Blog Entries

New Botnet Brewing?

There is a lot of buzz circulating right now about the worm associated with MS08-067, known as Conficker or Downadup by most malware protection vendors. Will this become the first huge Botnet of 2009? The infections thus far are reaching into the Millions, and even with Microsoft updated their removal tool for the malware itself it is growing at an alarming rate.

SANS has done some research

into the subject, and you can find other reports all over the place. Here is the latest from [...]

Tough Conversations for 2009

If this first week of 2009 is any indication for the rest of the year, we are in for a wild ride. I regularly touch base with each of our clients to ask the tough questions so I know when things are going good or bad. The economy is not doing anyone any favors right now, and fighting risk is becoming a do or die situation.

There is always the exception to the rule. Forrester sees spending

on the rise for information security according to a recent survey.

http://www.darkreadi [...]

2009, Year of the Ox

Goodbye 2008...

At the strike of twelve tonight we will all toast a glass to the year that was 2008. 2009 is the Year of the Ox according to the Chinese calendar, and when I looked up what this means for good and bad fortune, I got this back:

The Ox

Pragmatic and down-to-earth, Ox people are motivated to work hard and have no respect for lazy or careless people. Although they can be easily trusted and find it easy to put trust in others, they are not dep [...]

Tis The Season (for malware)

Before we all begin winding down this week and getting out to see our families and friends, I would like to share one warning we have already seen posted about digital picture frames.

http://isc.sans.org/diary.html?storyid=5536

If you have this model, please follow the instructions posted. Other models like this, or any attachedmedia may also have a hidden present for you. In the event you do receieve a gift that may be infected, please have your antivirus up to date before hooki [...]

Lessons From the IE7 Patch Fiasco

Two excellent blogs I thought I would share, one about patch management and the other is about what we can learn about browser vulnerabilities in general.

http://www.darkreading.com/blog/archives/2008/12/outofcycle_patc.html

http://www.darkreading.com/blog/archives/2008/12/ie7_0day_lesson.html

Hope you have applied your patches and are moving on from this.

David Feligno

Network Security Group, Inc

Out of Band Patch Scheduled for IE7

Great news! Microsoft will be releasing an out of band patch very soon to address the vulnerability associated with IE7. SANS is covering this story, and has done a wonderful job keeping us all informed, hats off to them.

http://isc.sans.org/diary.html?storyid=5497

David Feligno

Network Security Group

IE 7 Update: Microsoft 's Workarounds

Microsoft has posted potential workarounds for the IE7 vulnerabilities. Not sure when a supported patch will be circulated, but this may give you some protection while we are waiting.

http://isc.sans.org/diary.html?storyid=5479

David Feligno

Network Security Group

Update: IE7 0 Day and other vulnerabilities

Dark Reading has picked this up now as well, and there are other vulnerabilities now coming up that you may want to keep an eye on.

http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=212400508

Latest from SANS is that IE6 and IE8 Beta are also open to in the wild attacks being circulated.

Overview of that:

http://isc.sans.org/diary.html?storyid=5470

SQL Injection Overview from SANS for IE Exploit:

http://isc.sans.org/diary.ht [...]

Alert: 0 Day Exploit for IE7

http://isc.sans.org/diary.html?storyid=5458

The patch for this new exploit was not released this past Tuesday, and we are not exactly sure when it will be publically available. We are guessing that an out of band fix like the MS08-067 may be in the works. Please stay tuned to our website for more details.

Report From PSI 1.0 Launch

I blogged just last week about the release of Secunia's PSI 1.0, which is a software you can use to check if your applications and windows patches are up to date on a daily, weekly, or monthly basis. In a recent article on Dark Reading, it looks like less than 2% of 20,000 machines that were tested actually scored 100%, meaning all applications were patched and up to date. Most of these machineswere consumers, but not all of them, which is alarming considering the technology available to [...]

Secunia PSI 1.0 goes Final Release

One of my favorite tools of all time. Helps keep your PC patched and up to date, and gives you a historical overview of your score each week. Not intrusive as well, barely even know it is there. Best of all, it is free.

http://secunia.com/blog/35/

Hope you enjoy it as much as I have. Cheers to Secunia for creating this wonderful tool.

