The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.
Adobe Flash 10.3.183.7: Users can check their version of Flash and download updates at this site.
F-Secure: This popular program has released patches to several programs to correct a highly critical vulnerability. Updates are available for both F-Secure Anti-Virus 2010 and 2011 and F-Secure Internet Security 2010 and 2011. The program should update itself automatically but users will want to check that they are running the latest versions of these programs.
Google Chrome 13.0.782.215: Google has released Chrome 13.0.782.215 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities, several of which are highly critical. Updates are available from within Chrome via “Customize > About Google Chrome.” (“Customize” is the wrench-shaped icon in the upper right hand corner.)
Java 6 Update 27: Users can check their version of Java and download updates at this site. Users will want to remove older Java versions as these pose a security risk. This can be done from the Windows Control Panel. Instructions are available from Java at this site.
Cisco: Cisco has released three security advisories to address vulnerabilities affecting the Cisco Unified Communications Manager, the Cisco Unified Presence Server, and the Cisco Intercompany Media Engine. These vulnerabilities may allow an attacker to disclose sensitive information or cause a denial-of-service condition. More information is available from US-CERT.
None
ACDSee Photo: Several highly critical vulnerabilities have been identified in various ACDSee photo products. Vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. No patches are available at this time. Readers should refrain from using ACDSee to open untrusted files. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 12.
ACD Systems Canvas CorelDRAW: A highly critical vulnerability has been found in ACD Systems Canvas which can be exploited by malicious people to compromise a user’s system. Users should not view untrusted CDR files. Readers should refrain from opening untrusted files in ACD Systems Canvas. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31.
HTC Mobile Devices: The security vulnerability in the default Twitter application (Peep) in HTC products remain unpatched. Readers should refrain from using the default Twitter application (Peep). We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 11.
Microsoft Windows XP: A less-critical security vulnerability has been found in Windows XP which can be exploited by malicious, local users to disclose potentially sensitive information or cause a DoS (Denial of Service). No patch is available at this time. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 7.
Microsoft Word: A highly critical vulnerability has been found in Microsoft Word XP and 2002. No patch is available at this time. Readers should refrain from opening untrusted files in these earlier versions of Word. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 19.
Microsoft Office for Mac: A highly critical vulnerability has been discovered in Microsoft Office for the Mac which can be exploited by cyber criminals to take control of a user’s computer. Security updates are currently unavailable. Readers should refrain from opening untrusted files in Office. We first alerted readers to this vulnerability in Weekend Vulnerability & Patch Report, May 13, 2011.
Microsoft Reader: The highly critical vulnerability in Microsoft Reader, versions 2.x, remains unpatched. Readers should refrain from opening untrusted files in Reader. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, April 15.
PDF-Pro: Several highly critical vulnerabilities in PDF-Pro, a popular alternative to Adobe Acrobat, remain unpatched. Readers should refrain from opening untrusted files in PDF-Pro. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 4.
Quick View Plus CorelDRAW: A highly critical vulnerability has been found in Quick View Plus which can be exploited by malicious people to compromise a user’s system. Users should not view untrusted CDR files in Quick View Plus. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31.
If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.
