It’s easy to overlook the security of critical IT infrastructure - the low level things that you rely on and that "just work", that nobody wants to touch and that probably haven't been patched for years. Here are some things to consider when keeping your critical infrastructure secure.
Oracle has released its quarterly software update fixing more than 100 security vulnerabilities in its products. Java is at risk from more than 50 flaws, so it is time to update immediately if you still use it.
The US's national vulnerability database has been offline for days thanks to multi-server infection inflicted by hacker(s) who really know how to hurt a infosec guy or gal.
Microsoft has released 12 patches covering 56 vulnerabilities as part of the February monthly "Patch Tuesday" update. Five of these patches are rated critical and code allow criminals to drive-by install malware onto Windows systems.
For those interested in exploit kits and how they work, Gabor Szappanos has published the second (and concluding) part of his technical paper looking at the Blackhole kit.
Recommended reading for all those that want a little more detail as to how one of the most prolific and widely used crimeware kits actually works.
Do you want to learn more about the exploit kit that is arguably responsible for the most malware infections this year?
Well read the latest technical paper from SophosLabs, where Gabor Szappanos uncovers some of the details behind the Blackhole exploit kit.
Adobe released an important update for its software on Monday, fixing 25 security holes. The updates affect Flash running on Windows, Apple Mac and Linux systems.
In addition, Adobe AIR users on Windows, Mac OS X, Android and iOS are also advised to install an update.
Microsoft released six patches for eleven vulnerabilities today for Windows, Office, SQL and other products. Adobe also updated their Reader app to fix four vulnerabilities that can be exploited by malicious PDF files.
New vulnerabilities are being discovered all the time, and attackers are still exploiting old ones. But how do you deal with the vulnerabilities? Patch them of course.
A week after the release of iOS 5 several flaws and vulnerabilities that could affect your data security have been found. Unauthorized calls, Smart Cover unlocks and media access are all possible with system defaults.
A comprehensive look at the security updates in iOS 5 and OS X Lion 10.7.2. In addition to new features for iOS users, many critical fixes are present.
Microsoft have released four bulletins this month, three important and one critical. Fixes included impact Windows 7, Windows Vista and Microsoft Visio 2003 SP3 users.
Adobe's Patch Tuesday quarterly release is out and fixes many critical vulnerabilities. Time to patch Reader, Acrobat, Shockwave, Flash, ColdFusion, LifeCycle and Blaze...
Microsoft released patches today for Windows XP through Windows 7, Office, .Net, Internet Explorer and more. Learn about the key highlights and our advice on what to do.
Unix/Linux users may be vulnerable to a new flaw in ISC's DHCP client. ISC is advising users to apply mitigation or update to their latest release.
December's Microsoft Patch Tuesday fixed 40 vulnerabilities in 17 patches. While it fixes many critical and important vulnerabilities a few are noticeably absent.
Adobe has announced the long-awaited sandboxed versions of their ubiquitous Adobe Reader and Adobe Acrobat applications, now branded as X. Brad Arkin, Adobe's Senior Director of Product Security and Privacy, first spoke with Sophos about Adobe's plans to better secure Read more…
There was a lot of security news this week as Michael Argast and I went into our Vancouver studio to record Chet Chat 30. I was on vacation at the beginning of the week, so it is a bit longer Read more…
Last week, I presented at VB2010 a talk that was well received in the room and on the wires. A number of people have requested copies of or links to my presentation and paper (thanks to Helen Martin of Virus Read more…
There has been a lot of hype and speculation in the media over the last few weeks about the Stuxnet virus. I thought it might do us some good to ignore the conjecture and look at the implications of the Read more…