Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

Guest Blog // Selected Security Content Provided By Sophos
What's This?
4/1/2009
01:20 AM
Graham Cluley
Graham Cluley
Security Insights
50%
50%

All's Quiet On The Conficker Front

It's 6:30 a.m. on April Fool's Day here in the U.K., and so far we've not seen any evidence of the Conficker worm "melting your computer," turning off the nation's air defenses, or dialing the local pizza company. My guess is that -- as widely predicted by the security vendors -- Conficker and April 1st was mostly abou

It's 6:30 a.m. on April Fool's Day here in the U.K., and so far we've not seen any evidence of the Conficker worm "melting your computer," turning off the nation's air defenses, or dialing the local pizza company. My guess is that -- as widely predicted by the security vendors -- Conficker and April 1st was mostly about hype rather than havoc.Nevertheless, Conficker remains out there on a lot of computers. If you haven't already done so, download one of the free Conficker removal tools available from your favorite security vendor. (Be careful that you get it from a legitimate site because some hackers are taking advantage of the pandemonium to hide their malware as an anti-Conficker.)

In addition, use this opportunity to review your security in other ways, too. For instance, do you have the latest security patches in place? Have you implemented a policy to control the use of USB drives, or at least prevented AutoRun from allowing code to automatically execute when USB drives are inserted in Windows? Have you toughened your passwords, and made sure that users aren't using dictionary words or dumb numerical sequences?

If you're smart, then you can turn Conficker day into a day to better secure your computer systems for the future.

Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his other blog on the Sophos website you can find him on Twitter at @gcluley. Special to Dark Reading.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
The State of Email Security and Protection
Mike Flouton, Vice President of Email Security at Barracuda Networks,  11/5/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Dueling Free Throws A riff on the song Dueling Banjos
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
CVE-2019-18853
PUBLISHED: 2019-11-11
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVE-2019-18854
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.
CVE-2019-18855
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.
CVE-2019-18856
PUBLISHED: 2019-11-11
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.