Original release date: April 29, 2015 Systems Affected Systems running unpatched software from Adobe, Microsoft, Oracle, or OpenSSL. Overview Cyber threat actors continue to exploit unpatched software to conduct attacks against critical infrastructure organizations. As many as 85 percent of targeted attacks are preventable  . This Alert provides information on the 30 most commonly exploited vulnerabilities used in these attacks, along with prevention and mitigation recommendations.
We keep learning more about the White House email breach from last year, and the news gets worse and worse. Today we learned the attackers may have had access to more of President Obama’s email correspondence than first suspected. Watch today’s vlog post to for the details, and to learn tips to protect your organization’s email
In a lot of web application penetration tests that Ive done in last couple of years I noticed that the amount of technical vulnerabilities (i.e. XSS or SQL injection) is slowly declining.Of course, this depends on developers awareness but also on frameworks that are used for development of such applications. One of the best (or worst, depending on the point of view) is definitely .NET (yeah, I know, it feels weird to say that Microsoft is best in something security related)
Original release date: April 21, 2015 The Internet Crime Complaint Center (IC3) has issued an alert warning that law enforcement personnel and public officials may be at an increased risk of cyber attacks.
Original release date: April 20, 2015 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT).
Original release date: April 15, 2015 Oracle has released security fixes to address 98 vulnerabilities as part of its quarterly Critical Patch Update. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. User and administrators are encouraged to review the Oracle April 2015 Critical Patch Update and apply the necessary updates