The Heartbleed Bug: What is it and what to do about it Don't let it ruin your day

heartbleedThere is a serious bug out there that can compromise your data and you probably wouldn’t know it. [Read more…]

Cisco to Acquire Sourcefire, the Makers of Open Source Snort and Clam AV for $2.7B Hopes to Bolster Security Strategy

cisco-logoCisco Systems today announced an agreement to purchase Sourcefire, the makers of the open source intrusion detection/protection system, Snort, and anti-virus, Clam AV. The deal is reported to be worth about US$2.7 billion in cash. [Read more…]

Zeus Malware Reboot SMEs and Small Financial Institutions Beware

VirusThe Zeus trojan has undergone another version change and is now targeting small to medium businesses (SMB or SME), according to this article by Information Week.

Zeus is a malicious software application (termed malware) that is designed to steal online credentials and other personally identifiable information (PII); it is geared to stealing banking credentials and information from users.

Zeus is a trojan, so it is disguised as something ‘safe’, and usually spread by links via email, comments on websites, and through social media, especially facebook. [Read more…]

Trend Micro – Cybercrime on the Rise in Latin America and the Caribbean ... and what we can do about it!

cybercrimeToday Trend Micro, working jointly with the Organization of American States (OAS), released a study outlining the current state of cybersecurity in Latin America and the Caribbean. The study, while not eye opening – many of the risks have been known by IT Security Professionals for some time – offers a real qualitative and quantitative study of the cybersecurity threats that exists in the region.

While the report focused more on Latin America (the only Caribbean country with significant attention was Jamaica), our close proximity to South and Latin America means that we should consistently remain abreast of the developments there.

I read the reports and have distilled some of the highlights for you. [Read more…]

Widespread Attack on WordPress Websites

Wordpress LoginOver the past 3-4 days there has been a widespread, distributed attack on WordPress sites according to this article by TechCrunch.

The attacks use bots to attempt a brute force attack on WordPress installations using the default “admin” username and a dictionary of passwords.

Many websites, including ours, run on WordPress. It is recommended that you use a different administrative username and a strong password. Even if you are using a different administrative username, you should still use a strong password. See our article – 5 Tips To Help You To Secure and Manage Your Passwords – on tips for strong password creation.

The attacks have died down over time, and many ISPs have put in measures to secure their users. Our ISP put out this notice yesterday. But this is no reason to relax. Security is about eternal vigilance, and you can bet that the next wave is coming.

Security audit finds dev OUTSOURCED his JOB to China to goof off at work Can you stop this from happening in your business?

OutsourcingThis one took me by surprise. The Register reported that a security audit found that a developer OUTSOURCED his job to China to goof off at work. I certainly never thought of this as something that could happen, but it did, and it should be something that businesses should be concerned about. [Read more…]

Java 7 Update 6 0-Day Exploit in the Wild

Java (programming language)

The latest version of Java – Version 7 Update 6 – has several vulnerabilities, one of which a proof-of-concept exploit has been released in the wild. [Read more…]

MySQL Vulnerability Allows Attackers to Bypass Password Verification

Security researchers have released details about a vulnerability in the MySQL server that could allow potential attackers to access MySQL databases without inputting proper authentication credentials.

The vulnerability occurs only on *NIX based systems and Microsoft Windows systems are not affected by this vulnerability.

[Read more…]

CERT-US Advises that 64-bit OSs and virtualization software on Intel 64 chips are vulnerable to hacks

The US Computer Emergency Response Team (US-CERT) has advised that some 64-bit operating systems and virtualization software running on Intel 64 CPU hardware are vulnerable to a local privilege escalation attack. An attacker may exploit the vulnerability to escalate privileges or gain access to the host machine from a guest virtual machine.

The vulnerability is identified as CVE-2012-0217 and stems from the way Intel 64 CPUs have implemented the SYSRET instruction. The vulnerability can only be exploited on Intel CPUs when the Intel 64 extension is in use, that is, using a 64-bit OS; 32-bit OSes are not affected.

[Read more…]

Website Launched!

Globe

After many months in development, Interxect Services has finally launched our website and we could finally get rid of that “Coming Soon” page. We really like the layout and hope you do to.

There is still more to come, such as articles and whitepapers, so check back regularly. Please sign up for our newsletter so that you may be updated on new and interesting developments that may benefit you.

Feel free to contact us to let us know what you think.