Security Now Blog: Addressing Today's Information Security Issues

Zero-day exploit attack alerts on versions of Adobe Acrobat seem to occur so often, people viewing this article might wonder: is this for October 2009, July 2009, or one of the many others from the last two years. Yes, this is yet another one, announced 8 October 2009. BotNet operators are certainly updating their attack code on already infected computers so they can infect any resident PDF documents that might be sent to others. They are placing spiked PDF documents on legitimate websites already compromised. In short, if the only thing standing between you and a nasty PDF is your anti-virus/spyware software, game over! (more…)

Flaws in commonly used programs such as Adobe PDF Reader, Quicktime, Adobe Flash, Microsoft Office, web browsers, and others are far in the way the primary means for cyber criminals to take what they want from consumer and enterprise computers as well as secretly Shanghai them into Botnets. Despite this, consumers and enterprises alike are not only failing to implement long-available vendor patches, but for computer protection, they continue to rely solely on a failing anti-virus/spyware technology. (more…)

The current generation of web browsers have serious structural flaws that pose disturbing security risks.  Sensitive information can be disclosed, credentials/passwords stolen, fraudulent bank transfers conducted, and far more.   The enterprise and consumers can profoundly mitigate these risks without need of a security software product.  However, risks related to these do in fact require immediate action. (more…)

The potential number of yet to be discovered programming mistakes that can be exploited by attackers is at least one or two orders of magnitude greater than previously thought. There’s no end in sight to the relentless onslaught of critical vulnerabilities and security patches for web browser users. Worse yet, the vast majority of computers are ill-prepared for the malware attacks that exploit them. (more…)

Microsoft released five critical security patches for September 2009’s Patch Tuesday, each counters a remote code execution vulnerability. Any Windows computer without these patches, or some means to compensate for these vulnerabilities, is at risk of a zero-day attack that anti-virus/spyware security products will NOT stop. (more…)