Information Security News
You might think that phone call might be unlikely, but as of this week it's built in and is likely happening right now.
I was poking around in the latest version of Sysinternals, and tripped over a new option. You can now submit any running process in memory directly to Virustotal. it's a simple right-click in the latest version of Process Explorer.
If that's not just the coolest thing! If your AV product isn't triggering on a suspect process, you can now query all the AV engines without even having to find or upload the file - - assuming that a file that matches your process even exists - if you're in the midst of a security incident a suspect process might not have a matching file.
Today Microsoft published the advance notification for this months security bulletins. The bulletins will be published on February 11th (coming Tuesday) . Again, we will have a pretty light patch day, with only 5 bulletins, and only 2 of these bulletins are considered critical.
Noteworthy: No Internet Explorer patches and no Office Patches. We will only see Windows Patches, a patch for .Net and a "Security Software" patch.
Not part of the patch Tuesday, but still happening on the same day: Microsoft will no longer allow MD5 hashes for certificates. This may be difficult for some applications that haven't been changed over yet, even though Microsoft gave ample warning, and MD5 hashes have been shown to be badly broken for certificate signatures for a few years now. Just earlier today I ran into a brand new Axis, pretty expensive, network camera that only allows the use of MD5 hashed certificate signatures.
New enterprise security business aims to revolutionise infosec
Computer Business Review
CSG International, a provider of interactive transaction-driven solutions and services, has launched CSG Invotas, a software and services business focused on enterprise security solutions. CSG Invotas offers CIOs and CISOs a "revolutionary approach" to ...
Posted by InfoSec News on Feb 06http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/