Articles by Chester Wisniewski

About Chester Wisniewski

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.

SSCC 118.99 - How do you define a Potentially Unwanted Application (PUA)?

Google rolls out fix for Android security vulnerability

In the third part of Sophos Security Chet Chat 118, Chet interviews Vanja Svajcer to explain the rise of potentially unwanted applications on Android, what they are and how we might deal with them.

GinMaster, unwanted Android apps and legit apps gone bad

evil-android-thumb

More coverage from the Virus Bulletin 2013 Conference in Berlin, Germany. Today's topics include Android botnets, malware abusing legitimate applications and defining the types of apps we allow on our phones.

Zero Access, vulnerability disclosure and the evils of RTF

VB2013-Wyke-250

Chester Wisniewski writes to us from Virus Bulletin 2013 in Berlin, Germany to share the latest research on malicious documents, bot herders and foos ball.

SophosLabs prepares for great showing at Virus Bulletin 2013

Who is SophosLabs

Sophos has a larger than normal presense this week at the Virus Bulletin Conference in Berlin, Germany. Research presented includes bot nets, rootkits, Android and even techniques we can use to better protect others.

Firefox 24 available now! 17 fixes, 7 critical

Firefox250

The Mozilla Foundation released Firefox, Thunderbird and SeaMonkey version 24.0, fixing 17 vulnerabilities.

Internet Explorer zero-day exploit prompts Microsoft to publish emergency Fix it

Microsoft releases fix for Internet Explorer security hole, full patch coming Friday

Microsoft has published an out of band security advisory for users of Internet Explorer to warn about a new zero-day attack being used in the wild. IE users are advised to use Microsoft's Fix it or EMET tool to protect against exploitation until a permanent fix is released.

Oracle Java fails at security in new and creative ways

CC-Oracle-PeterMakinski250

Oracle is about to release a new "feature" in its Java Runtime Environment (JRE) that allows enterprises (or anyone else) to turn off security features for backward compatibility.

Secure Google Docs email results in mailbox compromise

GDocs250

As cloud services become more pervasive criminals continue to try and convince corporate users to surrender their identities.

Google Docs is the latest target, so look out!

Syrian Electronic Army brings down Twitter and The New York Times through domain name provider hack

T250

The Syrian Electronic Army attacked an internet domain name provider today taking down for a short time the websites of The New York Times and Twitter for some users,

CNN, Time and Washington Post redirect users to Syrian Electronic Army site

SEALogo250

The Syrian Electronic Army appears to have compromised content recommendation engine Outbrain resulting in visitors to CNN, Time and The Washington Post being redirected to the hacking groups website. BREAKING: SEA claims was hacking the New York Times as Outbrain shutdown.

Microsoft pulls critical Patch Tuesday fix for Exchange 2013

shutterstock_QC250

Microsoft has had to recall an update released yesterday for Exchange Server 2013. Nothing catastrophic, but a difficult balancing act for admins considering the fixed vulnerabilities were publicly disclosed.

Patch Tuesday for August 2013 - 3 critical, 5 important

Patch Tuesday

Patch Tuesday for August 2013 includes three critical fixes and five important ones. The focus for this month is certainly the Internet Explorer cumulative patch which fixes 11 vulnerabilities and all versions, including 11 beta.

July 2013 Patch Tuesday - Windows, IE, Flash, Shockwave and ColdFusion

Patch Tuesday

Microsoft fixed 34 vulnerabilities in products ranging from Windows, Internet Explorer and .NET to Lync, Visual Studio and Silverlight. Not to be left behind, Adobe launched fixes for Flash, Shockwave and Cold Fusion. Settle into your air-conditioned server rooms and start testing!

Some US states strengthen data breach notification laws, others ignore them

shutterstock_DataPrivacy250

Vermont and North Dakota have recently bolstered their data breach notification laws to cover more organizations and additional types of personal information. Meanwhile Michigan lost 49,000 people's names, birth dates and cancer screening records and claims they aren't protected information.

Blackberry releases first security fixes for new Z10 smartphone

shutterstock_NoFlash250

Blackberry released the first two security advisories for its new Z10 smartphone yesterday. One of the patches was for Adobe Flash vulnerabilities from January. Flash? On a smartphone? In 2013?

Patch Tuesday June 2013 - Office, Windows and Flash

Patch Tuesday

Right on time, Microsoft and Adobe released fixes today for Windows, Internet Explorer, Microsoft Office 2003 and 2011 and Adobe Flash Player. Time to dance that familiar dance and get those updates installed.

Digital currency Liberty Reserve shut down by US governement

shutterstock_MoneyLaundry250

This week US authorities shut down Liberty Reserve, an online currency favored by cybercriminals. Will enforcement actions have any real impact on the underground economy?

Social media privacy explained - In plain English

shutterstock_onlineprivacy250

Researchers at Canada's University of Victoria have published a website, CATSMI, that provides information on more than 20 social networks privacy policies and what they mean to you.

Interview with 'We are Anonymous' author Parmy Olson [PODCAST]

anonymous-lulzsec-170

In this podcast Chester interviews Parmy Olson author of "We are Anonymous" about her thoughts on LulzSec, their sentencing and the Anonymous movement. Parmy also shares some of her thoughts on Firefox OS and other developments from Mobile World Congress 2013.

Apple fixes 41 iTunes security flaws, some more than a year old

iTunes-11-250

Apple released the latest update to iTunes today, version 11.0.3, fixing 41 vulnerabilities in the Windows version and 1 in the OS X version. Many of these flaws are rated critical and we advise you update as soon as possible.