Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On November 10, 2016

November 9, IDG News Service – (International) Microsoft patches 68 vulnerabilities, two actively exploited ones. Microsoft released 14 security bulletins resolving a total of 68 vulnerabilities in Windows, Office, Edge, Internet Explorer, and SQL Server. Two of the vulnerabilities have been exploited in the wild, including a zero-day that is being leveraged by a group of attackers dubbed Fancy Bear, APT28 or Strontium, and a second flaw that could allow for remote code execution and enable an attacker to take full control of affected systems. Source

November 8, SecurityWeek – (International) Adobe patches 9 Flash Player flaws reported via ZDI. Adobe released patches addressing nine arbitrary code execution flaws in Flash Player and one security flaw in Connect for Microsoft Windows that could be exploited for cross-site scripting (XSS) attacks after researchers from Trend Micro’s Zero Day Initiative (ZDI) reported the flaws to Adobe. Source

November 8, SecurityWeek – (International) Google patches 23 critical vulnerabilities in Android. Google released its November 2016 Android security patches addressing a total of 83 vulnerabilities in the mobile operating system (OS), including a critical flaw in Mediaserver that could allow an attacker using a maliciously crafted file to cause memory corruption during media file and data processing, a privilege escalation issue in the libzipfile component that could allow a local malicious application to execute arbitrary code, and a remote code execution (RCE) flaw in Qualcomm crypto driver, among other flaws. Source

November 7, SecurityWeek – (International) Cisco resets password on careers portal. Cisco Systems, Inc. prompted a password reset for all user accounts on its Cisco Professional Careers mobile Website after a security researcher discovered a breach in the portal that may have exposed user data including names, addresses, email addresses, phone numbers, and answers to security questions, among other application-related information. The vulnerability was reportedly caused by an incorrect security setting following system maintenance on a third party Website. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.