DarkFiber Consulting – IT Managed Services

Mozilla Releases Security Advisories

March 1st, 2010 . by DarkFiber Consulting

The Mozilla Foundation has released multiple security advisories to address vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or bypass security restrictions.

DarkFiber Consulting encourages users and administrators to review the Mozilla Foundation security advisories. Firefox users may upgrade to version 3.0.18, 3.5.8, or 3.6 to help mitigate the risks. Thunderbird users should upgrade to version 3.0.2, and SeaMonkey users should upgrade to version 2.0.3 once those updates are released by the vendor.

Malicious Code Circulating via Social Security Administration Phishing Messages

December 10th, 2009 . by DarkFiber Consulting

DarkFiber Consulting is aware of public reports of malicious code circulating via phishing email messages that appear to come from the Social Security Administration. The messages indicate that the users’ annual Social Security statements may contain errors and instruct users to follow a link to review their Social Security statement. If users click this link, they will be redirected to a seemingly legitimate website that prompts them for their Social Security number. If users enter their Social Security number and continue to the next page, they will be given an option to generate a statement. If users attempt to generate a statement, malicious code may be installed on their systems. This malicious code attempts to collect online banking traffic to gain access to the users’ bank accounts.

DarkFiber Consulting encourages users and administrators to take the following preventative measures to help mitigate the security risks:

  • Install antivirus software, and keep the virus signatures up to date.
  • Do not follow unsolicited links and do not open unsolicited email messages.
  • Use caution when visiting untrusted websites.
  • Use caution when entering personal information online.
  • Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
  • Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

DarkFiber Consulting will provide additional information as it becomes available.

Worm Exploiting Microsoft MS08-067 Circulating

November 3rd, 2008 . by DarkFiber Consulting

DarkFiber Consulting is aware of public reports of a worm circulating that has the capability of exploiting the recently patched vulnerability described in Microsoft Security Bulletin MS08-067.

DarkFiber Consulting encourages users to do the following to help mitigate the risks:

  • Review Microsoft Security Bulletin MS08-067 and apply the update or workarounds listed.
  • Install antivirus software, and keep the virus signatures up to date.

DarkFiber Consulting will provide additional information as it becomes available.

Microsoft Revised Security Bulletin MS08-051

August 25th, 2008 . by DarkFiber Consulting

Microsoft has revised Security Bulletin MS08-051, which addresses vulnerabilities in Microsoft PowerPoint. This revision describes a rerelease of the standalone update package for Microsoft Office PowerPoint 2003.

According to Microsoft, users who applied the update provided through Microsoft Update or Office Update do not need to take further action. Users who installed the original standalone update should apply the updated package as described in the revised Microsoft Security Bulletin.

DarkFiber Consulting encourages users and administrators to review Microsoft Security Bulletin MS08-051 and apply or reapply any necessary updates.