Tagged: critical

Oracle Java: 20 new vulnerabilities patched, (Tue, Jul 15th) 0

Oracle Java: 20 new vulnerabilities patched, (Tue, Jul 15th)

Welcome to the n-th iteration of “patch now” for Java on Workstations. Oracle today published their quarterly patch bulletin, and Java SE is once again prominently featured. This Critical Patch Update (CPU) contains 20 new security fixes for Oracle Java SE.  Most of the vulnerabilities are remotely exploitable without authentication, and CVSS scores of 10 and 9.3 indicate that they can be readily exploited, and lead to full compromise

Microsoft June Patch Tuesday Advance Notification, (Fri, Jun 6th) 0

Microsoft June Patch Tuesday Advance Notification, (Fri, Jun 6th)

Microsoft is expecting to release 2 critical and 5 important bulletins on Tuesday [1].  There are no patches scheduled for Windows XP even though CVE-2014-1770 does affect Internet Explorer 8, which is the last version of IE to run on Windows XP. Preliminary Patch Table: (the bulletin numbers and anything else may change in the final release) # Affected Contra Indications – KB Known Exploits Microsoft rating (**) ISC rating (*) clients servers MS14-030 Cumulative Internet Explorer Update   Internet Explorer CVE-2014-1770 TBD Vuln

Yochai Benkler on the NSA 0

Yochai Benkler on the NSA

Excellent essay : We have learned that in pursuit of its bureaucratic mission to obtain signals intelligence in a pervasively networked world, the NSA has mounted a systematic campaign against the foundations of American power: constitutional checks and balances, technological leadership, and market entrepreneurship. The NSA scandal is no longer about privacy, or a particular violation of constitutional or legislative obligations. The American body politic is suffering a severe case of auto-immune disease: our defense system is attacking other critical systems of our body.

TA13-169A: Oracle Releases Updates for Javadoc and Other Java SE Vulnerabilities 0

TA13-169A: Oracle Releases Updates for Javadoc and Other Java SE Vulnerabilities

Original release date: June 18, 2013 | Last revised: June 19, 2013 Systems Affected Any system using Oracle Java including JDK and JRE 7 Update 21 and earlier JDK and JRE 6 Update 45 and earlier JDK and JRE 5.0 Update 45 and earlier JavaFX 2.2.21 and earlier Website owners that host Javadoc HTML API documentation Overview Oracle released the June 2013 Critical Patch Update for Oracle Java SE . This patch contains 40 new security fixes across Java SE products and a fix to the Javadoc Tool . API documentation in HTML format generated by the Javadoc tool that contains a right frame may be vulnerable to frame injection when hosted on a web server.

Zoosk asks users to reset passwords following mass leak 0

Zoosk asks users to reset passwords following mass leak

“Online dating service Zoosk is urging some of its users to change their passwords following the leaking of a list of some 29 million passwords that seemingly contains theirs. According to password expert Jeremi Gosney, who cracked over 90 percent of the leaked MD5 hashes (which were, unfortunately, not salted), nearly 3,000 contained the word “zoosk” in a variety of predictable combinations such as “logmein2zoosk” and “ilovezoosk”. The set also includes a number of passwords containing word combinations such as “lookingforlove” and “lookingforsex,” which definitely points to the fact that the password must belong to users of a one or more online dating services (not necessarily Zoosk)….”

Trend Micro introduces new end user protection suite 0

Trend Micro introduces new end user protection suite

“Trend Micro announced a new suite Trend Micro Enterprise Security and Data Protection – designed to help companies efficiently mitigate the risks of attacks and data breaches across the spectrum of end user platforms, from smartphones to tablets, laptops to removable drives. For all of consumerization's benefits and conveniences, companies are now wrestling with the challenges, costs, and risks of company-procured IT environments being supplemented by employee-owned technologies, creating new entry points for cyber-espionage and data loss….”