Early November Security UpdatesThere have been a large number of security issues in the news lately. Be sure you have taken a look at the latest news to keep yourself up to date:
A lot of organizations have taken a look at the CryptoLocker story, but one of the best articles comes from Krebs On Security at http://krebsonsecurity.com/2013/11/how-to-avoid-cryptolocker-ransomware/ If you haven't already read it, the above article is certainly worth the read!
Microsoft zero-day Graphics Vuln:
Microsoft announced on Tuesday, 11/3 that a zero-day vulnerability is being used to launch attacks. Trend Micro has a rundown of the attack at http://blog.trendmicro.com/trendlabs-security-intelligence/how-to-avoid-the-latest-microsoft-office-zero-day-threat/ .
Security researcher Dragos announced he had noticed an interesting new form of Malware. While the media has covered this as "using a microphone and speaker to spread a virus," this really isn't what happens. The reality is that two infected systems can use the mics/speakers to exchange information. A good write up can be found on ars at http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/
Social Engineering via Phone more dangerous than Malware:
An article appeared on slashdot talking about the DEF CON 21 social engineering challenge where the results indicated that social engineering attacks are still really effective. Write up at Help Net Security: http://www.net-security.org/secworld.php?id=15856