Fight Back: How Your Business Can Survive the Cyber Threat

It was likely a morning that began as any other at the small business in this true story. Employees arrived for work, had some coffee and checked their email inboxes. A few noticed an email regarding a transfer of funds that had failed, and forwarded it to their in-house accountant, who clicked on the attachment to see if there was a problem that required attention. Twelve hours later, the bank account of the business was wiped clean of the $150,000 or so that represented the business’s operating liquidity.

WatchGuard Security Week in Review: Episode 60 – Oracle CPU

During a week of such tragedy, it’s hard to give much thought to network and information security (InfoSec). Yet, we must stay vigilant, lest abhorrent cyber criminals leverage such tragedies against us in social networking campaigns.

WatchGuard Security Week in Review: Episode 59 – Android PlaneSploit

Though I’m traveling in Singapore for a security conference, I still found a few spare minutes for my weekly InfoSec news summary. This week I cover some Bitcoin mining malware, CISPA returning from the ashes, some game related network attacks, and most interestingly, an Android smartphone hacking an airplane. For the details, watch the video below.

[Friday Fun] WatchGuard’s Security Shop Music Video

First, a fair warning. This post serves no practical purpose, and is just for your entertainment. If you only visit this blog for practical security news and alerts, and you don’t have time for a bit of fun right now, feel free to skip this post. That said, you might find it entertaining, and it does still carry a security theme.

Adobe Patch Day: Patches for Flash, Shockwave, and ColdFusion

Today, Adobe released three security bulletins describing vulnerabilities in Flash Player, Shockwave Player, and ColdFusion. A remote attacker could exploit the worst of these flaws to gain complete control of your computer. The summary below details some of the vulnerabilities in these popular software packages.

SharePoint Suffers from XSS and Information Disclosure Flaws

Today, Microsoft released two Office-related security bulletins describing vulnerabilities found in SharePoint, SharePoint Foundation, Groove, Office Web Apps, and InfoPath — all part of Microsoft’s Office family of products. Microsoft rates both bulletins as Important. We summarize them below:

Windows Updates Fix Critical RDC Flaw, and More

Today, Microsoft released six security bulletins that describe around ten vulnerabilities affecting Windows or components related to it, such as Remote Desktop Client, Active Directory, and the Antimalware client (part of Windows Defender in Windows 8). Each of these vulnerabilities affect different versions of Windows to varying degrees. A remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. We recommend you download, test, and deploy these updates – especially the critical ones – as quickly as possible.

“Use After Free” Flaws: A New Theme for IE Vulnerability

As part of today’s Patch Day, Microsoft released a security bulletin describing two new security vulnerabilities affecting Internet Explorer (IE). Similar to the flaws in last month’s update, both of these vulnerabilities are what developers call “use after free” vulnerabilities – a type of memory corruption flaw that attackers can leverage to execute arbitrary code.

Remote Desktop and IE Updates Top April’s Patch Day List

Unless you’re new to IT, you’re probably aware that today—the second Tuesday of the month—is Microsoft Patch Day. As expected, Microsoft released nine security bulletins today, fixing 13 vulnerabilities across products like Internet Explorer (IE), Windows and its components, Sharepoint Server, and a few other Office server products. The worst two, Critical-rated updates fix security problems in IE and the Remote Desktop Client (RDC) that ships with Windows (specifically, its ActiveX control).