Blog

By Nancy Rand, Posted in Security

November 17, SecurityWeek – (International) Several vulnerabilities patched in Drupal 7, 8. Drupal released versions 7.52 and 8.2.3 addressing four vulnerabilities including a flaw in Drupal 8 that can be exploited to cause a denial-of-service (DoS) condition with specially crafted URLs via the transliteration mechanism. The updates also resolved a flaw in Drupal 7 that could allow a malicious actor to build a confirmation form Uniform Resource Locator (URL) that redirects victims to third-party Websi... read more.

  • November 18, 2016

By Celeste Collins, Posted in Technology Week in Review

November 14, 2016 Illumio just released Illumio Security Templates, offering ready-to-use security policies for core data center and cloud applications. They are pre-made to secure common applications, providing segmentation without having to reconfigure the network. Intel Security is working with a select group of customers on developing systems to enable human-machine teaming to get the best of both worlds in applying cyber threat intelligence. Distributor Westcon-Comstor is expanding its relationship... read more.

  • November 18, 2016

By Nancy Rand, Posted in Security

November 16, SecurityWeek – (International) Symantec patches DLL hijacking flaw in enterprise products. Symantec released updates to resolve a dynamic-link library (DLL) flaw affecting its IT Management Suite (ITMS) 8.0, Ghost Solution Suite (GSS) 3.1, and Endpoint Virtualization (SEV) 7.x products, which could cause a rogue DLL file to be loaded by the software before the legitimate file, leading to arbitrary code execution, potentially with elevated privileges, as the affected products do not use an... read more.

  • November 17, 2016

By Nancy Rand, Posted in Security

November 15, SecurityWeek – (International) Cryptsetup flaw exposes Linux systems to attacks. Security researchers discovered a vulnerability affecting the disk encryption utility Cryptsetup that could allow attackers with physical access to a targeted Linux system to gain root access to the system, and copy, modify, or destroy data on the hard disk by holding down the “Enter” key for approximately 70 seconds during boot. The flaw occurs when the system partition is encrypted using the Lin... read more.

  • November 16, 2016

By Nancy Rand, Posted in Security

November 11, SecurityWeek – (National) U.S. authorities reach settlement with Adobe over 2013 breach. Authorities in 15 States reached a $1 million settlement with Adobe Systems November 10 after the company reportedly failed to employ reasonable measures to protect its customers’ personal information and detect malicious activity within its network, causing a massive data breach in 2013 that compromised over 150 million records. As part of the settlement, Adobe agreed to institute new policies... read more.

  • November 15, 2016

By Nancy Rand, Posted in Security

November 10, SecurityWeek – (International) Hackers can abuse iOS WebView to make phone calls. A security researcher reported that Apple mobile operating system (iOS) applications such as LinkedIn, Twitter, and others can be abused by a malicious actor to initiate phone calls to arbitrary phone numbers from a victim’s device by convincing a user to open a specially crafted Webpage via an affected app that redirects the victim to a TEL Uniform Resource Identifier (URI), which triggers the call. T... read more.

  • November 14, 2016

By Celeste Collins, Posted in Technology Week in Review

November 7, 2016 The Internet of Things will be at the center of enterprise security and infrastructure readiness for the next several years, a panel of security experts said at Intel Security’s Focus 16 in Las Vegas. Microsoft is adding Microsoft Access to the list of what’s offered in it Office 365 Business and Business Premium plans. Citrix announced that it has been named as a leader in the IDC MarketScape: Worldwide Virtual Client Computing Software 2016 Vendor Assessment. The IDC Market... read more.

  • November 11, 2016

By Nancy Rand, Posted in Security

November 9, IDG News Service – (International) Microsoft patches 68 vulnerabilities, two actively exploited ones. Microsoft released 14 security bulletins resolving a total of 68 vulnerabilities in Windows, Office, Edge, Internet Explorer, and SQL Server. Two of the vulnerabilities have been exploited in the wild, including a zero-day that is being leveraged by a group of attackers dubbed Fancy Bear, APT28 or Strontium, and a second flaw that could allow for remote code execution and enable an attacke... read more.

  • November 10, 2016

By Nancy Rand, Posted in Security

November 7, SecurityWeek – (International) Critical privilege escalation flaws found in MySQL. Oracle Corporation released updates for its MySQL database management systems after a security researcher discovered an arbitrary code execution flaw and race condition issue in MySQL that a malicious actor could chain together to escalate privileges to root and fully compromise a targeted system. Percona released an update for its Percona Server for MySQL and Percona XtraDB cluster to address the same vulne... read more.

  • November 08, 2016

By Nancy Rand, Posted in Security

November 4, Help Net Security – (International) GitLab plugs critical flaw in its code repository manager software. GitLab released security updates for its Community Edition (CE) and Enterprise Edition (EE) of its code repository manager software resolving a critical flaw in the import/export project feature that did not adequately check for symbolic links in user-provided archives, thereby allowing an authenticated user to access the contents of any file accessible to the GitLab service account. Sou... read more.

  • November 07, 2016