October Microsoft Patch Tuesday
Microsoft has announced 13 new patches for its monthly patch release cycle. These patches fix multiple Microsoft products, including Windows, Internet Explorer, Microsoft Office, and Microsoft .NET Framework. Eight patches are rated Critical, and affect all of the previously listed products, thereby allowing for remote code execution on vulnerable systems. Gladiator recommends that users immediately apply all Critical patches to their systems. Detailed information for the patches can be found in Microsoft’s October Security Bulletin.
Multiple Cisco Vulnerabilities
GSA Reference Number: AD090925-01
Simply Put: Cisco has announced eleven new vulnerabilities in multiple Cisco products. Nine of the vulnerabilities affect Cisco’s IOS – the operating system for many Cisco devices. Cisco IOS is present on Cisco routers and switches. Two more vulnerabilities affect Unified Communications Manager. The vulnerabilities cover denial of service and authentication bypass on IOS, as well as denial of service and remote code execution on Unified Communications Manager. Many of these vulnerabilities are considered Critical by Gladiator, since a denial of service on a router would result in loss of Internet access. Note: Cisco Firewalls do not run Cisco IOS and are not vulnerable to these issues.
Malware Basics – Part 2
Part 1 – Recognizing an Infection
Part 2 – Incident Response Plans and Procedures
In the first part of our Gladiator guide on Malware Basics, we discussed different methods of determining whether a device or network has a malware infection. Having discussed how to find these malicious infections, we will now review what to do when your phone begins ringing off the hook with users claiming that “the Internet is slow,” or that their workstations are exhibiting signs of a malware infection. Administrators’ questions at that point usually include, “Where do we go from here? Whom do we notify and what actions need to be performed to ‘clean up’ the device?” The answer to all of these questions should be documented in a formal Malware Incident Response Plan.
Previous Articles
Gladiator Research and Security
This site is here to provide security related information and articles to better protect your financial institutions. We'll be posting advisories, blog entries and trends often so be sure to check back weekly.