ICASI is releasing this alert to provide guidance on a protocol-level design flaw allows for an attacker to perform a man-in-the-middle (MITM) attack on sessions protected by Transport Layer Security (TLS) and Secure Sockets Layer (SSL). This vulnerability could allow an attacker who is able to successfully leverage a MITM attack to prepend data to [...]
ICASI is aware of an industry-wide vulnerability regarding the Domain Name System (DNS). ICASI members have released advisories for their affected products, and ICASI encourages customers to review those advisories and deploy any necessary updates or mitigations in a timely manner. For more information on our members' products, or to report potential security vulnerabilities, please [...]
ICASI is aware of reports that describe a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks. The documented issue affects encryption solutions that implement WPA-TKIP and allows an attacker to inject network traffic between an access point and a client if multimedia extensions are [...]
ICASI is releasing this alert to provide clarity and guidance on issues that have been raised regarding the change to Conficker malware. This alert provides a consolidated view and information from ICASI member companies. The Conficker worm has grown to be a large active botnet. At this time Conficker affects a variety of Windows operating [...]
ICASI is releasing this alert to provide guidance on issues that have been raised regarding the behavior of the Conficker malware threat. Historically, once botnets reach a sufficient size, their purposes tend to evolve and change organically to meet the needs of the owners. This trend is likely to also occur with Conficker, and many [...]
The Industry Consortium for Advancement of Security on the Internet (ICASI) is releasing this alert to provide guidance on issues that have been raised regarding vulnerabilities in Microsoft’s Active Template Library (ATL). These vulnerabilities could result in information disclosure or remote code execution attacks for controls and components built using vulnerable versions of the ATL.