A recently discovered 0-day attack has been causing organizations with hosted domains everywhere mayhem.  The issue is a vulnerability found in the popular DNS application named BIND. This vulnerability is causing DNS servers to crash and interrupt service.  BIND versions with this vulnerability are unable to complete DNS requests for your hosted domains.  After BIND [...]

Recent discoveries in malicious links coming from Brazil have showed hidden block cipher code imbedded in images.  The discovery is assumed to be the first of its kind coming from the Latin American region. The art of hiding information in images is nothing new and in fact has been practiced for hundreds, if not thousands [...]

DHCP snooping is a relatively new feature that exists in most switch feature sets. While it may have different names from one switch vendor to another, the concept remains the same. DHCP snooping allows network administrators to force the allocation of IP space on specific switch ports to only be provisioned through DHCP from an [...]

With security companies recording known and popular domains used for spreading malicious software, malicious users are constantly looking for new channels to launch their illegal campaigns. A growing trend in the wild is the distribution of malicious code through legitimate domains. A recent victim to this kind of activity would be none other than Amazon [...]

The social media revolution has created a new market for URL shortening services, such as tinyurl.com and bit.ly.  These services take a URL such as http://www.thesecuritysamurai.com/2011/06/23/the-corporate-security-halftime-report-corporations-0-hackers-over-9000-by-rory-smith-soc-analyst/ and create a redirect site at tinyurl.com/<random string of characters> such as tinyurl.com/6b3bktp.  This is particularly useful when linking to articles or media with long URLs such as the [...]

Another vulnerability has popped up affecting Microsoft Excel, that allows an attacker to execute code as the local user logged in to the device in question.  Microsoft Excel is a widely used spreadsheet program.  It has been confirmed that the memory corruption would allow a user to execute code at locally logged on level privileges.  [...]

We are finally halfway through what seems to be one of the most active years in terms of cyber warfare. In the last six months we have seen a variety of industry giants fall prey to malicious attackers. Fox, Google, Lockheed Martin, HB Gary, Sony, PBS, Nintendo, CIA, RSA and the US Senate have been [...]

File Integrity Monitoring Helps Companies Identify and Remediate Imminent Security Breaches Superior, CO – June 21, 2011 – StillSecure®, a managed network security solutions and certified compliance company, today introduced the StillSecure File Integrity Monitoring Service for organizations seeking to ensure that their systems have not been compromised and those currently struggling with regulatory compliance [...]

Code obfuscation is not really anything new. Malware authors are always on the lookout for new techniques to allow them to avoid detection by security products. Common exploit toolkits have even begun to use obfuscation to hide the methods they use to install malware on a victim’s Web site. Spammers also employ obfuscation and non-printing [...]

The cult of Mac has gotten a massive blow this past month as one of its tenants, “Macs don’t get viruses or malware”, was ripped to shreds with the advent of the Mac defender malware.   Mac Defender is a type of malware (also referred to a scare-ware or hijack ware) in which software is installed [...]