Author: admini

“As I type these words, there is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence,” HostGator said in a post. “This attack is well organized and again very, very distributed; we have seen over 90,000 IP addresses involved in this attack,” it said.

Link: http://www.computerworld.com/s/article/9238377/Wide_scale_attack_against_WordPress_blogs_reported?source=CTWNLE_nlt_dailyam_2013-04-15

Small banking institutions have to depend on third parties to keep them abreast of emerging fraud schemes and attack trends, such as DDoS. First Landmark, however, knew from its founding in 2008 that it had to outsource most of its information technology and security management, says Leigh Pharr, the bank’s senior vice president.

“We are very fortunate in that senior management here and our president are very in-tune with DDoS attacks, and we keep all of our employees well-educated on what might happen, what can happen,” Pharr says. “While we do rely on our core processor to provide us with all of the technical, online banking products, we are not satisfied that is all we need to ensure we are secure and that our accounts are protected,” Pharr says. “That’s why we have hired other third party providers [such as CSI] to come in and test our systems – try to break us. “

As the managers of online-banking platforms for the majority of small and mid-tier banking institutions throughout the U.S., core processors have a responsibility to ensure their institution customers are protected and are investing in up-to-date solutions.

Link: http://www.bankinfosecurity.com/blogs/small-banks-prepping-for-ddos-attacks-p-1449?rf=2013-04-11-eb&elq=1a992929888647e29512fd7c7911f434&elqCampaignId=6408

According to the Security Bulletin Advance Notification for April 2013, the first critical update is for all versions of Internet Explorer (IE), including the newest IE 10, on Windows 8 and RT. This vulnerability should be at the top of patching priority lists as it allows remote code execution through users visiting a compromised website, which is of the most popular attack methods, said Wolfgang Kandek, chief technology officer at security firm Qualys.

Andrew Storms, director of security operations at nCircle, said it is almost certain that this month’s IE patch fixes the Pwn2Own bug from CanSec West.

The second Microsoft security update is aimed at a “critical” vulnerability that affects the Windows Operating System, except the newest versions – Windows 8, Server 2012 and Windows RT for tablets. “The vulnerabilities addressed in these bulletins typically allow the attacker an escalation of privilege from a normal user to an admin-level user once they are already on the machine or can trick the user to open a specifically crafted file,” said Kandek.

Ziv Mador, director of security research at Trustwave, said it would be interesting to find out how the vulnerability in Windows Defender was discovered and disclosed.

There is also an out-of-cycle update for Java from Oracle this month.

Link: http://www.computerweekly.com/news/2240181030/Security-updates-likely-to-keep-admins-busy-this-month?utm_medium=EM&asrc=EM_ERU_21243939&utm_campaign=20130408_ERU%20Transmission%20for%2004/08/2013%20(UserUniverse:%20626713)_myka-reports@techtarget.com&utm_source=ERU&src=5119914