Putting a Dent in AES-128, by Joshua Roback, SOC Supervisor

The Advanced Encryption Standard (AES) has been a staple for both personal and enterprise encryption since its inception back in 2001.  Up until recently, this standard has stood tall, unaffected by fruitless brute force attacks.  In fact, it would theoretically take 10,000,000 years to crack AES-128 via simply brute force.  AES-128, though, has officially been [...]

“DNS NAPTR Query Vulnerability”, by Cesar Salas, SOC Analyst

A recently discovered Microsoft DNS Server Vulnerability has surfaced, that until recently patched allows any attacker to execute any file type with user level permissions.  The resulting uninitialized memory could intrinsically result in a ‘Denial of Service’ on the target device.  Fortunately on Tuesday, 8/9/2011, Microsoft patched this vulnerability; however a strong lesson is to [...]

The recent memory corruption vulnerability in Microsoft Excel By Cesar Salas, SOC Analyst

Another vulnerability has popped up affecting Microsoft Excel, that allows an attacker to execute code as the local user logged in to the device in question.  Microsoft Excel is a widely used spreadsheet program.  It has been confirmed that the memory corruption would allow a user to execute code at locally logged on level privileges.  [...]

“Cookiejacking” IE vulnerability, by Gabriel Bellas, SOC Analyst

Just recently, we learned that an Italian IT professional by the name of Rosario Valotta discovered a vulnerability that affects every version of Microsoft’s Internet Explorer web browser.  The vulnerability allows a malicious user the ability to steal cookies from a user’s web browser. Once stolen, the sky’s the limit with what can be done [...]

Microsoft’s upcoming Patch Tuesday by Miguel Brito, StillSecure SOC Analyst

Microsoft’s next scheduled Patch Tuesday release is going to be a pretty big deal, quite literally. Microsoft announced that they will be fixing three well-known zero-day bugs. These fixes will be released as twelve updates, which will be correcting a grand total of twenty-two holes. Another bit of unfortunate news for Windows users next Tuesday, [...]