Microsoft Malware Protection Center October 2012 update

The Internet is a great place to share; we share information, ideas, experiences, software, and media through many different services over the Internet. The Internet is also a great place to do business and to shop for great deals on software, movies, and music as well as other goods and services. Unfortunately, malware distributors take advantage of people’s desire to share and find the best deals by using social engineering in attempt to infect computer systems. Continue reading Microsoft Malware Protection Center October 2012 update

How IT Can Prepare for Mobile Forensic Investigations

This is especially true of organizations subject to compliance with regulations like PCI-DSS or HIPAA, but any organization could find itself in trouble if it can’t get its hands on emails and SMS messages during an ediscovery process.

“If a company faces litigation or some other incident, do they have the capabilities to get the answers that these devices potentially hold inside them, whether through insourcing or outsourcing? That preparation is often an afterthought,” says David Nardoni, director of mobile device investigations with Pricewaterhousecooper. “It has to be part of the implementation of your mobile policy.” Continue reading How IT Can Prepare for Mobile Forensic Investigations

High bandwidth DDoS attacks are now common, researcher says

Distributed denial-of-service (DDoS) attacks with an average bandwidth of over 20Gbps have become commonplace this year, according to researchers from from DDoS mitigation vendor Prolexic.

Last year such high-bandwidth attacks were isolated incidents, but attacks that exceed 20Gbps in bandwidth occur frequently now, Prolexic’s president Stuart Scholly said Tuesday. Continue reading High bandwidth DDoS attacks are now common, researcher says

Meet Flame Espionage Malware Cousin: MiniFlame

Ongoing teardowns of the Flame malware and its underlying components have yielded a surprising discovery: a new piece of malware.Security researchers at Kaspersky Lab said that what they previously suspected was an attack module for the Flame malware is instead a standalone piece of attack code, although it can do double duty as a plug-in for both the Flame and Gauss malware. Designed for data theft and for providing attackers with direct access to an infected system, MiniFlame is based on the same architectural platform as Flame, according to Kaspersky Lab.”MiniFlame is a high-precision attack tool,” said Alexander Gostev, chief security expert at Kaspersky Lab, in an emailed statement. “Most likely it is a targeted cyberweapon used in what can be defined as the second wave of a cyberattack … to conduct more in-depth surveillance and cyber-espionage.” Continue reading Meet Flame Espionage Malware Cousin: MiniFlame

Oracle Critical Patch Update Advisory – October 2012

Description

A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to: Continue reading Oracle Critical Patch Update Advisory – October 2012

3 Must-Fix Vulnerabilities in Oracle and If you are a Mysql database User you should get worried!

Systems administrators on all IT fronts will have their hands busy patching Oracle vulnerabilities across the software giant’s portfolio with the release this week of the company’s quarterly Critical Patch Update. Security experts warn enterprises to pay particular attention to this last CPU of the year, which today took the wraps off over 100 fixes affecting 10 different product groups, with one or more vulnerabilities in each group open to remote exploitation without exploitation. Continue reading 3 Must-Fix Vulnerabilities in Oracle and If you are a Mysql database User you should get worried!