David Feligno

Network Security Group, Inc

ESET AV 4.0 Beta Now Available

http://www.eset.com/company/article/ESET-Launches-Beta-Program-for-ESET-NOD32-Antivirus-4.0/5472.php?contentID=5472

ESET Launches Beta Program for ESET NOD32 Antivirus 4.0November 26, 2008

ESET NOD32 Antivirus 4.0 Public Beta 1 is now available. The new version of ESET's flagship product incorporates a number of new features that enhance its effectiveness and performance. The beta test version is a precursor of the final product without full functionality and documentation. It is int [...]

Black Friday Malware Targeting MS08-067

As expected, malware authors are starting to target the MS08-067 vulnerability, which Microsoft released an emergency patch for earlier this month. ESET and Sophos are naming these variants Win32/Conficker (ESET), and W32/Confick (Sophos). Please patch your systems if you have not done so already, and make sure that your virus signatures and heuristics are updated to the latest and greatest.

SANS also has information on this, please visit the ISC Diary Page for today, Novembe [...]

Holiday Shopping Survival

The good folks at IBM have written a very nice summary of the dangers everyone will face while doing online shopping for the next few weeks. We found it an excellent read for those interested in what will be going on in the cybercrime world to lure you into their traps.

http://www.darkreading.com/internet/security/showArticle.jhtml;jsessionid=BQZ5SU2JKZ0BQQSNDLPSKHSCJUNN2JVN?articleID=212101431

Be safe out there during the next few weeks, avoid websites you do not usually go to, [...]

ESET Launches Beta of Smart Security 4.0

ESET Smart Security 4.0 Public Beta 1 is now available. This release incorporates many new features and improvements, including: support for Microsoft Windows Live Mail and Mozilla Thunderbird mail user agents scanning of SSL-encrypted HTTPS and POP3S traffic scanning of messages downloaded via the IMAP protocol integrated SysRescue module for creating bootablediscs and USB flash drives integrated SysInspector module for analyzing runnings processes on computer device driver-based cleaning modul [...]

Lightspeed Systems and Vericept Partnership Announced

Lightspeed named distributor of Vericept MonitorTM in K-12 education market; will integrate product with Total Traffic Control to offer unparalleled school network security solution

Bakersfield, CA - Oct. 28, 2008 - Lightspeed Systems Inc., developer of network security software for the education market, and Vericept Corporation, the leading provider of comprehensive compliance and data loss prevention solutions, have partnered to offer one of the most powerful network monitoring and pr [...]

Q1 Labs Releases Free Version of QRadar SLIM

Q1 LABS ANNOUNCES FREE, DOWNLOADABLE, VIRTUAL APPLIANCE FOR LOG AND COMPLIANCE MANAGEMENT

Growing Network Security Management Company Offers Complimentary Version Of Its Popular QRadar SLIM Solution That Enables IT Professionals To Collect, Analyze, Report, and Store Event Logs

WALTHAM, Mass. - November 11, 2008 - Q1Labs, a global provider of security information and event management (SIEM) products, today announced the availability of a free, downloa [...]

ESET Releases Antivirus for Smartphones

ESET Announces Availability of Antivirus for SmartphonesNovember 12, 2008

ESET Mobile Antivirus Integrates Popular NOD32 Scanning Technology with New SMS Protection for Mobile Devices

SAN DIEGO - November12, 2008 - ESET, the leader in proactive threat protection, today announced the availability of ESET Mobile Antivirus, a new security solution for mobile devices. ESET Mobile Antivirus will immediately address mobile malware and SMS-borne threats on Windows Mobile devices, delivering th [...]

Hot Topic: Security and the Economic Crisis

We regularly visit Dark Reading here at the Network Security Group, it is in our opinion one of the best sites on the web for insight into market and technology trends in information security. Over the last few weeks we have noticed a trend not only in some of the articles about the economy, but in the conversations we are having with our clients about the up and coming year. Our goal overthe next few months is to work with our clients to make the most of out of their budgets, not only [...]

Black Tuesday Again

Mutiple critical updates are available today, please check with SANS for a overview of what to expect.

http://isc.sans.org/diary.html?storyid=5324