InfoSec Philippines

Information Security, Technology News and Opinions

Categories
- (ISC)²
- Annual Security Reports
- Anonymization
- Anti-Malware
- Awareness
- Career
- Certification
- Change Management
- Compliance
- conferences
- DOS
- El Sibakero
- encryption
- Free
- Glossary
- Home Grown Apps
- Incident Management
- ISMS
- Lean IT
- Legal
- malware
- Malware Analysis
- Metrics
- News
- Opinion
- Philippines
- Presentations
- Privacy
- Security Policy
- seminars
- Site News
- social engineering
- Social Networking
- Survey
- tools
- vulnerability
- vulnerability assessment
- Webinars
- Whitepapers
- Windows
- Wireless
Archives
Pages
Subscribe
- Entries (RSS)
- Comments (RSS)

Twitter Updates
- Inaudible ultrasound attack can stealthily control your phone, smart speaker bleepingcomputer.com/news/security/… 17 hours ago
- Microsoft pushes OOB security updates for Windows Snipping tool flaw bleepingcomputer.com/news/microsoft… 19 hours ago
- New CISA tool detects hacking activity in Microsoft cloud services bleepingcomputer.com/news/security/… 2 days ago
- Mandiant: Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace mandiant.com/resources/blog… 3 days ago
- Should the US ban TikTok? Can it? A cybersecurity expert explains the risks the app poses and the challenges to blo… twitter.com/i/web/status/1… 3 days ago
2008 2009 27001:2005 A.9 27001:2005 A.11.7.1 A.11.7.1 Antivirus apple ATM botnet bpo Breach browser security Citibank clickjacking comelec conference conferences conventions Cybercrime DDOS E&Y e-mail encryption ENISA Facebook fbi Forensics Free Friendster hacking IE Intel iphone ISACA key logger log management Mac malware Manila Metrics Microsoft Mobile Security News nmap Nokia obama patch patch tuesday pci compliance Philippines Physical Security Podcasts/Webcasts Presentations proxy SANS secure coding Security seminars social engineering Social Networking software vulnerability Survey tools Tor trojan vlc vulnerability web application Webinars Whitepapers Windows Wireless worm wpa zero day

Posts Tagged ‘patch tuesday’

InfoSec News, March 11, 2009

Posted by Jaime Raphael Licauco, CISSP, GSEC on March 11, 2009

Browser Security
(SC Magazine US) Firefox 3.07 update addresses multiple security issues
(H-online) Firefox: most vulnerabilities, but quickly patched
(Security Focus) Mozilla, Opera plug security holes

Malware
(SC Magazine US) Conficker worm variant kills security processes
(H-online) Conficker modified for more mayhem

Cyberwarfare
(ZDNet.com) Russia kinda-sorta owns up to Estonia cyberwar
(The Register) Russian politician: ‘My assistant started Estonian cyberwar’

Patches
(The Register) Critical kernel fix stars in Patch Tuesday updates
(Computerworld) Microsoft patches ‘evil’ Windows kernel bug
(Computerworld) Microsoft patches Windows DNS, kernel flaws
(The Register) The long road to Adobe Reader and Flash security Nirvana
(Computerworld) Adobe patches zero-day PDF bug, mum on details
(Computerworld) Bad Symantec update leads to trouble
(H-online) Norton causes alarm and despondency

Social Networking
(H-online) Twitter closes SMS spoofing hole – Updated
(H-online) Spam from compromised Twitter accounts

Other InfoSec News
(SC Magazine US) Gartner: Data breaches hit 7.5 percent of all U.S. adults
(H-online) Version 3 of Microsoft’s Threat Modeling Tool released
(Computerworld) Gmail down; outage could last 36 hours for some
(H-online) Windows Defender: False alarm triggered by hosts file
(The Register) Court rules airline secret security list is stupid
(Techworld) Security needs to be ‘baked in’ say experts
(GCN) Securing cyberspace requires a new attitude
(Stuff.co.nz) Student wiped data worth thousands
(The Register) Feds file new felonies against alleged Palin hacker

Tips
(Computerworld) Biometrics: three tips for success

Webcasts
(LogLogic) Unleashing your log power to do more with less
Date: Wednesday, March 18, 2009
Time: 2:00 p.m. EST/11:00 a.m. PST

Whitepapers
(HID) Username and Password: A Dying Security Model
(Computerworld) Social Elements of Security Policy and Messaging

Posted in Change Management, News, Security Policy, Social Networking, Webinars | Tagged: access control, airline security, biometrics, browser security, log management, Microsoft, patch management, patch tuesday, Physical Security, secure coding, Security Policy, software development, threat, webcasts, whitepaper | Leave a Comment »

Info Sec News, Dec 8, 2008 Updated

Posted by Jaime Raphael Licauco, CISSP, GSEC on December 8, 2008

Upcoming details for this month’s Patch Tuesday can be found in Heise Online’s Microsoft wants to close six critical holes and PC World’s Microsoft readies Eight New Security Patches.

A Secunia blog states that 98% of all PC’s aren’t fully patched as was also reported in The Register and SCMag UK. No doubt this contributes to the millions of PC’s out there that are used as zombies unbeknownst to their owners. This happens mostly because people have too much confidence in their Anti Virus in stopping all threats. I’ll write about this more in another post, as for now, you might want to check out Secunia’s freely available Personal Software Inspector to check for patches their PCs may need.

Trend Micro researchers though, say that vulnerabilities only play a minor role (5%) in attacks. And that most attacks (53%) come in the form of Social Engineering attacks wherein the user is duped into downloading malware. An example of this would be fake anti-virus products that take up the top three positions in BitDefender’s Top e-threats (Heise Security also gives the list here). Which reminds me of what Zot O’Conner said in his talk at the Renaissance Makati in late October… that you cannot design a security product to defend against a user that just clicks and accepts anything.

In related news, Security Park reports that Human error continues to be the top cause of IT security breaches primarily because individuals are given the option to bypass them.

Other Security News
Center for Strategic and International Studies publishes report on Securing Cyberspace
Distributed SSH attacks bypass blacklists
New variant of DNSChanger in mass DNS hijack
The debate resumes over Mac Security
Identity Theft breaches on the increase in the US
(Security Focus) US Commission calls for Cybersecurity Czar
(Security Park) Free malware search tool helps financial institutions identify web attacks targeting their websites
SANS Webcast on December Threat Update
SANS Webcast on What Works in Security Information and Event Management
(Linux Security) New Wireshark Packages fix Vulnerabilities
(Linux Security) Never Installed a Firewall on Ubuntu? Try Firestarter
(Linux Security) Debian: New Linux 2.6.24 packages fix several vulnerabilities
(NY Times) Thieves Winning Online War, Maybe Even in Your Computer
(Translated by Google) 21 Million German Citizen’s Account Numbers in Circulation

Posted in Change Management, News, social engineering, vulnerability assessment, Windows | Tagged: Antivirus, distributed ssh, Microsoft, patch, patch tuesday, psi, secunia, social engineering, vulnerability assessment, Windows | 1 Comment »