Security Blog (13)
Adobe has released a Security Bulletin to address vulnerabilities in Adobe Flash Player 10.0.45.2 and earlier versions and in Adobe AIR 1.5.3.9130 and earlier versions. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
Newport Consulting recommends you review Adobe Security Bulletin APSB10-14 and to update to Adobe Flash Player 10.1 to mitigate the risks.
Microsoft Windows Help and Support Center Vulnerability
Written by Brandon NewportThere is a vulnerability affecting the Microsoft Windows Help and Support Center. This vulnerability is due to bad cleaning of hcp:// URIs. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands.
Newport Consulting recommends you review Vulnerability Note VU#578319 and implement the workarounds to help mitigate the risks and reduce attack vectors.
Google has released Chrome 5.0.375.70 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site scripting attacks, bypass security restrictions, or obtain sensitive information.
Newport Consulting recommends you review the Google Chrome Releases blog entry and update to Chrome 5.0.375.70 to mitigate the security risks.
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SharePoint, and .NET Framework as part of the Microsoft Security Bulletin Summary for June 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.
Newport Consulting recommends you review the bulletins and follow best-practice security policies to determine which updates should be applied.
Apple has released Safari 5.0 and Safari 4.1 for Windows and Mac OS X to address multiple vulnerabilities in ColorSync, Safari, and WebKit. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or conduct cross-site scripting attacks.
Newport Consulting recommends you review Apple article HT4196 and apply any necessary updates to help mitigate the risks.
Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat
Written by Brandon NewportAdobe has released a security advisory notifying all users of a vulnerability in Adobe Flash Player, Reader, and Acrobat. Exploitation of this vulnerability may allow an attacker to execute arbitrary code and take control of the affected system. The advisory indicates that Adobe is aware of active exploitation of this vulnerability.
Newport Consulting recommends you review Adobe security advisory APSA10-01 and apply any necessary workarounds until a fix is released by the vendor.
Microsoft Releases Advance Notification for June Security Bulletin
Written by Brandon NewportMicrosoft has issued a Security Bulletin Advance Notification, indicating that its June release will contain ten bulletins. Three of these bulletins will have the severity rating of critical and are for Microsoft Windows and Internet Explorer. The remaining bulletins will have the severity rating of important and will be for Microsoft Windows, Microsoft Office, and Microsoft Sharepoint Services. Release of these bulletins is scheduled for Tuesday, June 8, 2010.
Google has released Chrome 5.0.375.55 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to bypass security restrictions, execute script in an unsafe context, or mislead users.
Newport Consulting recommends you review the Google Chrome Releases blog entry and update to Chrome 5.0.375.55 to help mitigate any risks.
Almost everyone has a website today, governments, organizations, churches, businesses, individuals, and even some people's pets (yes you read that right). I have seen many websites that would fit under three categories: "The Good, The Bad, and The Ugly". The Ugly speaks for itself so I won't go there. The Good website is one that is well designed and thinks about basic security. Things like never putting your email address on the website. Keeping the code clean and not trying to have too many bells and whistles.
I have been asked over the past few years: "Why exactly do I need a firewall?". This is an easy question to answer, if you do not have a firewall you will be compromised easier and faster than if you have it in place. For instance a study done several years ago resulted in Windows XP SP1 being hacked in less than 6 minutes on the Internet. While operating systems are supposedly more secure now than several years ago, the longer you are online without any protection you increase the likelihood you will be compromised or in hacker terms "owned". While there is not "silver bullet" putting a firewall between your systems and the Internet is vital to the security of your business. Keep this in mind if it takes 6 minutes to hack XP SP1, it means you do not have enough time to patch the system to prevent it. When putting a firewall in place and configuring correctly you will be able to patch your system before it gets hacked. Also the systems on your network cannot be seen by hackers on the outside of the firewall. So while many times firewalls are misconfigured, it is still a vital part of any business to protect the information you have stored on your computer systems.
Upcoming Events
| Basic security for any sized business |
|
Friday, Sep 17, 2010
|