Original release date: February 09, 2016 Adobe has released security updates to address vulnerabilities in Connect, Experience Manager, Flash Player, and Photoshop CC and Bridge CC. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletins APSB16-07 , APSB16-05 , APSB16-04 APSB16-03 , and apply the necessary updates.
Usually, we discuss spear phishing as an external attack. However, a recent Department of Justice case proves insiders leverage spear phishing too. Watch today’s video to learn how a former Nuclear Regulatory Committee employee tried to spear phish his ex-coworkers, and how you might avoid such attacks
Yesterday, while investigating some Facebook click-bait, I came across a fake Flash update that is targeting OS X users. Fake flash updates have been very common to infect OS X
Last week, the OpenSSL team fixed a vulnerability that could allow attackers to get the key used to encrypt your HTTPS or SSL connections. Watch today’s video to learn a bit more about this vulnerability, the update, and how WatchGuard products are affected. (Episode Runtime: 3:17 ) Direct YouTube Link: https://www.youtube.com/watch?v=I8yBGcTGtqM EPISODE REFERENCES: OpenSSL fixes a serious vulnerability related to DSA – Ars Technica Details on OpenSSL key recovery attack – Blogspot OpenSSL security advisory for update – OpenSSL WatchGuard’s knowledge base article on our exposure [ Requires login ] – WatchGuard — Corey Nachreiner, CISSP ( @SecAdept )
Vulnerability Note VU#257823 OpenSSL re-uses unsafe prime numbers in Diffie-Hellman protocol Original Release date: 28 Jan 2016 | Last revised: 28 Jan 2016 Overview OpenSSL may generate unsafe primes for use in the Diffie-Hellman protocol, which may lead to disclosure of enough information for an attacker to recover the private encryption key.
First the NSA, and now GCHQ.
Original release date: January 12, 2016 Adobe has released security updates to address multiple vulnerabilities in Acrobat and Reader. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB16-02 and apply the necessary updates
Interesting analysis : Which software had the most publicly disclosed vulnerabilities this year?
Original release date: December 29, 2015 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD , which contains historical vulnerability information.