The DHS Daily Open Source Infrastructure Report (DHS) covers the publicly reported material for the preceding day(s) not previously covered. This weekly summary provides a selection of those items of greatest significance to the InfoSec professional.
Should you not be aware of even one of the items discussed below it would be wise to familiarize yourself with it. The headline above each entry will take you directly to the DHS report which presented the item for ten business days from the date of inclusion. The Source link will take you to the original source cited by DHS.
This is a week rife with Microsoft issues. Are you on top of them? It appears that many firms are not securing personal data. Hopefully, yours is not amongst them. Also, phishing continues to grow as an exploit. Are you taking the action necessary to educated your employees and clients. From what I see, most are not!
Week Ending: Friday, October 2, 2009
Is it possible that your firm falls into this statistical trap?
15. September 24, CNET News – (National) Survey: Half of businesses don’t secure personal data. The personal information one gives to businesses may not be as secure as one hopes, according to a new survey. Source: http://news.cnet.com/8301-1009_3-10360639-83.html?tag=mncol;title
Phishing continues to grow. What are you doing about it?
36. September 28, The Register – (International) Phishing fraud hits two year high. Phishing attacks reached a record high during the second quarter of 2009, with 151,000 unique attacks, according to a study by brand reputation firm MarkMonitor. Source: http://www.theregister.co.uk/2009/09/28/phishing_fraud_trends/
Pressure on Microsoft increases due to another Windows attack made public.
46. September 28, IDG News Service – (International) Pressure on Microsoft, as Windows attack now public. Hackers have publicly released new attack code that exploits a critical bug in the Windows operating system, putting pressure on Microsoft to fix the flaw before it leads to a worm outbreak. Source: http://www.pcworld.com/businesscenter/article/172739/pressure_on_microsoft_as_windows_attack_now_public.html
Microsoft considers a critical Windows bug not worthy of an emergency patch!
42. September 29, The Register – (International) Researcher: No emergency patch for critical Windows bug. A security researcher has downplayed the significance of publicly released attack code exploiting a critical vulnerability in newer versions of Windows, saying it is not reliable enough to force Microsoft to issue an emergency patch. Source: http://www.theregister.co.uk/2009/09/29/windows_vista_exploit_released/
What can you do when Microsoft fails to fix a known vulnerability?
30. October 1, The Register – (International) SSL spoof bug still haunts IE, Safari, Chrome. Nine weeks after a hacker demonstrated how to spoof authentication certificates for virtually any Web site on the Internet, users of Internet Explorer and many other applications remain susceptible because Microsoft has not patched the underlying vulnerability. Source: http://www.theregister.co.uk/2009/10/01/microsoft_crypto_ssl_bug/
Note: The DHS only maintains the last ten days of their reports online. To obtain copies of earlier reports or complete summaries, go to: