Vulnerabilities

Target Stores said have data breach of over 40 million customers

Source: http://news.cnet.com/8301-1009_3-57616054-83/target-investigating-massive-black-friday-data-breach-report/ Everyone will be attacked, and many will be breached.  Have you taken steps to protect your organization or made plans for how to react in the event of a data breach?  Securit360 offers services to fortify your security programs, train your employees, and measure your vulnerabilities. [av_button label='Contact Us' link='page,35' link_target='_blank' color='theme-color' custom_bg='#444444' custom_font='#ffffff' size='small' position='right' icon_select='no' icon='ue800' font='entypo-fontello']    

McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office

Last Thursday morning (October 31), our Advanced Exploit Detection System (AEDS), which we discussed in an earlier post, detected a suspicious sample targeting Microsoft Office. After some investigation, we confirmed this is a zero-day attack. [av_button label='Read More' link='manually,http://blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2' link_target='_blank' color='theme-color' custom_bg='#444444' custom_font='#ffffff' size='small' position='left' icon_select='no' icon='ue800' font='entypo-fontello']

MongoHQ Hacked

This goes to show that application dev is not necessarily the biggest risk.  Information Security isn't tied to any single domain of IT or business.  It's a complex relationship between every aspect. http://techcrunch.com/2013/10/29/hosting-service-mongohq-suffers-major-security-breach-that-explains-buffers-hack-over-the-weekend/ http://security.mongohq.com/notice

PHP source code compromised?

Source: http://barracudalabs.com/2013/10/php-net-compromise/  It was announced that the PHP website was hacked and serving malware.  If the attackers had access to their internal servers, can we trust the PHP sourcecode anymore? So far PHP Group has been unable to determine the cause of an infection to two of their servers.  According to their reports, they have recreated web servers and have revoked the PHP SSL cert and are reissuing it in case the private key was compromised. According to Rasmus Lerdorf, PHP creator, "Not much to say about the effect on end users who visited the site during that time because [...]

New OWASP top 10 shows same mistakes

OWASP is an organization that tracks most common web vulnerabilities and gives guidance for writing secure applications.  They have released the New Top 10.  Unfortunately, it is not that much different than the old top 10.  Does this mean that most web developers don't know about the most common security risks? Read more here

Microsoft July Security Bulletin

For Patch Tuesday this month, we are receiving critical updates from both Microsoft and Adobe. Microsoft has five bulletins, bringing the six-month total up to 51 bulletins, about 20% more than we had in 2012. Read more here.