Severity: Medium Summary: These vulnerabilities affect: All current versions of Windows (and related components like .NET Framework) How an attacker exploits them: Multiple vectors of attack, though most require authenticated attackers to do things locally Impact: In the worst case, an authenticated attacker can gain complete control of your Windows computer What to do: … [Read more...]
WatchGuard Security Week in Review: Episode 61 – InfoSec UK 2013
AP Twitter Hack, Serial Offenders, and InfoSec UK This week's security highlights video comes a bit early due to my travels in London to attend InfoSec UK. If you're looking for a quick summary of the week's top security news, this is the vlog for you. In today's video, I share a few themes from the biggest security conferences in Europe, news of the AP twitter feed hijack, … [Read more...]
WatchGuard Security Week in Review: Episode 60 – Oracle CPU
Router Hacks, WordPress Attack, and Huge Oracle Update During a week of such tragedy, it's hard to give much thought to network and information security (InfoSec). Yet, we must stay vigilant, lest abhorrent cyber criminals leverage such tragedies against us in social networking campaigns. In this week's InfoSec news summary, I cover Oracle's quarterly Critical Patch Update … [Read more...]
Cisco Cooks Up Bad Passwords by Forgetting to Salt Their Hashes
Earlier this week, Cisco released a security alert describing a weakness in one of the password encryption algorithms they use on certain Cisco IOS and IOS XE devices. Devices that store user credentials tend to use hash algorithms to encrypt plaintext passwords, making it more difficult for attackers to recover those passwords if they somehow gain access t0 the hashed … [Read more...]