If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
DHS warns that Irene could prompt phishing scams: As Hurricane Irene barrels toward the eastern seaboard, the U.S. Department of Homeland Security is warning government agencies and private companies to be on the lookout for storm-related phishing attacks and other malicious cyberactivity. Computer World, August 26, 2011
Child Identity Theft Takes Advantage Of Kids’ Unused Social Security Numbers: Every few weeks, Stephanie McManis receives a phone call from a collection agency asking for someone she never met. She recently opened a letter from a bank threatening to sue her for defaulting on a loan she never took out. She checks her credit report monthly, disputing late payments on emergency room visits she never made. The Huffington Post, August 22, 2011
Google hacking exposes large caches of personal data: Google hacking, which has been on the rise this summer, is a bit of a misnomer. Also known as Google dorking, Google hacking refers to cybercriminals’ enterprising use of Google’s advanced search functions to find caches of valuable data ripe for the taking. USA Today, August 23, 2011
Maine voter registration system breached: The Maine Secretary of State’s Office said Wednesday it is investigating a potential security breach in the computer system that contains records on Maine’s registered voters. Bangor Daily News, August 26. 2011
Researcher battles insulin pump maker over security flaw: A security researcher who has proven he can remotely disable the insulin pump he relies on to keep his diabetes in check says the device maker is refusing to acknowledge the problem and misleading the public. Cnet, August 26, 2011
Fake goods, stolen secrets cost U.S. firms billions: An industrial spy tries to steal $20 million in trade secrets from Minnesota-based Valspar paints. The kingpin of a Houston-based drug counterfeiting ring makes millions plugging his fake pharmaceuticals into the pipeline of Britain’s socialized medical system. In Washington, the Defense Department unwittingly buys and installs knockoff Cisco computer software to track troop movements. The Republic, August 24, 2011
New Data Spill Highlights Risk of Online Health Records: Until recently, medical files belonging to nearly 300,000 Californians sat unsecured on the Internet for the entire world to see. Fox News, August 22, 2011
Consumers Fear Online Fraud and Seek Retailers’ Resolutions: Is consumers’ growing concern for online shopping safety a good thing for brick and mortar retailers? Could some of those customers be willing to pack in their PayPal accounts and abandon their online shopping carts, and find their way back to Main Street USA? A recent Harris Interactive survey commissioned by McAfee makes it seem likely, reporting, “84 percent of consumers say they are at least somewhat concerned about providing their personal information when shopping online. And less than 33 percent of shoppers believe most websites are safe for shopping, an 11 percent dip from 2009.” That leaves only six percent of consumers that aren’t worrying about Internet security. And while you hope that means more customers will hit the storefronts, there are no guarantees. Plus, as multi-channel browsing has become a growing trend, more and more brick and mortars are investing in a B2C site, and it would be a waste of money if consumers online security concerns were not addressed and the B2C sites abandoned. Independent Retailer, August 25, 2011
Source Code For SpyEye Trojan Published; More Exploits On The Horizon, Researcher Says: The source code for SpyEye, an infamous data-stealing Trojan, has been published on the Web and could easily be adapted and used by any savvy cybercriminal with virtually no cost or chance of getting caught, a researcher said Monday. Dark Reading, August 15, 2011
Hybrid Hydras and Green Stealing Machines: Hybrids seem to be all the rage in the automobile industry, so it’s unsurprising that hybrid threats are the new thing in another industry that reliably ships updated product lines: The computer crime world. The public release of the source code for the infamous ZeuS Trojan earlier this year is spawning novel attack tools. And just as hybrid cars hold the promise of greater fuel efficiency, these nascent threats show the potential of the ZeuS source code leak for morphing ordinary, run-of-the-mill malware into far more efficient data-stealing machines. KrebsOnSecurity, August 24, 2011
Researchers See Improvements in Breakaway Zeus Malware: A dangerous piece of malicious code responsible for stealing money from online bank accounts is being updated with new functions after its source code was leaked earlier this year, according to security researchers. PC World, August 25, 2011
Researchers find first Android malware targeting Gingerbread: Researchers have spotted the first malware that exploits a critical vulnerability in Android 2.3, aka Gingerbread, finding samples tucked into legitimate apps on Chinese download sites. Computer World, August 23, 2011
Exclusive: Privacy lawsuit targets comScore: Online data tracking service comScore Inc siphons confidential information including passwords, credit card numbers and Social Security numbers from unsuspecting users, according to a lawsuit filed on Tuesday. Reuters, August 23, 2011
Facebook reworks its maligned privacy settings: Facebook on Tuesday said it was overhauling its privacy settings to give members easier, more precise control over who sees posts, photos and other content over the vast social network. SF Gate, August 24, 2011
New Control Over Privacy on Facebook: Privacy worries have bedeviled Facebook since its early days, from the introduction of the endless scroll of data known as the news feed to, most recently, the use of facial recognition technology to identify people in photographs. The New York Times, August 23, 2011
Moving Toward Trusted Identities: In an effort to alleviate one of the biggest issues in online security—the problem of secure online authentication—the Obama administration recently issued its final National Strategy for Trusted Identities in Cyberspace (NSTIC). The goal is to partner with private sector entities to implement the strategy; that initiative is being led by the Commerce Department and the National Institute of Standards and Technology (NIST). If it works, it could help reduce online fraud and identity theft and spur commerce, according to government officials. It would be particularly useful for online banking and in protecting sensitive electronic medical records. Security Management, August 2011
The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.
