University of Southern California

Category Archives: Security Updates

← Older posts

Kerberos KDC Flaw Requires Microsoft Out-of-Band Patch

Posted on by mbordas

BACKGROUND Hackers have bypassed Microsoft’s previous security patch to address the Object Linking and Embedding (OLE) remote code execution flaw resulting in the company issuing an out-of-band patch this week. IMPACT The vulnerability could allow remote elevation of privilege in … Continue reading

Posted in Patch Tuesday, Security Updates |

Sandworm Vulnerability Requires Another Fix from Microsoft

Posted on by mbordas

BACKGROUND Hackers have bypassed Microsoft’s security patch to address the Sandworm vulnerability in Windows resulting in the company issuing another advisory and warning users of the new threat. IMPACT The vulnerability could allow remote code execution if a user opens … Continue reading

Posted in Malware, Security Updates | Tagged , ,

Adobe Flash Vulnerability Currently Being Exploited

Posted on by mbordas

BACKGROUND There is a vulnerability in Adobe Flash that is being exploited in large scale attacks. The vulnerability is being tracked as CVE-2014-0569 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0558) on the Common Vulnerabilities and Exposures (CVE) database. The exploit includes memory corruption vulnerabilities and an integer overflow vulnerability that … Continue reading

Posted in Malware, Security Updates | Tagged , , ,

Bash Vulnerability Update

Posted on by mbordas

Please note the following updates to the September 25 post regarding the Bash / Shellshock vulnerability.

Posted in Security Breach, Security Updates | Tagged , , , ,

More OpenSSL Vulnerabilities Reported

Posted on by mbordas

Security researchers have recently identified several vulnerabilities in the OpenSSL encryption library in addition to the widely publicized Heartbleed bug (see https://it-security.usc.edu/2014/04/09/openssl-heartbleed-bug​ for more information about Heartbleed). System Administrators within USC’s IT units should complete the action items (fixes) summarized … Continue reading

Posted in Security Updates | Tagged , , ,

TrueCrypt is insecure

Posted on by Robert

The anonymous developers of TrueCrypt warned yesterday “Using TrueCrypt is not secure” and that “the development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP.” They recommend using BitLocker on Windows and provide directions to migrate from TrueCrypt … Continue reading

Posted in Encryption, Security Updates | Tagged ,

Zero-Day Vulnerability in Internet Explorer

Posted on by mbordas

Microsoft has issued a security advisory about a recently discovered zero-day vulnerability in Internet Explorer versions 6 – 11. The vulnerability could allow an attacker to install malware on a system without the user’s knowledge or consent if the user … Continue reading

Posted in Malware, Security Updates |

Heartbleed – vendor updates 2014-04-17 10:56

Posted on by Robert

Below is a partial list of vendors that have released updates to address the Heartbleed vulnerability.
This list will be updated as more information becomes available. Continue reading

Posted in Security Updates | Tagged

Server certificates and Heartbleed

Posted on by Robert

Cloudflare, a large web-hosting company, has a very detailed article on how server certificates are not (in the real world) extractable using the Heartbleed bug: http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed They set up a test server and challenged anybody to obtain the private key. … Continue reading

Posted in Password Security, Recommended Reading, Security Updates | Tagged

Passwords You Need to Change due to the Heartbleed Bug

Posted on by mbordas

Many websites and online services, including Facebook, Instagram, Google, and Yahoo, were affected by the recently announced Heartbleed vulnerability. The site linked below has collected responses from social media, email, financial, and other companies regarding steps they have taken to … Continue reading

Posted in Facebook, Password Security, Security Updates, Social Networking | Tagged

← Older posts