Bug - Posted Saturday, January 23, 2010Computerworld broke this story: Microsoft late yesterday issued its second advisory of the last week, warning users that a 17-year-old bug in the kernel of all 32-bit versions of Windows could be used by hackers to hijack PCs. The vulnerability in the Windows Virtual DOS Machine (VDM) subsystem was disclosed Tuesday by Google engineer Tavis Ormandy on the Full Disclosure security mailing list. Coincidentally, Ormandy received credit for reporting the single vulnerability that Microsoft fixed last week on its regular Patch Tuesday. The VDM subsystem was added to Windows with the July 1993 release of Windows NT, Microsoft's first fully 32-bit operating system. VDM allows Windows NT and later to run DOS and 16-bit Windows software.
Advisory on Microsoft TechNet
|
| Fake anti-virus programs are being installed by people who don't know any better - Posted Tuesday, August 11, 2009 |
|
|