Tech Alert Briefing for 4/13/2007
April 13, 2007
Update covering April 6 - April 12, 2007
Welcome to Tech Talk! In this week's edition of Tech Talk, BOL Guru Jeff Patterson warns about malware lurking on legitimate websites.
BOL GURUYou'll also learn about:
Get the details below.
Free Webinar Series ? Best Practices
Join Harland Financial Solutions for a series of complimentary Webinars focusing on industry trends and best practices. Designed for financial institution executives, you can choose from topics such as Deposit Pricing, Event Detection and Delivery, the latest Deposit Benchmarking research findings, and much more. Click here to view the complete schedule or to register.
Whom Can You Trust?
Be careful where you take your browser.Even legitimate websites may be trying to install malicious software.That's what visitors to computer hardware manufacturer Asus's website discovered.Hackers had compromised the site and inserted an invisible frame on the main page that connected to a malicious site and tried to install software that exploited a known Windows flaw.Read the full story on CNet and ensure all your patches are up to date.
Making Systems Work FOR You
Are your IT systems hindering your ability to market your products?That's what a new study by Accenture says about the IT systems in UK banks.The study says that systems based on older technology aren't allowing banks to effectively find lucrative niche markets.The study specifically states that women are being left out of marketing campaigns.Read the story on Silicon.com and evaluate your systems' ability to tailor products and marketing campaigns to women entering different life stages - such as getting married or having a baby.
Fragmented Mobile Market More Secure
CSOOnline has a unique take on why mobile device security is better than PC security.Most mobile devices don't run Windows.With no single operating system dominating the mobile device market, attackers don't get the return on investment from creating malware for mobile devices that they get from creating malware targeted at Windows.Should a single mobile operating system start taking over the market, the state of mobile security could change rapidly.
April's Patch Tuesday
Microsoft released five critical and one important update for April's Patch Tuesday.Updates were designed to fix vulnerabilities in Content Management, the Client/Server Run-Time Subsystem, Plug and Play, and other systems.Read the bulletin and plan for your latest patch installation.
? And the Morning After
Patch Tuesday was followed by Zero-Day Wednesday in what has become an all too familiar pattern. Three vulnerabilities were announced in Microsoft Office the day after Microsoft's monthly patch release.An additional flaw was discovered just a day later in how Microsoft handles Help files.
Watch for Oracle Patches
Oracle has announced that they will release patches for thirty-seven separate flaws on April 17th as part of their quarterly patch release.Seven of the vulnerabilities could allow for the attacked computer to be remotely compromised.
Time to Get Animated on that Cursor Patch
More than 2,000 malicious sites are now hosting malware that exploits the Windows Animated Cursor flaw.Microsoft released a patch for the flaw last week and has re-released the patch to fix some compatibility issues discovered after users started to install the patch.Find out more on CSOOnline.
Symantec Fix Released
Symantec released a patch for its Enterprise Security Manager application that removes a very critical vulnerability that could allow an attacker to remotely control an affected computer.InformationWeek has additional information on the vulnerability and the patch.
94 Security Gaps Make US-CERT List
The US-CERT Vulnerability Summary for the Week of April 2, 2007 lists sixty-one High, twelve Medium and twenty-one Low severity vulnerabilities. Vulnerabilities were announced in AOL, multiple Cisco products, IBM's Lotus Notes, AIX and Tivoli Provisioning Manager, Kapersky Anti-Virus, Microsoft's Windows 2000, XP, 2003 Server and Vista, Nortel's Meridian Mail, Sprint's Voice Mail and T-Mobile's Voice Mail, PHP, multiple Hitachi products, and VMWare's ESX Server.
Subscribe to Tech Talk and BOL Tech Advisories.
CD ROM Training & Information Security Supplies
CD ROM Training
CD ROM Training
CD ROM TrainingPolicies/Job Descriptions & Related Sites
Information Technology Specialist
Information Systems Security PolicyArchived Technology and eBanking You have access to previous Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking page.
First published on 04/12/2007