RealPlayer 14.0.6: Real has upgraded RealPlayer to correct multiple highly critical vulnerabilities. The update is available inside the program.
RealPlayer Enterprise 2.1.6: Real has upgraded RealPlayer Enterprise to correct multiple highly critical vulnerabilities. The update is available from within the program.
RealPlayer for Macintosh 12.0.0.1701: Real has upgraded RealPlayer for the Mac to correct two highly critical vulnerabilities. The update is available from within the program.
Mozilla Firefox / Thunderbird, version 6: Mozilla has upgraded Firefox and Thunderbird to correct multiple highly critical vulnerabilities. Upgrades are available from within the programs.
Mozilla Firefox 3.6.20 / Thunderbird 3.1.12: Mozilla has upgraded Firefox and Thunderbird to correct multiple highly critical vulnerabilities. Upgrades are available from within the programs.
Mozilla SeaMonkey 2.3: Mozilla has upgraded SeaMonkey to correct multiple highly critical vulnerabilities. The upgrade is available from within the program.
Adobe ColdFusion: A less critical vulnerability has been found in ColdFusion. No patch is available at this time. More information is available from Secunia.
WordPress Plugin Vulnerabilities: Vulnerabilities have been found in nine WordPress Plugins. More information is available from Secunia.
None
ACDSee Photo: Several highly critical vulnerabilities have been identified in various ACDSee photo products. Vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. No patches are available at this time. Readers should refrain from using ACDSee to open untrusted files. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 12.
ACD Systems Canvas CorelDRAW: A highly critical vulnerability has been found in ACD Systems Canvas which can be exploited by malicious people to compromise a user’s system. Users should not view untrusted CDR files. Readers should refrain from opening untrusted files in ACD Systems Canvas. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31.
HTC Mobile Devices: The security vulnerability in the default Twitter application (Peep) in HTC products remain unpatched. Readers should refrain from using the default Twitter application (Peep). We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 11.
Microsoft Windows XP: A less-critical security vulnerability has been found in Windows XP which can be exploited by malicious, local users to disclose potentially sensitive information or cause a DoS (Denial of Service). No patch is available at this time. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 7.
Microsoft Word: A highly critical vulnerability has been found in Microsoft Word XP and 2002. No patch is available at this time. Readers should refrain from opening untrusted files in these earlier versions of Word. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 19.
Microsoft Office for Mac: A highly critical vulnerability has been discovered in Microsoft Office for the Mac which can be exploited by cyber criminals to take control of a user’s computer. Security updates are currently unavailable. Readers should refrain from opening untrusted files in Office. We first alerted readers to this vulnerability in Weekend Vulnerability & Patch Report, May 13, 2011.
Microsoft Reader: The highly critical vulnerability in Microsoft Reader, versions 2.x, remains unpatched. Readers should refrain from opening untrusted files in Reader. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, April 15.
PDF-Pro: Several highly critical vulnerabilities in PDF-Pro, a popular alternative to Adobe Acrobat, remain unpatched. Readers should refrain from opening untrusted files in PDF-Pro. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 4.
Quick View Plus CorelDRAW: A highly critical vulnerability has been found in Quick View Plus which can be exploited by malicious people to compromise a user’s system. Users should not view untrusted CDR files in Quick View Plus. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31.
If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.
