Apple QuickTime 7.7.1: Apple has released an update to QuickTime to address multiple highly critical vulnerabilities. Updates are available from Apple’s download site.
D-Link Firmware Updates: D-Link has released firmware updates to correct multiple highly critical vulnerabilities in the following products: D-Link DES-3800 series; D-Link DWL-2100AP; D-Link DWL-3200AP. More information is available from D-Link.
Google Chrome 15.0.874.106: Google has updated Chrome to address multiple vulnerabilities, several of them critical. Updates are available from within Chrome via “Customize > About Google Chrome.” (“Customize” is the wrench-shaped icon in the upper right hand corner.)
HTC Smartphones: HTC is finally pushing out an Over-the-Air update to fix the critical security vulnerabilities we reported in our Cyber Security News of the Week, October 9, 2011, According to Android Police, the update is not yet available for all HTC devices. To see if the update is available for your Android smartphone, go into the Settings menu and tap About Phone > System Update > HTC software update.
Adobe Flash: The current version is 11.0.1.152
Java: The current version is SE 6 Update 29.
None
McAfee Web Gateway 7.1.5.2: McAfee has updated its web gateway to address a security vulnerability. More information is available from McAfee.
VMWare: Several vulnerabilities, some highly critical are reported in VMWare. Updates are available for some, but not all, of the vulnerabilities. More information is available from VMWare.
Cisco: Cisco has released four security security advisories to address vulnerabilities affecting Cisco Unified Contact Center, Cisco WebEx Player, Cisco Security Agent, and Cisco Unified Communication Manager.More information is available at US-CERT.
Adobe Photoshop Elements: Adobe versions 1 – 8 contain a highly critical unpatched vulnerability. The vulnerability is confirmed in version 8.0 20090905.r.605812 and Adobe reports that the vulnerability affects versions 8.0 and earlier. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, October 9, 2011.
ACDSee Photo: Several highly critical vulnerabilities have been identified in various ACDSee photo products. Vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. No patches are available at this time. Readers should refrain from using ACDSee to open untrusted files. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 12. We alerted readers to a second vulnerability in FotoSlate in Weekend Vulnerability and Patch Report, September 18.
ACD Systems Canvas CorelDRAW: A highly critical vulnerability has been found in ACD Systems Canvas which can be exploited by malicious people to compromise a user’s system. Users should not view untrusted CDR files. Readers should refrain from opening untrusted files in ACD Systems Canvas. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31.
HTC Mobile Devices: The security vulnerability in the default Twitter application (Peep) in HTC products remain unpatched. Readers should refrain from using the default Twitter application (Peep). We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 11.
Microsoft Office Publisher 2007: A moderately critical vulnerability has been reported in Microsoft Office Publisher. No patch is available at this time. Readers are advised to not use content from untrusted sources. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, October 23, 2011.
Microsoft Windows XP: A less-critical security vulnerability has been found in Windows XP which can be exploited by malicious, local users to disclose potentially sensitive information or cause a DoS (Denial of Service). No patch is available at this time. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 7.
Microsoft Word: A highly critical vulnerability has been found in Microsoft Word XP and 2002. No patch is available at this time. Readers should refrain from opening untrusted files in these earlier versions of Word. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 19.
Microsoft Office for Mac: A highly critical vulnerability has been discovered in Microsoft Office for the Mac which can be exploited by cyber criminals to take control of a user’s computer. Security updates are currently unavailable. Readers should refrain from opening untrusted files in Office. We first alerted readers to this vulnerability in Weekend Vulnerability & Patch Report, May 13, 2011.
Microsoft Reader: The highly critical vulnerability in Microsoft Reader, versions 2.x, remains unpatched. Readers should refrain from opening untrusted files in Reader. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, April 15.
PDF-Pro: Several highly critical vulnerabilities in PDF-Pro, a popular alternative to Adobe Acrobat, remain unpatched. Readers should refrain from opening untrusted files in PDF-Pro. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 4.
Quick View Plus CorelDRAW: A highly critical vulnerability has been found in Quick View Plus which can be exploited by malicious people to compromise a user’s system. Users should not view untrusted CDR files in Quick View Plus. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31.
If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.
If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
They sky is not falling. But cyber crime is real and it’s a serious financial problem for its victims. That’s why our story of the week is a warning from Business News Daily with the provocative headline Small Businesses Don’t Take Cybersecurity Seriously.
