Ryan Naraine

Routing and switching giant Cisco Systems has released patches for a pair of denial-of-service and system-access flaws affecting a range of IOS-based devices. The most serious of the two flaws was discovered in the way the Cisco IOS (Internetwork Operating System) processes certain IKE (Internet Key Exchange) Xauth messages when configured to be an Easy […]

Anti-virus vendors have raised the alarm for a malicious new Trojan masquerading as a critical Microsoft security patch. The e-mail-borne attack comes just days ahead of Microsofts scheduled patch day and highlights a growing trend of using social engineering tactics to dupe users into downloading malicious files. According to an advisory from anti-virus specialist Sophos […]

A well-known security consultant last week urged cash-strapped businesses to consider using freely available open-source security tools and applications to help cope with the rising number of malicious hacker attacks. In what was a recurring theme last week at the InfoSec World Conference & Expo here, Matt Luallen, president and principal consultant at Chicago-based Sph3r3 […]

The Mozilla Foundation plans to release a new version of its flagship Firefox browser as early as this weekend to patch a known JavaScript Engine flaw. The flaw, which puts users at risk of information disclosure attacks, already has been fixed in nightly builds, and volunteers at the foundation said a final release on Firefox […]

Software developer Macromedia late Thursday released a temporary workaround to fix a critical security vulnerability in its flagship ColdFusion MX product. San Francisco-based Macromedia Inc. said the patch affects users of ColdFusion MX 6.1 for JRun4 (Updater 1). ColdFusion 7.0 is not affected. The flaw, which was discovered and reported by the ESP Group LLC, […]

Microsoft Corp. on Thursday announced plans to release eight security bulletins on April 12, including “critical” fixes for flaws in several widely deployed applications. As part of its advance notice mechanism, the software giant said five high-priority patches would deal only with flaws in the Windows operating system. Three more bulletins with a maximum severity […]

ORLANDO, Fla.—A well-known security consultant on Tuesday urged cash-strapped businesses to consider using free, readily available open-source security tools and applications to help cope with the rising spate of malicious hacker attacks. In what has become a recurring theme at this years InfoSec World conference here, president and principal consultant at Sph3r3 LLC Matt Luallen […]

Struggling to cope with a dramatic rise in malicious hacker intrusions, a group of 18 network providers and ISPs last week announced plans to share real-time data on cyber-attacks. The vendors, which include Cisco Systems Inc., British Telecommunications plc., EarthLink Inc., MCI Inc. and XO Communications Inc., have formed the Fingerprint Sharing Alliance to automate […]

A moderately critical security flaw in the Mozilla Foundations Firefox Web browser could put users at risk of information disclosure attacks, according to an advisory from security research outfit Secunia. The vulnerability has been confirmed in Firefox 1.0.1 and 1.0.2, the two latest browser releases from the open-source foundation. It also affects the Mozilla suite, […]

ORLANDO, Fla.—Veteran IBM security architect Jeff Crume on Monday urged IT administrators to start thinking like malicious hackers to fully understand the ways in which a corporate network can be breached. In a standing-room-only presentation at the InfoSec World conference here, Crume identified a long list of weaknesses targeted by attackers and recommended that businesses […]