sans internet storm center

February 18, 2016

This is Why People Fear the ‘Internet of Things’

This post was originally published on this siteImagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware. Now imagine that the geek gear you bought doesn’t actually let you block this P2P communication without some serious networking expertise or hardware surgery that few users would attempt. The FI9286P, a Foscam camera that includes P2P communication by default. This is the nightmare “Internet of Things” (IoT) scenario for any system administrator: The IP cameras that you bought to secure […]
March 14, 2017

Adobe, Microsoft Push Critical Security Fixes

This post was originally published on this siteAdobe and Microsoft each pushed out security updates for their products today. Adobe plugged at least seven security holes in its Flash Player software. Microsoft, which delayed last month’s Patch Tuesday until today, issued an unusually large number of update bundles (18) to fix dozens of flaws in Windows and associated software. Microsoft’s patch to fix at least five critical bugs in the Windows file-sharing service is bound to make a great deal of companies nervous before they get around to deploying this week’s patches. Most organizations block internal file-sharing networks from talking directly to […]
October 11, 2017

Microsoft’s October Patch Batch Fixes 62 Flaws

This post was originally published on this siteMicrosoft on Tuesday released software updates to fix at least 62 security vulnerabilities in Windows, Office and other software. Two of those flaws were detailed publicly before yesterday’s patches were released, and one of them is already being exploited in active attacks, so attackers already have a head start. Roughly half of the flaws Microsoft addressed this week are in the code that makes up various versions of Windows, and 28 of them were labeled “critical” — meaning malware or malicious attackers could use the weaknesses to break into Windows computers remotely with […]
February 13, 2018

Microsoft Patch Tuesday, February 2018 Edition

This post was originally published on this siteMicrosoft today released a bevy of security updates to tackle more than 50 serious weaknesses in Windows, Internet Explorer/Edge, Microsoft Office and Adobe Flash Player, among other products. A good number of the patches issued today ship with Microsoft’s “critical” rating, meaning the problems they fix could be exploited remotely by miscreants or malware to seize complete control over vulnerable systems — with little or no help from users. February’s Patch Tuesday batch includes fixes for at least 55 security holes. Some of the scarier bugs include vulnerabilities in Microsoft Outlook, Edge and […]