Vulnerabilities

Vulnerabilities

Issued by: Security Week

Microsoft Releases Security Update for Flash Player Libraries

While most of this month’s security updates have been postponed to March 14, Microsoft has decided to release one bulletin to address the Flash Player vulnerabilities fixed by Adobe on Patch Tuesday. The critical bulletin, MS17-005, resolves 13 vulnerabilities in the Flash Player libraries used by Internet Explorer 10, Internet Explorer 11 and Edge.

Vulnerabilities

Issued by: Security Week

Google Discloses Unpatched Windows GDI Vulnerability

An unpatched vulnerability affecting the Windows Graphics Device Interface (Windows GDI) was publicly disclosed last week after Microsoft failed to address it within 90 days after being notified. The issue was disclosed by Mateusz Jurczyk, an engineer with Google’s Project Zero team, who initially discovered it along with other bugs in the user-mode Windows GDI…

Vulnerabilities

Issued by: CIO Security

US legislation revived to curb warrantless geolocation tracking

U.S. legislators have reintroduced bills that would place curbs on warrantless access by the government to electronically generated geolocation information of Americans, including on the use of cell-site simulators that can capture cellphone data. Bicameral legislation introduced Wednesday, called the Geolocation Privacy and Surveillance Act, aims to create clear rules for when law enforcement agencies…

Vulnerabilities

Issued by: Security Week

Yahoo Notifies Users of Sophisticated Breach Methods

Yahoo said Wednesday it was notifying some users that hackers may have been able to use a maneuver to break into their accounts without stealing passwords. The latest notifications were in response to the record breach disclosed late last year affecting an estimated one billion users — which involved forging of “cookies” or files used…

Vulnerabilities

Issued by: Security Week

Over a Dozen Code Execution Flaws Patched in Flash Player

Adobe on Tuesday released security updates that address two dozen vulnerabilities in Flash Player, Digital Editions and the Campaigns marketing tool, but none of the flaws have been exploited in the wild. Flash Player 24.0.0.221 patches 13 critical vulnerabilities that can be exploited for arbitrary code execution, including type confusion, integer overflow, use-after-free, heap buffer…

Vulnerabilities

Issued by: Security Week

IaaS Creating New Variant of Shadow IT

Organizations cannot rely on commercial off-the-shelf (COTS) software to fulfil all their IT requirements: almost all companies develop their own custom apps. The majority of these apps, whether internal or internet-facing, currently run on datacenters owned or operated locally. By the end of 2017 this will change — the majority of enterprise custom apps will…

Vulnerabilities

Issued by: Dark Reading

Keep Employees Secure, Wherever They Are

As workers grow more dispersed, organizations need to focus on three areas to maintain security. Nearly 80% of professionals work remotely at least one day a week, and 1.55 billion others are expected to work outside the boundaries of the corporate office by 2020, according to Frost & Sullivan research. This shift to a mobile…

Vulnerabilities

Issued by: Dark Reading

Why You’re Doing Cybersecurity Risk Measurement Wrong

Measuring risk isn’t as simple as some make it out to be, but there are best practices to help you embrace the complexity in a productive way. Here are five. Broadly speaking, cybersecurity is risk identification and risk mitigation in the cyber domain. Measuring risk quantitatively is good because it helps security teams measure their…