Kuddos to Matthew for paying attention to egress traffic. We keep emphasizing how important it is to make sure no systems talk “outbound” without permission
Welcome to the n-th iteration of “patch now” for Java on Workstations. Oracle today published their quarterly patch bulletin, and Java SE is once again prominently featured. This Critical Patch Update (CPU) contains 20 new security fixes for Oracle Java SE. Most of the vulnerabilities are remotely exploitable without authentication, and CVSS scores of 10 and 9.3 indicate that they can be readily exploited, and lead to full compromise
Microsoft is expecting to release 2 critical and 5 important bulletins on Tuesday . There are no patches scheduled for Windows XP even though CVE-2014-1770 does affect Internet Explorer 8, which is the last version of IE to run on Windows XP. Preliminary Patch Table: (the bulletin numbers and anything else may change in the final release) # Affected Contra Indications – KB Known Exploits Microsoft rating (**) ISC rating (*) clients servers MS14-030 Cumulative Internet Explorer Update Â Internet Explorer CVE-2014-1770 TBD Vuln
Excellent essay : We have learned that in pursuit of its bureaucratic mission to obtain signals intelligence in a pervasively networked world, the NSA has mounted a systematic campaign against the foundations of American power: constitutional checks and balances, technological leadership, and market entrepreneurship. The NSA scandal is no longer about privacy, or a particular violation of constitutional or legislative obligations. The American body politic is suffering a severe case of auto-immune disease: our defense system is attacking other critical systems of our body.
Good Practices Guide on Non-Nuclear Critical Energy Infrastructure Protection (NNCEIP) from Terrorist Attacks
Good Practices Guide on Non-Nuclear Critical Energy Infrastructure Protection (NNCEIP) from Terrorist Attacks — 27 retweets 2 favorites
Original release date: June 18, 2013 | Last revised: June 19, 2013 Systems Affected Any system using Oracle Java including JDK and JRE 7 Update 21 and earlier JDK and JRE 6 Update 45 and earlier JDK and JRE 5.0 Update 45 and earlier JavaFX 2.2.21 and earlier Website owners that host Javadoc HTML API documentation Overview Oracle released the June 2013 Critical Patch Update for Oracle Java SE . This patch contains 40 new security fixes across Java SE products and a fix to the Javadoc Tool . API documentation in HTML format generated by the Javadoc tool that contains a right frame may be vulnerable to frame injection when hosted on a web server.
“This is an advance notification of security bulletins that Microsoft is intending to release on April 9, 2013. This bulletin advance notification will be replaced with the April bulletin summary on April 9, 2013
“Join the SANS Institute in this 20 Critical Security Controls Briefing. Being held live in Washington, DC hear Tony Sager and John Pescatore as they showcase key solution capabilities and customer success stories
“Online dating service Zoosk is urging some of its users to change their passwords following the leaking of a list of some 29 million passwords that seemingly contains theirs. According to password expert Jeremi Gosney, who cracked over 90 percent of the leaked MD5 hashes (which were, unfortunately, not salted), nearly 3,000 contained the word “zoosk” in a variety of predictable combinations such as “logmein2zoosk” and “ilovezoosk”. The set also includes a number of passwords containing word combinations such as “lookingforlove” and “lookingforsex,” which definitely points to the fact that the password must belong to users of a one or more online dating services (not necessarily Zoosk)….”
“Trend Micro announced a new suite Trend Micro Enterprise Security and Data Protection – designed to help companies efficiently mitigate the risks of attacks and data breaches across the spectrum of end user platforms, from smartphones to tablets, laptops to removable drives. For all of consumerization's benefits and conveniences, companies are now wrestling with the challenges, costs, and risks of company-procured IT environments being supplemented by employee-owned technologies, creating new entry points for cyber-espionage and data loss….”