DfenseSolutions

“Microsoft’s recent security updates fail to provide protection against a recently discovered zero-day vulnerability, which could provide opportunities for cyber criminals to compromise PCs.

Several websites were found rigged with a malicious JavaScript detected by Trend Micro as JS_DLOAD.MD. This script exploits this zero-day vulnerability in Internet Explorer, through a Heap Spray on SDHTML. It also checks for the IE version installed on the affected system, since this exploit targets IE7.”  Read more…

“AV-Comparatives, the Austrian team of experts dedicated to antivirus tests acknowledged as a reference point in the field, has published the second part of the mid-year comparative, an ideal addendum to the one already released in the past September. This time the aim is to evaluate the antimalware tools effectiveness against unknown threats, in a test scenario meant to prove the heuristic part and the generic markers of the on-demand scanning engines.”  Read more…

“The Mac community this week has been debating an updated Knowledge Base article on Apple’s Web site that raised questions about the company’s stance on security. The recent update, which was pulled down on Tuesday, originally recommended that users install at least one antivirus software app. It was an odd statement given that Apple has often bashed rival Windows for being less secure than Mac OS X.” Read more…

“Yes, Linux is running on the iPhone. Yes, it’s only the first early port, but it’s the iPhone running the Linux OS, controlled with a USB keyboard running off the iPhone multi-purpose port thanks to the reverser engineering of Apple’s hardware drivers by iPhone Dev Team members.” Read more…

“Two pieces of malicious software affecting Apple’s Mac OS X appeared this week: a Trojan horse with the ability to download and install malicious code of an attacker’s choice, and a hacker tool for creating backdoors, according to security vendors.” Read more…

“Over the last week there has been quite a bit of press about a new Mac OS X Trojan. Secure as it is, generally speaking, OSX is not bullet-proof, much to the despair of Mac enthusiasts like myself.”  Read more…

It is not everyday that you find gems like this. Read more…

“Researchers at Symantec are noting an uptick in USB-based malware as reports surface of a U.S. Army ban on USB devices and portable media.

According to reports on Wired, the U.S. Army has banned the use of USB sticks, flash media cards, CDs and other removable storage due tosecurity concerns and the proliferation of theAgent.btz worm a variant of SillyFDC that spreads by copying itself to thumb drives or other removable media. ” Read more…

In the last couple of posts we have been hinting at safer browsing for users. You might ask the question what does that mean? Well the answer is not so simple and requires multiple layers of defense or as it is called in the industry defense in depth. Again we don’t want to paint a dark picture of the cyber world but with news articles as the following:

• Dental college computer hacked
• Ohio secretary of state’s Web site hacked
• CRIMETRACKER: Web Only- Ebay Hacked
• Huge Web attack infects 500000 pages

Make it somewhat difficult to avoid entering the dark alley filled with malware. There are several ways to minimize the level of risk ranging from a simple approach to a more esoteric approach. In part I of this post we will be discussing the simple approach.  Read more…

“Apple on Friday added anti-phishing protection to Safari, the last major browser to receive the feature that blocks known identity-stealing sites. The company also patched 11 security bugs in the program, the bulk of them specific to the Microsoft Windows version.” Read more…