Time and time again, the old methods of identifying who you are have fallen prey to various attacks and breaches. Simply having a login name and a password, even a strong password – one that doesn’t contain words from the dictionary, and consists of upper case letters, lower case letters, numbers, and special symbols like exclamation points, ampersands or other non-alphanumeric characters – is often no longer strong enough to prevent a breach. You could have an incredibly strong passwo…
DDoS: A Brief History, Part II
In our last blog, we discussed DDoS, detailing the chronology of the DDoS attack from an early attack used by hackers to gain notoriety and wreak havoc to a sophisticated cybercrime tool used for monetary gain. In this Part II, gathered from information provided by FortiGuard AV analyst Karine de Ponteves, we discuss the latest iteration of DDoS – specifically, how the attack is leveraged to disrupt government and corporate systems to make a political statement and mobilize users to action –…
Insomni’hack 2013
Insomni’hack 2013 took place last week at Geneva and I had the opportunity to attend. Insomni’hack DAY 1 consisted of one day workshops on subjects ranging from “Linux exploitation” to “How to make sure your Pentest Report is never empty”. I had the chance to attend a workshop on “Practical ARM exploitation” given by black Steve (@s7ephen) and white Steve (Stephen Lawler)
DDoS: A Brief History
Distributed-denial-of-service (DDoS) attacks have been the tool of choice for cybercriminals since the dawn of the Internet. Why
March 2013 Patch Tuesday Bulletins are now Supported by Desktop Central
Microsoft March 2013 Patch Tuesday bulletins are now supported by Desktop Central. The patch assessment team at Desktop Central has tested the patches and have updated their online patch database on March 13, 2013 at 09:00 EDT. Update your vulnerability database to install the patches pertaining to the Security Bulletins: MS13-021 – Cumulative Security Update for Internet Explorer (2809289) MS13-022 – Vulnerability in Silverlight Could Allow Remote Code Execution (2814124) MS13-023 – Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261) MS13-024 – Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176) MS13-025 – Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264) MS13-027 – Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986) Update your vulnerability database to install the below Third Party updates Google Chrome (25.0.1364.172) Mozilla Thunderbird (17.0.4) Adobe AIR (3.6.0.6090) Real Player (16.0.1.18) Adobe Flash Player Plugin 11.6.602.180 (APSB13-09) Adobe Flash Player for IE 11.6.602.180 (APSB13-09) Update your vulnerability database to install the patches pertaining to the Non Security Updates Windows Malicious Software Removal Tool – March 2013 (KB890830) Description of the Outlook 2003 Junk E-mail Filter update: March 12, 2013 (KB2768024) Description of the Outlook 2007 Junk E-mail Filter update: March 12, 2013 (KB2768025) Description of the Outlook 2010 Junk E-mail Filter update: March 12, 2013 (KB982726) Description of the Outlook 2013 Junk E-mail Filter update: March 12, 2013 (KB2760587) Description of the 2007 Office system update(KB2687493) Description of the Office 2010 update(KB2687503) Description of the SharePoint Designer 2010 update(KB2553382) [when installed with office] Description of the SharePoint Designer 2010 update(KB2553459) [when installed with office] Description of the Word 2010 update(KB2767886) Microsoft Security Advisory: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10: March 12, 2013(KB2824670) Description of the OneNote 2013 update(KB2768011) System may restart and not display the “Choose an option” screen in Windows RT, Windows 8, or Windows Server 2012(KB2812822) Description of the PowerPoint 2013 update(KB2727013) Description of the SkyDrive Pro update(KB2768356) [when installed with office] Description of the SkyDrive Pro update(KB2768016) [when installed with office] Description of the Outlook 2013 update(KB2727079) Description of the Lync 2013 update(KB2760556) [when installed with office] Description of the Office 2013 update(KB2768333) Windows 8 and Windows Server 2012 cumulative update: March 2013 (KB2800088) Description of the Office 2013 update(KB2752094) Incorrect results when you run AD Windows PowerShell cmdlets on a Windows Server 2008 R2-based domain controller(KB2806748) Application compatibility update for Windows 7 and Windows Server 2008 R2: March 2013 (KB2791765) Compatibility update is available for Windows 8 and Windows Server 2012 (KB2790907) Anti-malware platform update for Windows Defender is available in Windows 8(KB2781197) Deployment Priority (Courtesy: MSRC blog ) For any assistance on patching feel free to contact desktopcentral-support@manageengine.com Happy Patching
RSA Conference 2013: New Threats, New Solutions
The keynote speakers have gone home, the parties have ended, and another RSA Conference 2013 is over. By all reports, this year set records for attendance and business conducted. With a complex and evolving threat landscape and the accelerating adoption of disruptive technologies, exhibitors had a field day on the show floor with sophisticated releases that vied to differentiate in the burgeoning security markets
UTM 9.005 Up2Date Released
We have just released stable version 9.005 via Up2Date for Sophos UTM. This release contains many compatibility improvements and stability enhancements for your installation.
HAProxy Alerts (for V7 Loadbalancer.org Appliance)
In this Blog I show a very simple solution to get Layer 7 (HAProxy) alerts configured using Logwatch. First from the WUI : 1.
HAProxy Email Alerts Guide
In this guide I show a very simple solution to get HAProxy email alerts configured using Logwatch. While the first part is aimed at users of our V7 appliance I think anyone wanting to get email alerts for HAProxy will also find this a good example. First from the WUI : 1.
February 2013 Patch Tuesday Bulletins are now Supported by Desktop Central
Microsoft February 2013 Patch Tuesday bulletins are now supported by Desktop Central.