Citadel works with small business leaders every day and — based on our experience — the reason small businesses don’t take cybercrime seriously is that they see it primarily as something their IT people are managing, not yet realizing the critical importance of their own leadership. This includes establishing clear policies and standards for information use, explicitly assigning cyber security management responsibility to a member of the senior management team, providing cyber security awareness training and education to all information users, and ensuring that IT personnel are effectively managing the security of the IT infrastructure.
Chasing APT: Persistence Pays Off: The IT director for an international hedge fund received the bad news in a phone call from a stranger: Chinese hackers were running amok on the fund’s network. Not seeing evidence of the claimed intrusion, and unsure about the credibility of the caller, the IT director fired off an email to a reporter. KrebsOnSecurity, October 27, 2011
Small Businesses Don’t Take Cybersecurity Seriously: Small business owners have a false sense of security when it comes to protecting their business from cyberthreats, new research shows. BusinessNews Daily, October 26, 2011
FCC Creating Small Biz Cybersecurity Planner: FCC Chairman Julius Genachowski Monday plugged an online tool — the Small Biz Cyber Planner — which will help small businesses protect against cybersecurity attacks. October is National Cybersecurity Month. Broadcasting & Cable, October 24, 2011 [The tool is scheduled to be available in November. Citadel will alert readers when it is released.]
Balancing act: Cybersecurity vs. cuts: While Defense Secretary Leon Panetta recently warned of “a cyberattack that could be the equivalent of Pearl Harbor,” some worry that cuts being mulled over by Congress and the White House could sink the nation’s nascent cyberdefenses. Politico, October 23, 2011
From power plants to prison gates, electronic equipment opens holes for computer hackers: SAN JOSE, Calif. – When a computer attack hobbled Iran’s unfinished nuclear power plant last year, it was assumed to be a military-grade strike, the handiwork of elite hacking professionals with nation-state backing. Canadian Business, October 24, 2011
A Cybersecurity Nightmare: The world of cybersecurity is starting to resemble a paranoid thriller. Shadowy figures plant malicious software, or “malware,” in our computers. They slip it into e-mails. They transmit it over the Internet. They infect us with it through corrupted Web sites. They plant it in other programs. They design it to migrate from device to device—laptops, flash drives, smartphones, servers, copy machines, iPods, gaming consoles—until it’s inside our critical systems. As even the most isolated systems periodically need new instructions, new data or some kind of maintenance, any system can be infected. Scientific American, November 8, 2011
Hackers Release DoS Attack Tool Targeting SSL Servers: A hacker group has released a proof-of-concept tool that exploits how encryption keys can be renegotiated to launch a distributed denial of service attack against Secure Sockets Layer servers. eWeek, October 25, 2011
How Revolutionary Tools Cracked a 1700s Code: It has been more than six decades since Warren Weaver, a pioneer in automated language translation, suggested applying code-breaking techniques to the challenge of interpreting a foreign language. In an oft-cited letter in 1947 to the mathematician Norbert Wiener, he wrote: “One naturally wonders if the problem of translation could conceivably be treated as a problem in cryptography. When I look at an article in Russian, I say: ‘This is really written in English, but it has been coded in some strange symbols. I will now proceed to decode.’” That insight led to a generation of statistics-based language programs like Google Translate — and, not so incidentally, to new tools for breaking codes that go back to the Middle Ages. The New York Times, October 24, 2011
Java 6.29: Oracle has released SE 6 Update 29 to patch at least 20 security vulnerabilities, many of them highly critical. Readers can check their version of Java and update to the latest version at the Java Update Site.
Opera 11.52: The highly critical security vulnerability identified last week in Opera has been patched. To update: Help> Check for Updates.
Google Chrome: A vulnerability has been reported in Google Chrome. No patch is available at this time. Readers are advised to not open files in Chrome from untrusted sources.
Microsoft Office Publisher 2007: A moderately critical vulnerability has been reported in Microsoft Office Publisher. No patch is available at this time. Readers are advised to not use content from untrusted sources.
Cisco: Cisco has released two security advisories to address vulnerabilities affecting CiscoWorks Common Services and Cisco Show and Share. More information is available from US-CERT.
Oracle October Patch Update: Oracle has released its Critical Patch Update Advisory for October 2011 to address 77 vulnerabilities across multiple products. More information is available from US-CERT.
