The DHS Daily Open Source Infrastructure Report (DHS) covers
the publicly reported material for the preceding day(s) not previously
covered. This weekly summary provides a selection of those items of
greatest significance to the InfoSec professional.
Should you not be aware of even one of the items
discussed below it would be wise to familiarize yourself with it. The headline above each entry will take you
directly to the DHS report which presented the item for ten business days from
the date of inclusion. The Source link
will take you to the original source cited by DHS.
This is a week rife with Microsoft issues. Are you on top of them? It appears that many firms are not securing
personal data. Hopefully, yours is not
amongst them. Also, phishing continues
to grow as an exploit. Are you taking
the action necessary to educated your employees and clients. From what I see, most are not!
Week Ending:
Friday, October 2, 2009
Infrastructure
Report for Monday, 28 September 2009
Is it possible that your firm falls into this statistical trap?
15. September 24, CNET News – (National) Survey: Half of businesses don’t secure personal data. The personal information one gives to businesses may not be as secure as one hopes, according to a new survey. Source: http://news.cnet.com/8301-1009_3-10360639-83.html?tag=mncol;title
Infrastructure
Report for Tuesday, 29 September 2009
Phishing
continues to grow. What are you doing
about it?
36. September 28, The Register – (International) Phishing fraud hits two year high. Phishing attacks reached a record high during the second quarter of 2009, with 151,000 unique attacks, according to a study by brand reputation firm MarkMonitor. Source: http://www.theregister.co.uk/2009/09/28/phishing_fraud_trends/
Infrastructure
Report for Wednesday, 30 September 2009
Pressure on Microsoft increases due to another
Windows attack made public.
46. September 28, IDG News Service – (International) Pressure on Microsoft, as Windows attack now public. Hackers have publicly released new attack code that exploits a critical bug in the Windows operating system, putting pressure on Microsoft to fix the flaw before it leads to a worm outbreak. Source: http://www.pcworld.com/businesscenter/article/172739/pressure_on_microsoft_as_windows_attack_now_public.html
Infrastructure
Report for Thursday, 1 October 2009
Microsoft considers a critical Windows bug not worthy of an
emergency patch!
42. September 29, The Register – (International) Researcher: No emergency patch for critical Windows bug. A security researcher has downplayed the significance of publicly released attack code exploiting a critical vulnerability in newer versions of Windows, saying it is not reliable enough to force Microsoft to issue an emergency patch. Source: http://www.theregister.co.uk/2009/09/29/windows_vista_exploit_released/
Infrastructure
Report for Friday, 2 October 2009
What
can you do when Microsoft fails to fix a known vulnerability?
30. October 1, The Register – (International) SSL
spoof bug still haunts IE, Safari, Chrome. Nine weeks after a hacker
demonstrated how to spoof authentication certificates for virtually any Web
site on the Internet, users of Internet Explorer and many other applications
remain susceptible because Microsoft has not patched the underlying
vulnerability. Source: http://www.theregister.co.uk/2009/10/01/microsoft_crypto_ssl_bug/
Note:
The DHS only maintains the last ten days of their reports online. To
obtain copies of earlier reports or complete summaries, go to:
http://dhs-daily-report.blogspot.com/