Source: http://news.cnet.com/8301-1009_3-57616054-83/target-investigating-massive-black-friday-data-breach-report/ Everyone will be attacked, and many will be breached. Have you taken steps to protect your organization or made plans for how to react in the event of a data breach? Securit360 offers services to fortify your security programs, train your employees, and measure your vulnerabilities. [av_button label='Contact Us' link='page,35' link_target='_blank' color='theme-color' custom_bg='#444444' custom_font='#ffffff' size='small' position='right' icon_select='no' icon='ue800' font='entypo-fontello']
Last Thursday morning (October 31), our Advanced Exploit Detection System (AEDS), which we discussed in an earlier post, detected a suspicious sample targeting Microsoft Office. After some investigation, we confirmed this is a zero-day attack. [av_button label='Read More' link='manually,http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2' link_target='_blank' color='theme-color' custom_bg='#444444' custom_font='#ffffff' size='small' position='left' icon_select='no' icon='ue800' font='entypo-fontello']
This goes to show that application dev is not necessarily the biggest risk. Information Security isn't tied to any single domain of IT or business. It's a complex relationship between every aspect. http://techcrunch.com/2013/10/29/hosting-service-mongohq-suffers-major-security-breach-that-explains-buffers-hack-over-the-weekend/ http://security.mongohq.com/notice
Source: http://barracudalabs.com/2013/10/php-net-compromise/ It was announced that the PHP website was hacked and serving malware. If the attackers had access to their internal servers, can we trust the PHP sourcecode anymore? So far PHP Group has been unable to determine the cause of an infection to two of their servers. According to their reports, they have recreated web servers and have revoked the PHP SSL cert and are reissuing it in case the private key was compromised. According to Rasmus Lerdorf, PHP creator, "Not much to say about the effect on end users who visited the site during that time because [...]
OWASP is an organization that tracks most common web vulnerabilities and gives guidance for writing secure applications. They have released the New Top 10. Unfortunately, it is not that much different than the old top 10. Does this mean that most web developers don't know about the most common security risks? Read more here
For Patch Tuesday this month, we are receiving critical updates from both Microsoft and Adobe. Microsoft has five bulletins, bringing the six-month total up to 51 bulletins, about 20% more than we had in 2012. Read more here.