A recent report from the Veteran’s Administration (VA) indicates that a data analyst illegally removed the personal records of over 26.5 million former service members from the VA, which was subsequently stolen from the analyst’s residence. Fortunately, the records did not contain any medical or financial information on every service member that has served this [...]
The press is spending some attention on the Word attacks that took place recently, but we feel much of this is overblown. Sure, two forms of the attack are said to be in use, but there is little public info about them, and certainly no evidence of widespread attacks as of yet. On WatchDog we [...]
We are left wondering about the Exchange vulnerability. To date, we have seen no malware exploiting this vulnerability on a mass scale. Even public exposure of exploit code has not been made. So, the question is why? Are attackers holding this back for integration into a multi-exploit attack or did the recent VNC development distract [...]
You can see the full presentation at: http://www.microsolved.com/SOT1Q06.html
We, here at MicroSolved, dedicate our lives (yes we work at home, too) to the goal of helping to ensure a safer and more secure Internet for every user that may be inclined to partake in the wonder that is the Internet community. Ideally, we would love to work ourselves out of a job. Fortunately, [...]
We wanted to ask, you, our readers, the folks in the treches everyday, just what you might be wishing for. Is the answer more time, less changes in the environment, one patch to rule them all? Use the comment link below, and give us some insight into just what you are wishing for. Heck, you [...]
Ahhh, the big question of tradeoffs. Do you apply the new Microsoft patch and stop Exchange from working with your Blackberry users or do you risk being compromised and worm infected when attackers release malware based on the vulnerability? That is a HUGE question for many organizations. Right now, as I write this, several folks [...]
The ASN.1 Microsoft vulnerability is still alive and well. If you check your IIS logs you probably see this activity on a regular basis. ASN.1 seems to be the Code Red and Nimda of today – it simply just won’t die. Patches for ASN.1 have been available for quite some time, and the malware using [...]
As we posted to WatchDog last week, more and more attacks against FTP implementations are likely in the coming weeks. We noticed the release of a new GUI FTP fuzzer and so far it appears to be getting heavy use to find new vulnerabilities in several FTP servers, both commercial and shareware/freeware/open source. New FTP [...]
For some time now Bots have been growing in importance. They have truly become the most serious infosec threat to networks today. They are insidious, common and borne by some of the easiest to exploit vulnerabilities in many client side applications. In many cases, organizations have rampant Bot activity inside their networks, though more often [...]