Facebook – Avoid ChatSend application http://sunbeltblog.blogspot.com/2011/10/little-too-chatty.html
Corporate Security Awareness – It is worth the effort and cost? http://blogs.securiteam.com/index.php/archives/1555
QUOTE: Is security awareness â€śworth itâ€ť?Â Is security awareness â€ścost effectiveâ€ť?Â Well, weâ€™ve been spending quite a lot on security technologies (sometimes just piecemeal, unmanaged security technologies), and we havenâ€™t got good security.Â Three arguments in favour of at least trying security awareness spending:
1)Â When youâ€™ve got two areas of benefit, and you are reaching the limits of â€śdiminishing returnsâ€ť in one area, the place to put your further money is on the one you havenâ€™t stressed.
2)Â Security awareness is mostly about risk management.Â Business management is mostly about risk management.Â Security awareness can give you advantages in more than just security.
3)Â Remember that the definition of insanity is trying the same thing over and over again, and expecting a different result.
Windows 2008 R2 Hyper-V security Hardening Guide http://blogs.securiteam.com/index.php/archives/1561
QUOTE: Virtual Machine Servicing Tool 3.0 helps to update offline virtual machines, templates, and virtual hard disks with the latest operating system and application patches. Authorization Manager provides a flexible framework for integrating role-based access control into applications. It enables administrators who use those applications to provide access through assigned user roles that relate to job functions.
Halloween 2011 – More online Tricks are circulating than treats http://blog.trendmicro.com/tricks-and-threats-infographic/
QUOTE: Halloween is fast approaching and itâ€™s that time of the year when scaring people is the most popular form of entertainment. However, not all spooks this season may end up in good-natured merriment. Cybercriminals may take this opportunity to scare users with their tricks, which include spammed messages, poisoned search results, spammed tweets with dubious links and Facebook clickjacking attacks. If not wary of these schemes, users may end up becoming victims of information theft, system infection, and even financial loss.
VMware – Security Blog http://blogs.vmware.com/security/
VMware – Security Center http://www.vmware.com/technical-resources/security/index.html
QUOTE: VMware offers secure and robust virtualization solutions for virtual data centers and cloud infrastructures, and has both the technology and the processes to ensure that this high standard is maintained in all current and future products. VMware virtualization gives you:
- Secure architecture and design:Â Based on its streamlined and purpose-built architecture, vSphere is considered by experts to be the most secure virtualization platform.
- Third-party validation of security standards:Â VMware has validated the security of our software against standards set by Common Criteria, NIST and other organizations.
- Proven technology:Â More than 250,000Â customersâ€”including all of the Fortune 100 as well as military and government installationsâ€”trust VMware to virtualize their mission-critical applications.
Heads-UP, friends. Even if you have already installed the patches for every Windows Server and every Exchange 2007, there still is more to do. Microsoft has issued Rollup 6 for Exchange 2010 SP1 which contains one more update to your CAS servers which affects DST cancellation. If you still see +3 time zone for Russia and other countries then you need to install it.
Here is the Rollup: http://support.microsoft.com/kb/2608646
And here is the KB about problem with CAS Servers: http://support.microsoft.com/kb/2627769
I Hope youâ€™ll get fine through all this stuff =)
F-Secure Trojan:SymbOS/OpFake.A http://www.f-secure.com/weblog/archives/00002261.html
Here’s the technical analysis related to yesterday’s post on Trojan:SymbOS/OpFake.A.Â OpFake.A arrives as a supposed Opera Mini updater using file names such as OperaUpdater.sisx and Update6.1.sisx. The malware installer adds an Opera icon to the application menu. When run, it will show a menu and a fake download progress bar. The malware also has a “license” which can be displayed. When the trojan is started, and before the victim advances through any of the menus, the trojan is already sending text messages to Russian premium rate numbers. The numbers and the content of the messages come from an encrypted configuration file (sms.xml).
The Symbian version of OpFake.A will also monitor SMS messages for the short while it is active and deletes incoming messages and messages moved to the sent messages folder based on the phone numbers and content of the messages. The code that handles the interception of incoming SMS messages is largely identical to that in Trojan:SymbOS/Spitmo.A. That part of OpFAke.A clearly shares source code with Spitmo.A.
Trend Labs – Video of Gadhafiâ€™s Death Being Used for Spam http://blog.trendmicro.com/video-of-gadhafis-death-being-used-for-spam/
QUOTE: Weâ€™ve been seeing a particular social engineering lure in spam runs in the past, where spammers leverage the death of a known celebrity or political figure. Recent examples of this include the death of Steve Jobs, and Amy Winehouse. In this spam run using Gadhafiâ€™s death, however, a more compelling lure is being used to trick users into downloading malicious files.Â We found several spammed messages that claim to lead to videos of Gadhafiâ€™s death. It is important to note that videos of Gadhafiâ€™s death do exist, and legitimate news sites like Reuters and The Washington Post tell of the graphic content in the video and even host the said videos on their websites. This existence of real videos of Gadhafiâ€™s death relatively makes it a more compelling lure.
Spam attack promotes false Charity Fund for Steve Jobs http://blog.trendmicro.com/spammers-promote-steve-jobs-bogus-charity-fund/
QUOTE: Even after a few weeks following Steve Jobsâ€™ death, spammers are still taking advantage of his demise. We have previously reported about this in the following blog entries:
This time, we received sample spammed messages promoting a supposed charity fund for young and gifted programmers and Web coders in honor of the late Apple co-founder.