Adobe Photoshop Elements: Adobe versions 1 – 8 contain a highly critical unpatched vulnerability. The vulnerability is confirmed in version 8.0 20090905.r.605812 and Adobe reports that the vulnerability affects versions 8.0 and earlier. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, October 9, 2011.
ACDSee Photo: Several highly critical vulnerabilities have been identified in various ACDSee photo products. Vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. No patches are available at this time. Readers should refrain from using ACDSee to open untrusted files. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 12. We alerted readers to a second vulnerability in FotoSlate in Weekend Vulnerability and Patch Report, September 18.
ACD Systems Canvas CorelDRAW: A highly critical vulnerability has been found in ACD Systems Canvas which can be exploited by malicious people to compromise a user’s system. Users should not view untrusted CDR files. Readers should refrain from opening untrusted files in ACD Systems Canvas. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31.
HTC Smartphones: As we reported in our Cyber Security News of the Week, October 9, 2011, HTC has confirmed a data-leakage vulnerability in some smartphone models that it manufactures and said it’s working on a fix. According to HTC, when the patch is ready, it will be sent over-the-air to customers, who will be notified to download and install it. My search of the news speaks of the fix in the future tense. We have not yet seen news that HTC has fixed this vulnerability.
HTC Mobile Devices: The security vulnerability in the default Twitter application (Peep) in HTC products remain unpatched. Readers should refrain from using the default Twitter application (Peep). We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 11.
Microsoft Windows XP: A less-critical security vulnerability has been found in Windows XP which can be exploited by malicious, local users to disclose potentially sensitive information or cause a DoS (Denial of Service). No patch is available at this time. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 7.
Microsoft Word: A highly critical vulnerability has been found in Microsoft Word XP and 2002. No patch is available at this time. Readers should refrain from opening untrusted files in these earlier versions of Word. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 19.
Microsoft Office for Mac: A highly critical vulnerability has been discovered in Microsoft Office for the Mac which can be exploited by cyber criminals to take control of a user’s computer. Security updates are currently unavailable. Readers should refrain from opening untrusted files in Office. We first alerted readers to this vulnerability in Weekend Vulnerability & Patch Report, May 13, 2011.
Microsoft Reader: The highly critical vulnerability in Microsoft Reader, versions 2.x, remains unpatched. Readers should refrain from opening untrusted files in Reader. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, April 15.
PDF-Pro: Several highly critical vulnerabilities in PDF-Pro, a popular alternative to Adobe Acrobat, remain unpatched. Readers should refrain from opening untrusted files in PDF-Pro. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 4.
Quick View Plus CorelDRAW: A highly critical vulnerability has been found in Quick View Plus which can be exploited by malicious people to compromise a user’s system. Users should not view untrusted CDR files in Quick View Plus. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31.
If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.
If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
It’s said that you can’t manage what you can’t measure. This week’s lead story comes from The Economist, questioning the numbers we use to measure the seriousness of cyber crime.
Measuring the black web: Is cybercrime as big as its foes fear?: BIG numbers and online crime go together. One well-worn assertion is that cybercrime revenues exceed those from the global trade in illegal drugs. Another nice round number is the $1 trillion-worth of intellectual property that, one senator claimed earlier this year, cybercriminals snaffle annually. It is hard to know what to make of these numbers… The Economist, October 15, 2011
Widely Used Encryption Standard Is Insecure, Say Experts: A weakness in XML Encryption can be exploited to decrypt sensitive information, researchers say. XML Encryption is used for securing communications between Web services by many companies, including IBM, Microsoft and Red Hat. Researchers Juraj Somorovsky and Tibor Jager from the Ruhr University of Bochum (RUB) in Germany, devised an attack that decrypts data secured with the DES (Data Encryption Standard) or the AES (Advanced Encryption Standard) in CBC (cipher block chaining) mode. They plan to present their findings in more detail at the ACM Conference on Computer and Communications Security later this year. PC World, October 22, 2011
Social Security agency leaks thousands of SSNs every year, report says: The Social Security Administration (SSA) puts thousands of Americans at risk of identity theft each year by accidentally leaking their Social Security Numbers, names and dates of birth, according to an investigative report by the Scripps Howard New Service. Computerworld, October 14, 2011
