Microsoft released an out of band patch today for all supported versions of Windows. The patch fixes a privately reported bug in the Kerberos Key Distribution Center (KDC) protoccol. If unpatched, it would allow an unauthorized user to execute an elevation of privilege attack. “The problem stems from a failure to properly validate cryptographic signatures which […]
Continue reading → [DISPLAY_ACURAX_ICONS]According to the Wall Street Journal (pay link), the government (US Marshals Service) is flying “dirtboxes” in small airplanes to capture the signals from your cell phone. Basically, a dirtbox is a self contained cell tower with a strong signal. Since your cell phone will connect to the strongest signal, if the dirtbox winds up […]
Continue reading → [DISPLAY_ACURAX_ICONS]FireEye , a security research firm, recently disclosed an interesting attack against iOS devices. Apparently, iOS allows a rogue iPhone app to replace a genuine iPhone app. Once that rogue app is now installed, it can do anything the real app could do – PLUS send a copy of your banking credentials Moscow or Kiev […]
Continue reading → [DISPLAY_ACURAX_ICONS]An article in SC Magazine recommends that organizations apply this month’s Microsoft patches very quickly. Among the patches: One vulnerability, CVE-2014-6332, had been remotely exploitable for 18 years prior to its patch, and could be used by an attacker to circumvent Microsoft’s free anti-exploitation tool EMET and its Enhanced Protected Mode (EPM) sandbox in Internet […]
Continue reading → [DISPLAY_ACURAX_ICONS]The US Department of Homeland Security through the Computer Emergency Readiness Team (CERT) at Carnegie Mellon issued an alert to owners of a number of Linksys routers to patch those routers ASAP. The alert referenced two vulnerabilities – the first one allowed anyone on the internet to read or modify sensitive information on the router; […]
Continue reading → [DISPLAY_ACURAX_ICONS]An article in American Banker talks about the fight that all the banks are fighting right now. JP Morgan Chase CEO Jamie Dimon Says the bank plans to double its $250 million annual computer security budget within the next five years. I think Chase understands the problem; Dimon said “It’s about firewall protection, it’s about […]
Continue reading → [DISPLAY_ACURAX_ICONS]