Archive for category Advisories

Potential Increase in Malware Delivered by PDF Attachments

The Information Security Office wants to make you aware that a number of vulnerabilities affecting Microsoft Office and Adobe Acrobat were disclosed this week. Furthermore, we have been made aware that savvy criminals are launching phishing campaigns to deliver malware (such as viruses, Trojans, worms, etc.) by sending specially crafted documents (like pdf, PowerPoint) attached [...]

New SSLv3 Vulnerability

Also known as “Poodle”, this vulnerability could allow an attacker to steal web site login information or payment data.
“A vulnerability exists within the SSL version 3.0 protocol… allowing an attacker to hijack and decrypt session cookies that are utilized between a user’s web browser and the web site. This could lead to attackers obtaining enough [...]

Multiple Vulnerabilities Released Today.

Several important vulnerabilities in Microsoft products, including Windows, Office, .NET, Internet Explorer, were released today along with patch information. They are:

Vulnerabilities in .NET Framework Could Allow Remote Code Execution (MS14-057)
Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (MS14-058)
Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (MS14-061)
Cumulative Security Update for [...]

“BadUSB” Exploit

There is a new exploit that has hit the internet called BadUSB that poses a Security threat based on USB devices.  Instructions and applications to create infected USB devices are available on the internet.  The exploit allows installation into the USB’s firmware where it is run automatically when plugged into a computer system.  The firmware [...]

Shellshock – Bash Vulnerability

A serious bug in Bash was discovered last week. According to multiple sources this bug has been in Bash since 1992. Shellshock allows an attacker to execute arbitrary code in Bash by setting specific environment variables. Two CVE numbers have been assigned: CVE-2014-6271and CVE-2014-7169.
If you aren’t a Linux user you may not be familiar [...]