Infocus: Responding to a Brute Force SSH Attack

Responding to a Brute Force SSH Attack
Read more on SecurityFocus News...

  Adam O'Donnell: The Scale of Security

The Scale of Security
Read more on SecurityFocus News...

  Westin Hotel in LA Acknowledges Data Breach (March 5 & 7, 2010)

A Los Angeles hotel has acknowledged that attackers gained access to some of their computer systems last year.......
Read more on SANS NewsBites...

  Critical Flaw in Opera (March 5 & 8, 2010)

A critical buffer overflow vulnerability in Opera could be exploited to crash browsers, and possibly to execute code remotely.......
Read more on SANS NewsBites...

  Online industry unites against Digital Economy Bill

Google, Yahoo, eBay, Facebook, Orange, Talk Talk and BT have singed an open letter to the Financial Times condemning a bill in parliament that they say “threatens freedom of speech and the open internet”.
Read more on Network World on Security...

  Cyberattacks raise e-banking security fears

Increasing cyberattacks against the online bank accounts of small and mid-size businesses has prompted growing calls for improved online banking security.
Read more on Network World on Security...

  Microsoft Releases Security Advisory to Address VBScript Vulnerability

Microsoft has released a security advisory to address a vulnerability in VBScript. The advisory indicates that this vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. By convincing a user to view a specially crafted HTML document (web page, HTML email, or email attachment) with Internet Explorer and to press the F1 key, an attacker could run arbitrary code with the privileges of the user running the application.US-CERT encourages users and administrators to do the following to help mitigate the risks:

• Review Microsoft Security Advisory 981169.
• Review the Microsoft Security Research & Defense blog entry regarding this issue.
• Review US-CERT Vulnerability Note VU#612021.
• Refrain from pressing the F1 key when prompted by a website.
• Restrict access to the Windows Help System.

  Cisco Releases Multiple Security Advisories

Cisco has released three security advisories to address vulnerabilities.Security advisory, cisco-sa-20100217-fwsm, addresses a vulnerability in the Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers. Successful and repeated exploitation of this vulnerability could result in a denial-of-service condition.Security advisory, cisco-sa-20100217-asa, addresses multiple vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances. These vulnerabilities may allow an attacker to gain unauthorized access to an affected system or cause a denial-of-service condition.Security advisory, cisco-sa-20100217-csa, addresses multiple vulnerabilities in the Cisco Security Agent. These vulnerabilities may allow an attacker to execute arbitrary SQL commands, view and download arbitrary files, or cause a denial-of-service condition.US-CERT encourages users and systems administrators to review Cisco security advisory cisco-sa-20100217-fwsm, cisco-sa-20100217-asa, and cisco-sa-20100217-csa and apply any necessary updates to mitigate the risks.
Read more on US-CERT Current Activity...