We keep learning more about the White House email breach from last year, and the news gets worse and worse. Today we learned the attackers may have had access to more of President Obama’s email correspondence than first suspected. Watch today’s vlog post to for the details, and to learn tips to protect your organization’s email
Want to know what went on this week in the InfoSec world?
Original release date: April 15, 2015 Adobe has released three security updates to address multiple vulnerabilities in Flash Player, ColdFusion, and Flex. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system, or lead to a reflected cross-site scripting attack. Users and administrators are encouraged to review Adobe Security Bulletins APSB15-06 , APSB15-07 , and APSB15-08 and apply the necessary updates
I thought I’d only have to cover Microsoft Patch Day today, but Adobe, Oracle, and Google also came along for the ride. Patching is one of the easiest and most practical ways you can improve your network’s security.
Get your patch chops on people, because chances are you’re running software from Microsoft , Adobe or Oracle that received critical security updates today. Adobe released a Flash Player update to fix at least 22 flaws, including one flaw that is being actively exploited. Microsoft pushed out 11 update bundles to fix more than two dozen bugs in Windows and associated software, including one that was publicly disclosed this month.
Vulnerability Note VU#672268 Microsoft Windows NTLM automatically authenticates via SMB when following a file:// URL Original Release date: 13 Apr 2015 | Last revised: 13 Apr 2015 Overview Software running on Microsoft Windows that utilizes HTTP requests can be forwarded to a file:// protocol on a malicious server, which causes Windows to automatically attempt authentication via SMB to the malicious server in some circumstances. The encrypted form of the user’s credentials are then logged on the malicious server
Malware researchers at Trend Micro have analyzed a malware that connects to the home routers and scan the home network then send the gathered information to CC before deleting it self . TROJ_VICEPASS.A pretends to be an Adobe Flash update, once its run it will attempt to connect to the home router admin council using a predefined list of user names and passwords.