Posts Categorized: SE Alert

SE Alert – Freak SSL Vulnerability

Recently, news came out of a newly discovered vulnerability dubbed “Freak” that could trick your device into using weak encryption and thereby making it more susceptible to an attack. Initially it was reported to be limited to Android and Apple devices but by Friday it was expanded to include all supported versions of Microsoft Windows. While… Read more »

SE Alert: WinShock Zero-Day Vulnerability

On Tuesday, November 11, 2014, Microsoft announced a recently discovered vulnerability in all versions of the Windows operating system at the same time they released an update to fix this. The IBM researcher who discovered it reports that “The bug can be used by an attacker for drive-by attacks to reliably run code remotely and… Read more »

SE Alert: Ransomware, aka Cryptolocker and now CryptoWall, and the evolving threat.

We have recently seen a significant rise in systems that have become infected with CryptoWall.  We urge you to exercise extra caution in your web browsing and similar caution as you review and process your email. What is CryptoWall? CryptoWall, the successor to the now defunct CryptoLocker, is categorized as a Trojan horse virus.  It,… Read more »

SE Alert: “POODLE” SSLv3 Vulnerability – Update

One of the reasons that the Poodle vulnerability is not assigned the same level of risk as the earlier Heartbleed one is that it requires what is called a “Man in the Middle” attack.  This means in order to exploit Poodle the attacker needs to be able to jump on your Internet connection, most likely… Read more »

SE Alert: “POODLE” SSLv3 Vulnerability

On Tuesday October 14, 2014 a vulnerability in the SSLv3 encryption protocol, commonly referred to as POODLE (Padding Oracle On Downgraded Legacy Encryption), was discovered, see NIST CVE-2014-3566.  What this means is that there is the possibility of a cyber criminal getting access to data you are transmitting between your web browser and the website… Read more »

SE Alert: Bash Bug / Shell Shock Update

Systems Engineering is continuing to manage and mitigate risks resulting from the Bash Bug / Shell Shock vulnerability, CVE-20140-6271.  Discovered on September 24, 2014, Linux, Unix and Apple OS X systems have been affected.  This does not impact Microsoft Windows systems.  At SE, we have taken the following measures; Verified cloud application providers we use… Read more »

SE Alert: Bash Bug

On Wednesday, September 24th, reports came out of a newly discovered vulnerability being referred to as the “Bash Bug”.  Bash is a common function found in Linux, Unix and Mac OSx computers. A recently discovered flaw in it could allow an attacker to execute remote control code. This does not affect Microsoft Windows servers, desktops… Read more »