If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
eThieves Steal $217k from Arena Firm: Cyber thieves stole $217,000 last month from the Metropolitan Entertainment & Convention Authority (MECA), a nonprofit organization responsible for operating the Qwest Center and other gathering places in Omaha, Nebraska. KrebsOnSecurity, August 16, 2011
BART website hacked, customer info leaked: The amorphous hacker group known as Anonymous made good Sunday on its threat to strike BART, breaching an agency website and releasing customers’ personal information in retaliation for BART’s decision to cut cellular phone service to prevent an antipolice protest in San Francisco. SF Gate, August 15, 2011
AntiSec hackers target Vanguard Defense exec: The hacktivist group AntiSec says it has released a gigabyte of private documents from Vanguard Defense Industries, including e-mails from an executive connected with a cybersecurity organization it has targeted previously. cnet, August 19, 2011
Hackers crack Purdue University server: Hackers illegally accessed a server containing the personal information, including Social Security numbers and course records, of more than 7,000 former Purdue University students. msnbc, August 19, 2011
Fired techie created virtual chaos at pharma company: Logging in from a Smyrna, Georgia, McDonald’s restaurant, a former employee of a U.S. pharmaceutical company was able to wipe out most of the company’s computer infrastructure earlier this year. Computer World, August 16, 2011
Investigation reveals widespread insider hacking at immigration agency: A yearlong probe into computer fraud at an immigration application processing center uncovered multiple incidents of internal hacking where staff accessed management-level emails and other confidential files, according to Homeland Security Department interviews, network analyses and internal emails obtained by Nextgov. Nextgov, August 18, 2011
5 things you probably didn’t know could be hacked: Hackers are making headlines these days like never before. From video game systems to voicemail accounts, it seems like almost every type of electronic device or information storage medium can be hacked to either give up information or perform actions it wasn’t initially designed to do. We’ve gathered a handful of the weirdest hacks out there, and the vulnerability of some of your everyday devices might surprise you. Yahoo News, August 15, 2011
GAO: FDIC cybersecurity lacking: The confidentiality and integrity of the Federal Deposit Insurance Corporation’s information systems are vulnerable, says a Government Accountability Office report (.pdf) published Aug. 12. Weak passwords, poor user-access policies, inconsistent encryption and unsatisfactory patch implementation threaten FDIC’s financial systems and databases, finds the GAO. Fierce Government, August 15, 2011
Beware of Juice-Jacking: You’re out and about, and your smartphone’s battery is about to die. Maybe you’re at an airport, hotel, or shopping mall. You don’t have the power cable needed to charge the device, but you do have a USB cord that can supply the needed juice. Then you spot an oasis: A free charging kiosk. Do you hesitate before connecting your phone to this unknown device that could be configured to read most of the data on your phone, and perhaps even upload malware? KrebsOnSecurity, August 17, 2011
Watch out for botnet-driven Google Dorks, the next automated cyber attacks: Botnets have been taking down web sites for years by overwhelming sites with too much traffic. But now the swarms of compromised computers are being unleashed for the first time on an old kind of vulnerability: Google Dorks. Venture Beat, August 16, 2011
Theft via text: Cars vulnerable to hack attacks: Texting and driving don’t go well together — though not in the way you might think. Computer hackers can force some cars to unlock their doors and start their engines without a key by sending specially crafted messages to a car’s anti-theft system. They can also snoop at where you’ve been by tapping the car’s GPS system. VolunteerTV, August 19, 2011
Programs aim to get the word out when cyber attacks occur: It’s not the loud pronouncements by hacking groups or the highly visible denial-of-service attacks that scare cybersecurity experts. It’s silence. In the escalating battle against cyber attackers, the focus has been on new security software and cyber hygiene, but one of the greatest tools against “the adversary,” as cyber attackers are called in industry parlance, is the relatively low-tech approach of sharing information about attacks. Federal Times, August 20, 2011
The Dangers of Supercookies: Browser cookies have been around almost as long as the web. Invented by an engineer at Netscape in 1994, the method for keeping track of people’s browsing activity started out as a way for e-commerce sites to store your purchases in a shopping cart and are now widely used. But researchers and regulators now think that the evolution of a more advanced type of cookie known, appropriately, as a “supercookie” poses some serious privacy concerns. Used on websites like Hulu and MSN, invasive new tracking techniques like supercookies track users every move, steal your browser history and feed the data to advertisers, largely undetected. And whereas regular cookies are easy to find and delete, supercookies and history-stealing software are almost impossible to get rid of. The Atlantic, August 18, 2011
New documents undermine Murdoch phone-hacking defense: Phone hacking was “widely discussed” at News of the World, the royal correspondent jailed and sacked for the practice wrote in 2007, according to documents released Tuesday by a Parliament committee investigating the scandal. CNN, August 16, 2011
Administration issues far-reaching plan for building cyber workforce: The Obama administration on Friday released the first-ever roadmap for building a U.S. cybersecurity workforce and testing the government’s success at raising public awareness of computer threats. Nextgov, August 12, 2011
The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.
