Security Alerts
Security Warning: Patch for Adobe
Flash Player Vulnerability Being
Exploited in The Wild
6/23/2015
Adobe released a so called "out of band"
patch for Flash Player to remove a vulnerability that is being actively
exploited in the wild via large scale, targeted attacks against
specific industries. Google Chrome browser and Windows 8 and later
include Flash Player built-in. They will need to be updated separately.
ITPS recommends ... read
more >>>
Security Warning:
Vulnerability in Internet Explorer Being
Actively Exploited in Targeted Attack
9/19/2012
Updated
9/21/2012
A
vulnerability in
Internet Explorer 6,
Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 is
being actively
exploited in a targeted attack to install the Poison Ivy backdoor
Trojan horse
program that hackers use to steal data or take remote control of PCs. read
more >>>
Security Warning: Emma
Watson Tops 2012’s
Most Dangerous Celebrities List #riskyceleb
9/10/2012
Searches
for Emma Watson, best known for her role as Hermione Granger in the
Harry Potter movie series, yield nearly a one-in-eight chance of
landing on a website that has tested positive for spyware, adware,
spam, phishing, viruses or other malicious content according to
McAfee's 6th annual Most Dangerous
Celebrities™ research
report. read
more >>>
Security
Warning:
Mass SQL Injection Attack Targets ASP.NET
Sites
10/24/2011
Hackers have
successfully planted malicious JavaScript on about 180,000 web pages
that are built on the Microsoft ASP.Net platform.
The malicious script is using a so called
"drive-by download" that does not require any user action (no need to
open a file or click on a link) other than visiting a webpage that has
been injected. Web sites that you
know and trust might have been affected. The
attacks take advantage of ... read
more >>>
Security Warning:
Unpatched Vulnerability in MHTML Being Exploited
3/11/2011
A
vulnerability in the Windows implementation of HTML that was first
reported at the end of January is now being actively exploited in very
targeted attacks. A patch for this vulnerability is not yet
available and it might require that websites install a patch.
For
now, the best protection is to disable allowing scripts to run in MHTML
documents. read
more >>>
Security Warning:
Emergency Patch for Microsoft ASP.NET Oracle Padding
Vulnerability (MS10-070)
9/28/2010
Microsoft released a so called "out of
band" patch to fix a vulnerability in Microsoft
ASP.NET that could potentially disclose sensitive information.
The vulnerability exists in ASP.NET due
to improper error handling during encryption padding verification.
An attacker who successfully exploited this vulnerability
could read any file within the ASP.NET application,
including the web server configuration information, even if
it was encrypted by the server.
With any vulnerability that prompts an
out-of-band patch, it is extremely critical that you address the
vulnerability as soon as possible if you have vulnerable systems, but
don't panic; most Windows systems will not be affected by this
vulnerability.
read
more >>>
Security Warning: Emergency
Patch for Adobe Reader/Acrobat Vulnerability
8/19/2010
Adobe released an emergency patch to fix three
vulnerabilities in Adobe Reader and Acrobat: (1) An integer
overflow vulnerability related to how the software parses fonts, (2) a
social engineering attack, and (3) Adobe Reader and Acrobat include a
vulnerable version of Adobe Flash Player. read more >>>
Security Warning: Critical
Vulnerability in
Adobe Flash, AIR, Reader, and Acrobat
6/10/2010
A vulnerability
affecting Adobe Flash is being actively exploited on the
Internet. Adobe Flash Player and other Adobe
applications that include the Flash runtime, such as Adobe Reader 9 and
Acrobat 9, are also affected.
Adobe released
a patch for Flash Player on June 10, 2010. Flash is
included
in other products independent of Flash Player.
Windows/Microsoft Automatic Updates will not install the
Flash Player
patch. A patch is not yet available for Adobe Reader or
Acrobat. read
more >>>
McAfee DAT 5958 Causing
Windows XP Systems to Become Unusable
4/20/2010
A false positive malware detection in McAfee DAT
version 5958.0000 released on April 21, 2010 6:00 AM PDT (UTC
-7) can cause Windows XP systems to become unresponsive, lose
network connectivity, get stuck in a restart loop, and become difficult
to use (lose task bar, lose icons, access denied, etc.). read more >>>
Oracle Releases
Emergency Patch for Java Deployment Toolkit
Vulnerability
4/15/2010
A
vulnerability in the Java Runtime Environment is being actively
exploited on the Internet. The vulnerability was publicly
disclosed
on Friday, April 9th after Oracle (which recently purchased
Sun Micro
Systems, the maker of Java) said that they would not make an
emergency
patch for the vulnerability. read
more >>>
Microsoft
to Release Out-Of-Band Patch for Internet Explorer on January 21st
1/20/2010
A
vulnerability in Internet Explorer that was used in attacks called
"Operation Aurora" against Google, Adobe, and over 30 other companies
has been publicly released. read
more >>>
Security Warning: Adobe
Reader and Acrobat
Vulnerability
Being Exploited
12/21/2009
An un-patched vulnerability in Adobe Reader
and Acrobat (for reading and creating PDF documents) is being
actively exploited on the
Internet. Adobe is not planning to release a patch
until
January 12, 2010. read
more >>>
Windows
Automatic Update or Microsoft Update web site getting Error 403 -
Access Forbidden
12/11/2009
When
using Automatic Update or the Windows/Microsoft Update web site, you
might received the error "403 - Access forbidden - You do not have
permission to view this directory or page using the credentials that
you supplied." We are seeing many reports of people getting
this error since yesterday.
