Get the most from your connected world on every device you own.
Attackers Exploit Unpatched Windows XML Flaw
Hopefully you’ve applied all of the updates and fixes from Microsoft’s Patch Tuesday by now. But, have you also implemented the workarounds Microsoft published? If not, your system could end up compromised.
While organizations and individuals were busy with the Patch Tuesday security bulletins, Microsoft also released an out-of-band security advisory for a flaw in Microsoft XML Core Services that can allow an attacker to gain control of a vulnerable system from across the Internet. The vulnerability affects all supported versions of Windows, and all supported versions of Office 2003 and Office 2007.
Patch Now--Internet Explorer Flaw Under Attack
Have you applied Microsoft’s fixes and updates from the June Patch Tuesday yet? If not, you’re asking for trouble because a vulnerability that was already addressed by Microsoft is being actively exploited in the wild.
Microsoft security bulletin MS12-037 was this month’s cumulative update for Internet Explorer. It is rated as Critical, and addresses 14 separate vulnerabilities that affect every supported version of Internet Explorer in some way.
Why Convenience Is the Enemy of Security
Convenience or security: pick one. It’s actually not that cut and dry, but it is a sliding scale that requires finding the right balance between the two. Tools that make your life more convenient also tend to make it less secure. Technologies that make you more secure are also generally inconvenient.
Think about your house. It would be convenient if the door didn’t even exist and you could just walk in. But, you also want some privacy and you want to prevent roaming animals and random strangers from entering, so you have a door. Of course, other people can also open the door, so you have to go a step further and put a lock on the door. Now you’re home is more secure, but you have to unlock and open the door in order to enter.
How Do You Guard Against Unknown Threats?
Stuxnet was sort of like a shot heard ‘round the world when it comes to malware. It was the first attack which—for all intents and purposes—was developed with a specific strategic target and national defense objectives in mind. State-sponsored cyber warfare has been suspected for sometime, but Stuxnet was the first real indication that it is actually going on.
Then came Duqu, followed by Flame. All three of these malware threats are related in some way, and appear to have similar origins. But, the one thing that seems to stand out for all three is that these threats have been out there circulating on the Internet for years undetected.
Use Social Apps, But Be Careful
Social networks have changed the way people use the Internet, and opened up a whole new realm of opportunities to connect with family, friends, and others with similar interests. However, when you combine social networking with check-ins or location-aware features it can be risky.
Skout, an app devoted to finding people nearby to flirt with, has shut down access to minors following three separate reports of sexual assault. In all three cases—which occurred in three different states—male predators posed as teenagers to seek out victims through the social app.