Information Security News
Tax office on the hunt for new infosec chief
The Australian Taxation Office (ATO) has kicked off a hunt for a new IT security chief, who will advise chief technology officer Todd Heather on the agency's infosec strategy. It is offering up to $251,000 a year for an experienced security ...
Overview of the September 2014 Microsoft patches and their status.
|#||Affected||Contra Indications - KB||Known Exploits||Microsoft rating(**)||ISC rating(*)|
|MS14-052||Cumulative Security Update for Internet Explorer|
|Microsoft Windows, Internet Explorer
CVE-2013-7331 CVE-2014-2799 CVE-2014-4059 CVE-2014-4065 CVE-2014-4079 CVE-2014-4080 CVE-2014-4081 CVE-2014-4082 CVE-2014-4083 CVE-2014-4084 CVE-2014-4085 CVE-2014-4086 CVE-2014-4087 CVE-2014-4088 CVE-2014-4089 CVE-2014-4090 CVE-2014-4091 CVE-2014-4092 CVE-2014-4093 CVE-2014-4094 CVE-2014-4095 CVE-2014-4096 CVE-2014-4097 CVE-2014-4098 CVE-2014-4099 CVE-2014-4100 CVE-2014-4101 CVE-2014-4102 CVE-2014-4103 CVE-2014-4104 CVE-2014-4105 CVE-2014-4106 CVE-2014-4107 CVE-2014-4108 CVE-2014-4109 CVE-2014-4110 CVE-2014-4111
|MS14-053||Vulnerability in .NET Framework Could Allow Denial of Service|
|Microsoft Windows, Microsoft .NET Framework
|MS14-054||Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege|
|MS14-055||Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service|
|Microsoft Lync Server
Alex Stanford - GIAC GWEB & GSEC
Research Operations Manager,
SANS Internet Storm Center
by Robert Lemos
A variant of the infamous banking trojan Zeus has gone beyond targeting financial accounts, instead striving to collect another type of sensitive business data: customer information.
The variant, known as Dyre, is a banking trojan that first came to light in June when security companies warned that the Zeus knockoff found a way to bypass Web encryption, known as secure sockets layer (SSL). At the time, it targeted some of the largest global banks, such as Bank of America, Citibank, Natwest, RBS, and Ulsterbank. A recent version of Dyre, however, has begun targeting Salesforce, a popular cloud service for storing customer information, according to analyses.
Other cloud services could just as easily be targeted, according to security firm Adallom.
LockPath Helps Companies Comply With PCI DSS 3.0
Marketwired (press release)
OVERLAND PARK, KS--(Marketwired - September 09, 2014) - LockPath, a leader in innovative governance, risk, compliance (GRC) and information security (InfoSec) solutions announced today the release of the Keylight PCI DSS Compliance Solution.
Book Report: Cyberstorm by Matthew Mather
Palo Alto Networks' CTO Rick Howard, believes that one can gain a great deal of infosec knowledge by reading fiction and non-fiction on the subject. In fact, Rick has created a cybersecurity canon, which he describes as, “a list of must-read books ...
AccessData and HP Extend Incident Response Services in the Wake of ...
"HP chose ResolutionOne for its seamless integration into infosec environments, SIEM interoperability and threat feed consumption capabilities for collective intelligence, automated detection, analysis and resolution." "AccessData carries proven and ...
Infosec fact and fiction - Phoenix Distribution Press Office
However, despite this, there are many infosec myths that exist today, and surprisingly, many people still believe them. Simon Campbell-Young, CEO of Phoenix Distribution, says the first and most common misconception is: "It won't happen to me, because ...