Exclusive: Nasdaq hackers spied on company boards: Hackers who infiltrated the Nasdaq’s computer systems last year installed malicious software that allowed them to spy on the directors of publicly held companies, according to two people familiar with an investigation into the matter. Reuters, October 20, 2011
Medical Identity Theft a Growing Problem: WASHINGTON — Nearly four out of 10 doctors and hospitals surveyed have caught a patient trying to use someone else’s identity in order to obtain healthcare services, according to a new survey from accounting firm PricewaterhouseCoopers (PwC). Medpage Today, September 23, 2011
US companies pushed to disclose cyberattacks: Public companies may need to look more closely at their exposure to cyberattacks after new guidelines were released this week by the U.S. Securities and Exchange Commission. Computerworld, October 14, 2011
SpyEye malware continues to plague computers: The SpyEye banking malware continues to plague computers across the world and is proving to be a difficult foe to detect and remove from infected Windows PCs, according to two researchers from EMC’s RSA security division. Computerworld, October 14, 2011
Bing, Yahoo sponsored results lead to hard-to-remove rootlet: Searching for Flash Player on Bing and Yahoo can lead to rogue pages distributing a hard-to-remove rootkit, according to security researchers from antivirus vendor GFI Software. Computerworld, October 14, 2011
Measuring the black web: Is cybercrime as big as its foes fear?: BIG numbers and online crime go together. One well-worn assertion is that cybercrime revenues exceed those from the global trade in illegal drugs. Another nice round number is the $1 trillion-worth of intellectual property that, one senator claimed earlier this year, cybercriminals snaffle annually. It is hard to know what to make of these numbers… The Economist, October 15, 2011
Shady Reshipping Centers Exposed, Part I: Last week, authorities in New York indicted more than 100 people suspected of being part of a crime ring that used forged credit cards to buy and resell an estimated $13 million worth of Apple products and other electronics overseas. In this post, I offer readers a behind-the-scenes look at a somewhat smaller but similar organized crime operation that uses stolen credit card numbers to purchase and launder high-end electronics. KrebsOnSecurity, October 12, 2011
New Malicious Program by Creators of Stuxnet Is Suspected: The designers of Stuxnet, the computer worm that was used to vandalize an Iranian nuclear site, may have struck again, security researchers say. New York Times, October 18, 2011
Defense Dept. hit with $4.9B lawsuit over data breach: The U.S. Department of Defense has been hit with a $4.9 billion lawsuit over a recently disclosed data breach involving TRICARE, a healthcare system for active and retired military personnel and their families. Computerworld, October 14, 2011
Cybersecurity Proposals Begin to Meld: Prospects for enacting an ambitious and comprehensive national cybersecurity protection program during this year’s congressional session may be fading. That’s the bad news. The good news is that various approaches to a cybersecurity agenda may be melding into a program that is acceptable to politicians of both parties and to e-commerce businesses as well. CRMBuyer, October 18, 2011
Pentagon weighing how to respond to cyberattacks: The Defense Department is finalizing policies that will determine what the military can do in the event of a cyberattack as the government figures out who should have the power to shut down computer networks seized by an enemy nation, terrorist group or criminal hacker. Bloomberg, October 20, 2011
Cyber Warriors: Early in my time in China, I learned a useful lesson for daily life. In the summer of 2006, I saw a contingent of light-green-shirted People’s Liberation Army soldiers marching in formation down a sidewalk on Fuxing Lu in Shanghai, near the U.S. and Iranian consulates. They looked so crisp under the leafy plane trees of the city’s old colonial district that I pulled out a camera to take a picture of them—and, after pushing the button, had to spend the next 60 seconds running at full tilt away from the group’s leader, who pursued me yelling in English “Stop! No photo! Must stop!” Fortunately he gave up after scaring me off. The Atlantic, March 2010
Software Pirate Cracks Cybercriminal Wares: Make enough friends in the Internet security community and it becomes clear that many of the folks involved in defending computers and networks against malicious hackers got started in security by engaging in online illegal activity of one sort or another. These gradual mindset shifts are sometimes motivated by ethical, karmic or personal safety reasons, but just as often grey- and black hat hackers gravitate toward the defensive side simply because it is more intellectually challenging. KrebsOnSecurity, October 17, 2011
Apple OS X 10.7.2: Apple has released an update to OS X that patches more than 25 security vulnerabilities, many of them highly critical. Updates are available from Apple’s Download Site or by applying Security Update 2011-006.
