Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Friday, 31 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Daily news digest – 14th November 2013

by The Gurus
June 5, 2020
in Opinions & Analysis
Share on FacebookShare on Twitter

his week saw three of the major web companies issue patches just to make life especially easy for administrators.

As well as Microsoft’s Patch Tuesday, which included eight security bulletins, three of which were rated as critical and addressed 19 distinct vulnerabilities, there were also patches from Adobe and Google. Possibly the most notable of the Microsoft patches was for the Internet Explorer zero-day, which implements a simple kill-bit setting that disables the affected ActiveX control “Information Card Signin Helper”. This was patched with MS13-090.
Tyler Reguly, technical manager of security research and development at Tripwire, said: “IT pros everywhere will have a little less weight on their shoulders because Microsoft shipped a fix for the current IE zero-day. It’s important to note, however, that the fix is not in the traditional IE Cumulative Update (MS13-088) but rather in a separate ActiveX fix (MS13-090).”
In other words, thanks for the patch but it is not the patch we wanted. Ross Barrett, senior manager of security engineering at Rapid7, said that there would be “mixed feelings” of relief and frustration for Windows and Security administrators alike as while there were no complicated patches, there was no  fix for the exploited Office vulnerability, which was described in advisory 2896666.
“The reality is it’s in very limited, targeted exploitation in a specific region AND it requires user interaction to exploit, so I would not worry about it too much.  At risk and high value systems should have the mitigations in place already, and if not, I suggest you investigate EMET.  If you fear that you are at risk of being targeted, apply the fix it,” Barrett said.
Elsewhere, Adobe’s released just two Flash updates this week that it said “address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system”
Finally, Google fixed 12 flaws in Chrome, including six high-risk bugs of which two of the more serious vulnerabilities included use-after-free bugs in various elements of the browser, and there also are two out of bounds reads in the browser. So not a quiet weekend watching sport for the administrators this weekend.
Going back to Adobe, and it seems that the stories about the October breach will not stop spiralling as not only has it emerged that 234,979 of the breached credentials belonged to military and government users, but this has led to Facebook having to warn users about passwords as it is likely that many users share passwords across both applications.
In other password-stealing news, the user forum Macrumors was hacked with a potential 860,000 usernames, email addresses and encrypted p
asswords snatched, while the loyalty card scheme LoyaltyBuild was also attacked and saw 1.5 million details breached. So what is the answer, is it is a case of don’t put your details into any website on the grounds that they may one day be attacked, or take the risk? It seems that a risk management strategy could be more than just for businesses.
Finally, it seems that no news digest is complete without a reference to the US government of some sort, and this time it is in regard to reported attacks against the Obamacare website, after CNN reported that hackers had attempted more than a dozen cyber attacks against the website.
A top Homeland Security Department official said that the attacks failed, but the DDoS attack, called “Destroy Obama Care,” was recently spotted on a file-sharing site. Arbor Networks, who detected it, said there was no evidence that the program had been launched to attack the troubled federal portal for consumers to shop for health coverage, but its capability had been noted. Once again it seems that a central repository of data is an easy target and kudos for Obamacare for holding the attackers off, for now.
FacebookTweetLinkedIn
Tags: application securityBreachGovernmentpasswords
ShareTweetShare
Previous Post

The return of Anonymous

Next Post

IT Security Guru meets Lotus F1

Recent News

Data Privacy Day: Securing your data with a password manager

For Cybersecurity, the Tricks Come More Than Once a Year

March 31, 2023
cybersecurity training

Only 10% of workers remember all their cyber security training

March 30, 2023
Pie Chart, Purple

New API Report Shows 400% Increase in Attackers

March 29, 2023
Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis

March 29, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information