This is yet another example of the power and value of information and the motivations of cyber criminals.
This type of Cross Site Scripting vulnerability is concerning for a solution like Salesforce, given the business and customer content stored and managed in that solution.
This article and the related Cisco security concern speaks to the value of proper credentials and access management for network devices.
This is a more common threat than most would care to admit, but the threat is largely not the work of hard core hackers and social engineers. It is better attributed to lazy employees and poor home computer hygiene. That said, I am pleased to see Microsoft addressing this problem once again and for providing an event log for better tracking of attempted attacks.
This is a good recap for those of us who didn’t make the trip west.
Welcome to the patching cycle club Microsoft Edge!
This is Krebs’ recap for Patch Tuesday. It is worth noting the unusual ratings for MS Office related patches. I would certainly move those up the critical list, especially considering that Office is often left off the automated patching cycle.
This concerns me. Fear associated with the patching process has the potential to be one of the greatest weaknesses in the overall security of organizations. If a business is afraid to apply patches due to potential vulnerabilities in WSUS, then a significant battle is lost and all of the organization’s end points are at risk. And from this demonstration at Black Hat, there is a solution in the form of SSL with proper certificate management, but Microsoft has placed that burden on the end user organization. This issue should be addressed and it should be addressed quickly.