Mozilla Releases Security Update for Firefox

Original release date: April 06, 2015 The Mozilla Foundation has released Firefox 37.0.1 to address two vulnerabilities, one of which may allow a remote attacker to conduct man-in-the-middle attacks. Users and administrators are encouraged to review the security advisories for Firefox and apply the necessary updates. This product is provided subject to this Notification and Read more about Mozilla Releases Security Update for Firefox[…]

Google Releases Security Update for Chrome

Original release date: April 01, 2015 Google has released Chrome 41.0.2272.118 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates. Read more about Google Releases Security Update for Chrome[…]

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Original release date: March 31, 2015 The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 37 Firefox ESR 31.6 Thunderbird 31.6 Users and administrators are encouraged Read more about Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird[…]

Cisco Releases Semiannual IOS Software Security Advisory Bundled Publication

Original release date: March 26, 2015 Cisco has released its semiannual Cisco IOS Software Security Advisory Bundled Publication. This publication includes seven Security Advisories that address vulnerabilities in Cisco IOS Software. Exploits of these vulnerabilities could result in a denial of service (DoS) condition, interface queue wedge, or exchange memory leak. US-CERT encourages users and Read more about Cisco Releases Semiannual IOS Software Security Advisory Bundled Publication[…]

Information Security

Mozilla Releases Security Updates for Firefox, Firefox ESR, and SeaMonkey

Original release date: March 20, 2015 | Last revised: March 23, 2015 The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and SeaMonkey. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 36.0.4 Firefox ESR 31.5.3 SeaMonkey 2.33.1 Users Read more about Mozilla Releases Security Updates for Firefox, Firefox ESR, and SeaMonkey[…]

TA15-051A: Lenovo Superfish Adware Vulnerable to HTTPS Spoofing

Original release date: February 20, 2015 | Last revised: February 24, 2015 Systems Affected Lenovo consumer PCs that have Superfish VisualDiscovery installed. Overview Superfish adware installed on some Lenovo PCs install a non-unique trusted root certification authority (CA) certificate, allowing an attacker to spoof HTTPS traffic. Description Starting in September 2014, Lenovo pre-installed Superfish VisualDiscovery Read more about TA15-051A: Lenovo Superfish Adware Vulnerable to HTTPS Spoofing[…]

Securing your on-line doors and windows

Most homes and businesses have physical security controls including strong locks on doors and windows, a security alarm and CCTV that will deter a thief from attempting to break-in, make a robbery attempt fail or subsequent arrest inevitable. In the UK if a criminal is caught committing a robbery the sentence is from 12 months to life depending on the circumstances.

Theft of customer information, personal details and trade secrets are just three of the key areas in which cyber-crime is increasing, and in many cases, the crime will go unnoticed until the information is used to commit a real-world crime. […]

Information Security

Is it Security Awareness or Training

Earlier today someone suggested that security awareness training should be delivered in a similar manner to the green cross code as the desired outcome for both activities is the same.

As a child I was a proud member of the tufty club, which taught kids from the 1960’s and early 1970’s the dangers of playing near and crossing roads. In the mid 70’s the first version of the Green Cross code was published consisting of a step by step procedure to assist pedestrians cross the road safely. Rather than squirrel and other woodland creatures the code had a superhero called the Green Cross Code man who appeared in adverts from 1975 until until 1990. […]

Evaluating the potential cost of a cyber-attack

Organisations are becoming much more aware of the threat of cyber crime, but many are still finding it difficult to translate this threat into real business terms.  The potential impact of a successful cyber-attack on your business’s bottom line is not that easy to define, because attacks could range from a “drive-by” denial of service attack through to the targeted theft of intellectual property.  […]

Advanced Persistent Threats (APTs)

The term ‘APT’ usually refers to a group, such as a foreign government, with both the capability and the intent to persistently and effectively target a specific entity. It is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage using a variety of intelligence gathering techniques to access sensitive information. […]