Adobe Updates: Adobe has issued patches to fix a host of critical security flaws in several of its products, including Flash, AIR,Shockwave Player and Photoshop.
Google Chrome 13.0.782.112: Google has released an update to Chrome to patch at least 13 vulnerabilities, several of them highly critical. Updates are available from within Chrome via “Customize > About Google Chrome.” (“Customize” is the wrench-shaped icon in the upper right hand corner.)
McAfee Saas Endpoint Protection Suite 5.2.2: McAfee has released an upgrade to patch two highly critical vulnerabilities in its Endpoint Protection Suite. More information is available at McAfee’s Security Bulletin. The program should update automatically although users can force an upgrade by right-clicking on the McAfee tray icon and select “Update Now.”.
Microsoft Windows and Office Update: Microsoft released 13 updates to fix more than 20 flaws in its Windows Operating Systems, Microsoft Office and Internet Explorer. The IE patch corrects the vulnerability we alerted readers to in Weekend Vulnerability and Patch Report, July 31. Details are available at Microsoft’s August Security Bulletin. Updates can be installed and managed through the Control Panel.
BlackBerry Enterprise Server: RIM has released a security advisory to address critical vulnerabilities in the BlackBerry MDS Connection Service and BlackBerry Messaging Agent for the BlackBerry Enterprise Server. The vulnerability may allow an attacker to execute arbitrary code or gain unauthorized access to the BlackBerry Enterprise Server. More information is available at BlackBerry’s Security Advisory KB27244.
Symantec Endpoint Protection Manager: Multiple vulnerabilities have been discovered in Symantec Endpoint Protection Manager, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks. IT Departments should update to version 11.0.7000 RU7.
WordPress Plugin Vulnerabilities: Vulnerabilities have been found in several WordPress Plugins. These include moderately critical unpatched vulnerabilities in the Link Library plugin; multiple vulnerabilities in the eShop plugin for which a patch is available; an unpatched vulnerability in the Social Slider plugin; a moderately critical unpatched vulnerability in the Media Library Categories plugin; and a moderately critical vulnerability in the UPM Polls plugin for which a patch is available.
None
ACDSee Photo: Several highly critical vulnerabilities have been identified in various ACDSee photo products. Vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. No patches are available at this time. Readers should refrain from using ACDSee to open untrusted files. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 12.
ACD Systems Canvas CorelDRAW: A highly critical vulnerability has been found in ACD Systems Canvas which can be exploited by malicious people to compromise a user’s system. Users should not view untrusted CDR files. Readers should refrain from opening untrusted files in ACD Systems Canvas. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31.
HTC Mobile Devices: The security vulnerability in the default Twitter application (Peep) in HTC products remain unpatched. Readers should refrain from using the default Twitter application (Peep). We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 11.
Microsoft Windows XP: A less-critical security vulnerability has been found in Windows XP which can be exploited by malicious, local users to disclose potentially sensitive information or cause a DoS (Denial of Service). No patch is available at this time. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 7.
Microsoft Word: A highly critical vulnerability has been found in Microsoft Word XP and 2002. No patch is available at this time. Readers should refrain from opening untrusted files in these earlier versions of Word. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 19.
Microsoft Office for Mac: A highly critical vulnerability has been discovered in Microsoft Office for the Mac which can be exploited by cyber criminals to take control of a user’s computer. Security updates are currently unavailable. Readers should refrain from opening untrusted files in Office. We first alerted readers to this vulnerability in Weekend Vulnerability & Patch Report, May 13, 2011.
Microsoft Reader: The highly critical vulnerability in Microsoft Reader, versions 2.x, remains unpatched. Readers should refrain from opening untrusted files in Reader. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, April 15.
PDF-Pro: Several highly critical vulnerabilities in PDF-Pro, a popular alternative to Adobe Acrobat, remain unpatched. Readers should refrain from opening untrusted files in PDF-Pro. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 4.
Quick View Plus CorelDRAW: A highly critical vulnerability has been found in Quick View Plus which can be exploited by malicious people to compromise a user’s system. Users should not view untrusted CDR files in Quick View Plus. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31.
If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.
If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.