The Patch Tuesday cycle has begun once again and the team at Fortinet has announced some of the conditions surrounding several of the Windows and Office related patches that have been released by Microsoft. Please review your environments and patch your systems accordingly.
I particularly like the title from the linked article from “The Register” – “Put down the cat, coffee, beer pint, martini, whatever you’re holding, and make sure you’ve updated Chrome (unless you enjoy being hacked)” . It is imperative that we all patch these types of zero day vulnerabilities, especially once they are active in the wild. Review and patch accordingly!
This article explains something that is simply sad but very true. A lack of decent security best practices is leaving many agencies, organizations and individuals vulnerable to compromise.
This is a very good, common sense explanation of the “zero-day” vulnerability that has been discussed in the press for the popular password manager LastPass. I agree that caution is warranted, but I do not believe it is time to wholesale abandon the product or the use of password managers in general. Watch for the patch and apply as soon as possible.
Please review your devices and patch accordingly.
This article is an excellent reminder of why it is very important for retailers to move forward with the implementation of EMV/Chip-Pin card readers and the necessary associated Point-of-Sale software. Far too many retailers have hardware in place, but that the software to leverage this new technology.
It is also important to remember that value of timely patching of all systems, regardless of the card handling mechanisms in place.
I must admit that my first gut reaction to this story was to make a joke about the FBI discovering Google and realizing that there are numerous other ways to extract data from a mobile device without a court order. That said, there are serious implications to personal security is the FBI has discovered or has been given an iPhone Zero-day that can be exploited in the wild. Many an ethical and social dilemma arise from this conversation. I suppose we will have to wait and see.
All irony aside, and that is a tall order given that this vulnerability comes to us from a breach of the “Hacking Team”, this is a serious vulnerability that should be addressed as soon as Adobe releases its emergency patch.
Given the millions of sites this vulnerability potentially affects, it certainly warrants review and investigation. Here is to hoping WordPress provides a timely patch. In the interim, it is certainly wise to monitor and control the comment posts to any sites you manage running these versions of the CMS.
The debate continues around zero-day vulnerabilities and how they should be reported and addressed. Google has backed off a bit from their initial strict 90-day for remediation and reporting. Regardless of which side of this argument you support, the debate is worthwhile and is moving the patch process forward for critical software.