Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

Guest Blog // Selected Security Content Provided By Sophos
What's This?
4/1/2009
01:20 AM
Graham Cluley
Graham Cluley
Security Insights
50%
50%

All's Quiet On The Conficker Front

It's 6:30 a.m. on April Fool's Day here in the U.K., and so far we've not seen any evidence of the Conficker worm "melting your computer," turning off the nation's air defenses, or dialing the local pizza company. My guess is that -- as widely predicted by the security vendors -- Conficker and April 1st was mostly abou

It's 6:30 a.m. on April Fool's Day here in the U.K., and so far we've not seen any evidence of the Conficker worm "melting your computer," turning off the nation's air defenses, or dialing the local pizza company. My guess is that -- as widely predicted by the security vendors -- Conficker and April 1st was mostly about hype rather than havoc.Nevertheless, Conficker remains out there on a lot of computers. If you haven't already done so, download one of the free Conficker removal tools available from your favorite security vendor. (Be careful that you get it from a legitimate site because some hackers are taking advantage of the pandemonium to hide their malware as an anti-Conficker.)

In addition, use this opportunity to review your security in other ways, too. For instance, do you have the latest security patches in place? Have you implemented a policy to control the use of USB drives, or at least prevented AutoRun from allowing code to automatically execute when USB drives are inserted in Windows? Have you toughened your passwords, and made sure that users aren't using dictionary words or dumb numerical sequences?

If you're smart, then you can turn Conficker day into a day to better secure your computer systems for the future.

Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his other blog on the Sophos website you can find him on Twitter at @gcluley. Special to Dark Reading.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "SpearPhish! Everyone out of the office!"
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10100
PUBLISHED: 2019-07-17
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab.
CVE-2019-12175
PUBLISHED: 2019-07-17
In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled.
CVE-2019-12475
PUBLISHED: 2019-07-17
In MicroStrategy Web before 10.4.6, there is stored XSS in metric due to insufficient input validation.
CVE-2019-13346
PUBLISHED: 2019-07-17
In MyT 1.5.1, the User[username] parameter has XSS.
CVE-2019-13403
PUBLISHED: 2019-07-17
Temenos CWX version 8.9 has an Broken Access Control vulnerability in the module /CWX/Employee/EmployeeEdit2.aspx, leading to the viewing of user information.