Apple Pages 1.5 for iOS: Apple has released an update to Pages that patches two highly critical vulnerabilities. The update is available from the Apple App Store.
Apple Numbers 1.5 for iOS: Apple has released an update to Numbers that patches two highly critical vulnerabilities. The update is available from the Apple App Store.
Apple iOS 5: Apple’s anticipated iOS 5 update also patches more than 20 security vulnerabilities in iOS 4.x, many of them highly critical. Updates are available from within iTunes.
Apple iTunes 10.5: Apple has released an update to iTunes that patches more than 75 security vulnerabilities, many of them highly critical. The update is available from iTunes.
Apple Safari 5.1.1: Apple has released an update to Safari that patches several security vulnerabilities, many of them highly critical. Updates are available from Apple’s Download Site.
Apple TV 4.4: Apple has released an update to TV 4.x that patches numerous security vulnerabilities, many of them highly critical. Updates are available from Apple’s Download Site.
Microsoft Patch Tuesday: Microsoft’s monthly security update patches 23 security vulnerabilities, many of them highly critical. Eight critical vulnerabilities were patched in Internet Explorer alone. Vulnerabilities in Windows, .net Framework and other Microsoft programs were also patched. Readers can check the Control Panel to make sure these patches have been installed
Opera 11.51: A highly critical security vulnerability has been identified in Opera. The vulnerability is confirmed in version 11.51 Build 1087. Other versions may also be affected. There is no patch at this time.
None
Adobe Photoshop Elements: Adobe versions 1 – 8 contain a highly critical unpatched vulnerability. The vulnerability is confirmed in version 8.0 20090905.r.605812 and Adobe reports that the vulnerability affects versions 8.0 and earlier. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, October 9, 2011.
ACDSee Photo: Several highly critical vulnerabilities have been identified in various ACDSee photo products. Vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. No patches are available at this time. Readers should refrain from using ACDSee to open untrusted files. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 12. We alerted readers to a second vulnerability in FotoSlate in Weekend Vulnerability and Patch Report, September 18.
ACD Systems Canvas CorelDRAW: A highly critical vulnerability has been found in ACD Systems Canvas which can be exploited by malicious people to compromise a user’s system. Users should not view untrusted CDR files. Readers should refrain from opening untrusted files in ACD Systems Canvas. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31.
HTC Smartphones: As we reported last week in our Cyber Security News of the Week, October 9, 2011, HTC has confirmed a data-leakage vulnerability in some smartphone models that it manufactures and said it’s working on a fix. According to HTC, when the patch is ready, it will be sent over-the-air to customers, who will be notified to download and install it. My search of the news speaks of the fix in the future tense. We have not yet seen news that HTC has fixed this vulnerability.
HTC Mobile Devices: The security vulnerability in the default Twitter application (Peep) in HTC products remain unpatched. Readers should refrain from using the default Twitter application (Peep). We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 11.
Microsoft Windows XP: A less-critical security vulnerability has been found in Windows XP which can be exploited by malicious, local users to disclose potentially sensitive information or cause a DoS (Denial of Service). No patch is available at this time. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 7.
Microsoft Word: A highly critical vulnerability has been found in Microsoft Word XP and 2002. No patch is available at this time. Readers should refrain from opening untrusted files in these earlier versions of Word. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 19.
Microsoft Office for Mac: A highly critical vulnerability has been discovered in Microsoft Office for the Mac which can be exploited by cyber criminals to take control of a user’s computer. Security updates are currently unavailable. Readers should refrain from opening untrusted files in Office. We first alerted readers to this vulnerability in Weekend Vulnerability & Patch Report, May 13, 2011.
Microsoft Reader: The highly critical vulnerability in Microsoft Reader, versions 2.x, remains unpatched. Readers should refrain from opening untrusted files in Reader. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, April 15.
PDF-Pro: Several highly critical vulnerabilities in PDF-Pro, a popular alternative to Adobe Acrobat, remain unpatched. Readers should refrain from opening untrusted files in PDF-Pro. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 4.
Quick View Plus CorelDRAW: A highly critical vulnerability has been found in Quick View Plus which can be exploited by malicious people to compromise a user’s system. Users should not view untrusted CDR files in Quick View Plus. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31.
If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.
If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.