January 20, Softpedia – (International) Apple releases 28 security fixes for iOS, OS X and Safari. Apple released 28 security patches for its iOS and Mac OS X operating systems (OS) and its Safari web browser through updated versions of OS X El Capitan 10.11.13, Safari 9.0.3, and OS X kernel that addressed critical vulnerabilities and allowed attackers to execute arbitrary code in the operating system’s kernel and execute arbitrary code on the underlying operating system to trick a victim into accessing a malicious website. Source
January 20, Help Net Security – (International) Intel patches MiTM flaw in its Driver Update Utility. Intel Corporation patched a remotely exploitable vulnerability in its Intel Driver Update Utility program that could have been exploited by attackers to conduct a man-in-the-middle (MiTM) attack to corrupt transferred data, leak information, and conduct arbitrary code execution. Source
January 20, SecurityWeek – (International) Oracle released 248 security fixes. Oracle released its Critical Patch Update (CPU) that fixed 248 vulnerabilities including authentication flaws and security issues in its Oracle Database, Java SE, and Oracle E-Business Suite, as well as other products. The company advised users to ensure all their products were updated to the newest versions to avoid exploitation. Source
January 20, The Register – (International) Cisco patches borked web box proxy hole. Cisco released a patch fixing a vulnerability in its Web Security Appliance versions 8.5.3-055, 9.1.0-000, and 9.5.0-235 that allowed unauthenticated remote attackers to circumvent functionality that prevents proxied network traffic and bypass security restrictions due to improper handling of malformed Hypertext Transfer Protocol (HTTP) methods. Source
January 20, SecurityWeek – (International) Critical infrastructure incidents increased in 2015: ICS-CERT. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) reported that there was an increase in incidents involving U.S. critical infrastructure in fiscal year 2015, increasing the total count to 295 incidences. Officials reported the increase was due to a spear-phishing campaign launched by an advanced persistent threat (APT) group against organizations in critical manufacturing, energy, transportation systems, government facilities, healthcare, and the communications sector, among other sectors. Source