Blog

IE 0day Update: Microsoft Releases a FixIt Patch

A few days ago, I posted an alert about a zero day Internet Explorer (IE) vulnerability that attackers were exploiting in the wild. By luring you to a web site containing malicious code, a remote attacker can exploit this flaw to execute code on your computer, with your privileges. To most Windows users, this means the attacker gains complete control of your computer.

WatchGuard Security Week in Review: Episode 33 – Elderwood Project

The weekend is almost upon us… Yay! Before you run out and enjoy some fun in the sun (hopefully), take eight minutes to check out this summary video highlighting some of the bigger information and network security stories this week.

Light Patch Tuesday Brings Two XSS Fixes

As I mentioned in last week’s early warning, today’s Patch Day is extremely light with only two updates. According to their September bulletin summary, Microsoft has only released updates for Visual Studio Foundation Server and System Center Configuration Manager. Both updates fix cross-site scripting (XSS) vulnerabilities that Microsoft rates as Important.

WatchGuard Security Week in Review: Episode 32 – UDID Leaks and Java Updates

A few years ago, we’d be lucky to see one major information security story in the news each week. Now, we consistently see more security news than the average IT guy can keep up with. If you’re looking for a quick summary of the most important information and network security news, you’ve come to the right place.

Critical Java Vulnerabilities Update: Apple OS X Patched

Last week, I posted an alert about some highly critical flaws in Oracle Java; especially one in particular (CVE-2012-4681), which attackers have aggressively exploited in the wild. If an attacker can lure you to a web page or link containing malicious Java content, he can exploit these flaws to execute code on your computer, potentially gaining complete control of it. Oracle released an out-of-cycle update last week to fix this vulnerability, and two others.