This appears to be caused by ... read
more >>>
Security Watch: Microsoft
Out-of-Band Patches for ATL
7/28/2009
Microsoft released two security bulletins
today--one Internet Explorer bulletin and one Visual Studio
bulletin--in a so called Out-of-Band release (outside their normal
schedule of the second Tuesday of each month). We previously warned
that the flaw in Microsoft Video ActiveX control is deeper than the
patch in Microsoft security bulletin MS09-032. These two security
bulletins address that deeper flaw.
The
fact that these security bulletins were released out-of-band is an
indication that Microsoft feels ... read
more >>>
Security Warning: Vulnerable
Adobe Flash Being Exploited in The Wild
7/26/2009
A vulnerability
affecting Adobe Flash is being actively exploited in limited, targeted
attacks on the Internet. Adobe Flash Player and other Adobe
applications that include the Flash runtime, such as Adobe Reader 9 and
Acrobat 9, are also affected. There is currently no vendor patch
available.
Adobe expects to release a patch ... read more
>>>
Security Watch: Vulnerability
in Microsoft Video ActiveX Deeper Than Current Fix
Updated
7/24/2009
The vulnerability in the Microsoft Video ActiveX
control that is being exploited on the Internet, which we previously warned about,
and for which Microsoft released security bulletin MS09-032 on so-called Patch
Tuesday in July, goes deeper than most people realized. Microsoft
announced that they are planning an out-of-band security update that we
are assuming is to fix this vulnerability, not just avoid it as the
previous patch did.
The patch in Microsoft security bulletin MS09-032 does not fix the
vulnerability ... read more
>>>
Security Warning: Vulnerability in
Microsoft Office Web Components Control Being Exploited in The Wild
7/14/2009
Since yesterday, IT Professional Services has been
monitoring a vulnerability in Microsoft Office Web Components Control
that is being exploited on the Internet. Yesterday the SANS
Internet Storm Center raised the Infocon threat level status to yellow
for 24 hours to raise awareness of active exploitation of the Office
Web Components ActiveX vulnerability. So far we know of a
couple hundred web sites (mostly in China (.cn)) that are hosting this
exploit, but we expect ... read
more >>>
Security Warning: Vulnerable
Microsoft Video ActiveX Control Being Exploited in The Wild
Updated 7/14/2009
On so-called Patch Tuesday in July Microsoft
released security bulletin MS09-032 with a patch for
a vulnerability in a Microsoft Video ActiveX
Control (msVidCtl) that is being actively exploited on the Internet
through
drive-by downloads. Initially, there were limited in-the-wild
attacks;
however, the vulnerability is now being exploited to a greater extent,
and exploit code has been publicly published (making it easier for more
use of the exploit). Currently the vulnerability is mostly
being exploited by web sites in China where thousands of hacked web
sites have the malicious code added. Many of these web sites
would not be considered irreputable. The
web sites appear to have been compromised using an exploit kit.
The scope of this attack is likely to increase.
ActiveX control are one of the top targets of
malicious web exploit toolkit developers. ... read
more >>>
Security Warning: New Variant
Conflicker Worm to Activate on April 1
3/20/2009
The Conflicker worm is the most prolific malicious
software
("malware") to appear since the SQL Slammer worm epidemic of 2003.
Researchers claim that today 1 in every 16 PCs across the
world
is affected by Conflicker Worm and the worm had now infected
an
estimated 12 million or more PCs worldwide.
A new variant (C) of the Conflicker worm was
discovered on March 6,
2009. Researchers have found that the worm is set to
take
some action on April 1st ...
read more >>>
Tricks that Could Potentially Open
Up Your Computer to Attacks by Malicious Software
9/30/2008
A recent study conducted by North Carolina State
University psychology researchers found that most Internet users are
susceptible to tricks that could potentially open them up to attacks by
malicious software.
A common way that bad guys try to ...
read more >>>
Just Say "No" to E-Cards
8/8/2008
Most people never consider the dangers of e-cards,
and unfortunately, there are plenty of dangers. Since there are quite a
few e-card scams going around right now, we want to help you make sure
you don't become an e-card scam victim.
We recommend...
read more >>>
|