Skip to content

Privilege Escalation Vulnerabilities Headline Modest January Security Bulletin

Posted: January 15th, 2014 | Filed under: Web and Application Security | Tags: , , , ,

Microsoft is kicking off 2014 with a modest security bulletin, which includes several vulnerabilities for Windows XP and Windows Server 2003. Luckily, none of this week’s batch contain any critical vulnerabilities. We are graced with ‘Important’-level vulnerabilities across the board.

Nevertheless, as with any security update, we recommend downloading and applying as soon as possible.

Apply all the Patches

MS14-001: Microsoft Office, SharePoint Server, Office Web Apps

Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)

Attention Microsoft Office users with admin privileges: this update is intended for you. It fixes an issue in Microsoft Office that primarily affects 2010 and 2013 versions. If a specifically-crafted malicious file is opened using a vulnerable version of Word or other Office software, remote code can be executed. Microsoft says that a successful attack could allow the hacker gain the same user rights as the current user.

See affected versions and download patches

Read the rest of this entry »

No Comments »

PCI DSS Version 3.0: New and Important Requirements

Posted: November 27th, 2013 | Filed under: IIS & HTTP

PCI DSS is a set of standards developed by major credit card companies to keep credit card information secure and reduce fraud. The standards apply to any organization that processes, stores, or transmits credit card data. Occasionally, the PCI Security Standards Council will announce updates to the standards, which may require approved companies to make changes to their security hardware, software, and practices. The latest updates (PCI DSS Standards 3.0) were introduced a few months back, but recent documentation has shed a bit more light on you need to do to start preparing for compliance once the new rules come into effect on January 1, 2014.

Read the rest of this entry »

No Comments »

4 Ways Reporting and Alerting Are Valuable to Web Security

Posted: October 30th, 2013 | Filed under: IIS & HTTP

Despite our best preventive efforts and proactive measures, practices, and training, security breaches still happen. It is just a fact of life today. The most prepared CISOs could quickly handle a breach if they knew when it was going to occur. But there is no spidey sense that will tingle when a hacker makes his way into your database, or alarm that will sound when a user’s session is hijacked and unauthorized permissions are obtained. But certain activities can help you notice unusual and potentially dangerous activities happening around your web assets. They include:

  • Configuring alerts
  • Using reporting tools
  • Monitoring your app

These activities are vital for effectively dealing with an incident. Alerts (via email, SMS, etc.) offer the application and site owners a way to know that they are under attack. It’s as if the app is shouting “Help! Something is wrong!” And regular use of reports gives site owners a way monitor normal usage on the site and quickly recognize unusual activity. But the benefits do not end there.

Continue Reading

No Comments »

3 Web Security Videos that Will Make You Sleep with the Lights On

Posted: October 30th, 2013 | Filed under: Web and Application Security | Tags: , , ,

From the perspective of a business owner, the web can be a terrifying place, ripe with threats. We’ve compiled a list of our favorite web security videos that will make you want to disconnect from the internet and hide.

Continue Reading

No Comments »

PCI DSS 3.0: What You Need to Know

Posted: October 3rd, 2013 | Filed under: IIS & HTTP

This November, the Payment Card Industry (PCI) Security Standards Council will change the PCI Data Security Standard (PCI DSS) and the Payment Application-Data Security Standard (PA-DSS). This means organizations that handle cardholder data will need to update their security to adhere with the new rules. We’ve read the initial documentation and have laid out some of the biggest changes to prepare for over the coming year.

Continue Reading

No Comments »