Numerous links and information are available at ISACA’s home page for Corporate users Sarbanes-Oxley – COBIT version 5 standards emerge for IT controls http://www.isaca.org/Knowledge-Center/cobit/Pages/COBIT-5-Initiative-Status-Update.aspx
Mozilla Firefox and other products have been revised to remove the hacked DigiNotar Certificate Authority, Mozilla Firefox 6 – Security release for hacked Certificate Authority http://securitywatch.pcmag.com/apple/287116-firefox-and-other-mozilla-apps-rev-to-blacklist-hacked-ca QUOTE: Mozilla has released several new versions of programs in order to remove support for a root certificate from a hacked certificate authority. We reported yesterday about how this […]
Trend Labs shares good awareness for a variety of threats affecting Facebook and other social networking environments. Social Networking Threats – Trend Labs report http://blog.trendmicro.com/the-geography-of-social-media-threats-infographic/ QUOTE: KOOBFACE is not the only threat that hounds social media. These social networking sites also have features that can become threat vectors. A seemingly harmless wall post from a […]
Symantec documents an advanced and highly stealth File Infector that can setup a botnet client on an infected PC Xpaj Botnet Intercepts up to 87 Million Searches per Year http://www.symantec.com/connect/blogs/xpaj-botnet-intercepts-87-million-searches-year http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_xpaj_b.pdf http://www.symantec.com/security_response/writeup.jsp?docid=2009-091613-1844-99 QUOTE: W32.Xpaj.B is one of the most complex and sophisticated file infectors Symantec has encountered. In an older blog post, Piotr Krysiuk calls […]
As Adobe has improved their automated security updates, please promptly apply changes when prompted to ensure the best levels of protection. Adobe – Flash and other products patched during August 2011 http://www.adobe.com/support/security/bulletins/apsb11-21.html http://securitywatch.pcmag.com/apple/286074-massive-adobe-patch-release-fixes-flash-player-media-server-shockwave-photoshop-and-robohelp QUOTE: Adobe released updates to 5 products today fixing a total of 23 vulnerabilities, mostly in Flash Player. At least some of the […]
Webmasters should ensure they apply the forthcoming security patch to protect their web server environments: Apache Web Server – New DoS Attack Vulnerability http://blog.eset.com/2011/08/26/dos-apache-killer http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/thread QUOTE: Amidst a lack of fanfare this past weekend on a mailing list, a memory exhaustion hack popped up for the Apache webserver that may result in a Denial-of-Service (DoS) […]
The FBI warns users to be careful with charitable donations, news reports, and web searches FBI – Electronic Scam warnings updated for Hurricane Irene http://www.fbi.gov/scams-safety/e-scams QUOTE: 08/26/11—In light of Hurricane Irene, the public is reminded to beware of fraudulent e-mails and websites claiming to conduct charitable relief efforts. Tips on Avoiding Fraudulent Charitable Contribution Schemes […]
F-Secure documents a recent attack for one of the most secure authentication products, which was quickly corrected to resolve security issues RSA – How SecurID was compromised http://www.f-secure.com/weblog/archives/00002226.html http://t2.fi/schedule/2011/#speech7 QUOTE: RSA was hacked in March. This was one of the biggest hacks in history. The current theory is that a nation-state wanted to break in to […]
A new scam is circulating on Facebook: Facebook – Hurricane Irene Scam circulating http://blog.trendmicro.com/hurricane-irene-scam-hits-facebook/ QUOTE: Hurricane Irene surely turned New York City to “city that never sleeps” as it brought flood waters, knocked out power to more than 4 million people and was even responsible for at least 15 deaths in six states. What’s worse […]
Please be careful when accepting certificate updates as noted in the following security warning http://securitywatch.pcmag.com/google/287010-fraudulent-google-com-certificate-in-wild QUOTE: In early July, Dutch certificate authority DigiNotar issued a fraudulent SSL certificate for ‘*.google.com’. This certificate could allow a malicious web site, in conjunction with certain other techniques, to spoof any domain on google.com including mail.google.com.
