The Rise of the Ransomware
In the last months we have seen an increase of ransomware attacks. While the first ones we saw were posing as Microsoft to threaten the user because it had been detected a pirated version of Windows, and in case you didn’t pay the fine they would contact the local law enforcement agencies, the new ones [...]—
read the article
Microsoft Security Advisory (2588513): Vulnerability in SSL/TLS Could Allow Information Disclosure – Version: 2.0
Revision Note: V2.0 (January 10, 2012): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS12-006 to address this issue. For more information about this issue, including download links for an available security update, please review MS12-006. The vulnerability addressed is the SSL/TLS Information Disclosure Vulnerability – CVE-2011-3389.
Microsoft Security Advisory (2659883): Vulnerability in ASP.NET Could Allow Denial of Service – Version: 2.0
Revision Note: V2.0 (December 29, 2011): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS11-100 to address this issue. For more information about this issue, including download links for an available security update, please review MS11-100. The vulnerability addressed is the Collisions in HashTable May Cause DoS Vulnerability – CVE-2011-3414.
Microsoft Security Advisory (2659883): Vulnerability in ASP.NET Could Allow Denial of Service – Version: 1.0
Revision Note: V1.0 (December 28, 2011): Advisory published.
Summary: Microsoft is aware of detailed information that has been published describing a new method to exploit hash tables. Attacks targeting this type of vulnerability are generically known as hash collision attacks. Attacks such as these are not specific to Microsoft technologies and affect other web service software providers. This vulnerability affects all versions of Microsoft .NET Framework and could allow for an unauthenticated denial of service attack on servers that serve ASP.NET pages. Sites that only serve static content or disallow dynamic content types listed in the mitigation factors below are not vulnerable.
2012 Security Trends
2011 is coming to an end, so now it’s time to try to see what we have to expect for the next 12 months: Social networks: Social engineering techniques exploiting users’ weaknesses have become the leading attack method in social networks. Trending topics such as the Olympics or the next US Presidential elections will be [...]—
read the article