Weekly InfoSec News Brief 4-10 May
With Windows 10, Microsoft Will Move Away From Monthly Patch Cycle
"Patch Tuesday" could be a thing of the past soon, as Microsoft moves to a more rapid patch release model similar to that employed in many mobile operating systems, or in Apple OSX. Businesses that use the Pro and Enterprise OS editions will have additional options to allow for testing and planned deployment of patches.
http://www.computerworld.com/article/2920181/microsoft-windows/patch-tuesday-may-be-dead-but-microsofts-not-confessing-to-the-crime.html
http://www.scmagazine.com/dom-based-xss-attacks-due-to-bug-in-plugins-leveraging-genericons/article/413505/
WordPress 4.2.2 Released to Fix Another Significant New Vulnerability
WordPress announced last week a new version release that addresses a serious cross-site scripting vulnerability in the core WordPress engine. WordPress is an extremely popular website creation and management tool, or content management system. The vulnerability also affects the JetPack plugin and the Twenty Fifteen theme, which are installed on millions of sites by default. This is the third week in a row that a significant WordPress vulnerability has made our weekly news brief. If you are running a WordPress-based website, it is crucial that you watch closely for announced vulnerabilities in WordPress, as well as in any and all plugins you may be using.
https://wordpress.org/news/2015/05/wordpress-4-2-2/
http://www.scmagazine.com/dom-based-xss-attacks-due-to-bug-in-plugins-leveraging-genericons/article/413505/
New Malware Discovered Which Uses Highly Destructive Anti-Analysis Measures
Over the past several years, malicious software has been found to employ measures to avoid, evade, and defy analysis in order to conceal its purpose, nature, and origin. Last week Cisco researchers announced their discovery of a new malware strain, dubbed Rombertik, which resorts to destruction rather than evasion. If it detects an attempt at analysis, this program attempts to destroy the computer's master boot record and then force a reboot, which would render the machine inoperable.
http://www.scmagazine.com/cisco-writes-up-new-malware-campaign/article/413068/
Study Shows that 95% of SAP Environments Are Unpatched
Onapsis, a solutions provider for SAP systems, released last week a study showing that nearly all the SAP systems they examined were critically out of date on patches. SAP issues an average of 30 security patches every month, 50 percent of which are considered "critical." The mission-critical nature of SAP in many cases accounts for the reticence to take it offline to patch, or to risk a problem with a patch. What systems does your organization run that are so mission-critical you're unable to (or afraid to) patch them?
http://www.scmagazine.com/onapsis-release-sap-systems-study/article/413304/
"Patch Tuesday" could be a thing of the past soon, as Microsoft moves to a more rapid patch release model similar to that employed in many mobile operating systems, or in Apple OSX. Businesses that use the Pro and Enterprise OS editions will have additional options to allow for testing and planned deployment of patches.
http://www.computerworld.com/article/2920181/microsoft-windows/patch-tuesday-may-be-dead-but-microsofts-not-confessing-to-the-crime.html
http://www.scmagazine.com/dom-based-xss-attacks-due-to-bug-in-plugins-leveraging-genericons/article/413505/
WordPress 4.2.2 Released to Fix Another Significant New Vulnerability
WordPress announced last week a new version release that addresses a serious cross-site scripting vulnerability in the core WordPress engine. WordPress is an extremely popular website creation and management tool, or content management system. The vulnerability also affects the JetPack plugin and the Twenty Fifteen theme, which are installed on millions of sites by default. This is the third week in a row that a significant WordPress vulnerability has made our weekly news brief. If you are running a WordPress-based website, it is crucial that you watch closely for announced vulnerabilities in WordPress, as well as in any and all plugins you may be using.
https://wordpress.org/news/2015/05/wordpress-4-2-2/
http://www.scmagazine.com/dom-based-xss-attacks-due-to-bug-in-plugins-leveraging-genericons/article/413505/
New Malware Discovered Which Uses Highly Destructive Anti-Analysis Measures
Over the past several years, malicious software has been found to employ measures to avoid, evade, and defy analysis in order to conceal its purpose, nature, and origin. Last week Cisco researchers announced their discovery of a new malware strain, dubbed Rombertik, which resorts to destruction rather than evasion. If it detects an attempt at analysis, this program attempts to destroy the computer's master boot record and then force a reboot, which would render the machine inoperable.
http://www.scmagazine.com/cisco-writes-up-new-malware-campaign/article/413068/
Study Shows that 95% of SAP Environments Are Unpatched
Onapsis, a solutions provider for SAP systems, released last week a study showing that nearly all the SAP systems they examined were critically out of date on patches. SAP issues an average of 30 security patches every month, 50 percent of which are considered "critical." The mission-critical nature of SAP in many cases accounts for the reticence to take it offline to patch, or to risk a problem with a patch. What systems does your organization run that are so mission-critical you're unable to (or afraid to) patch them?
http://www.scmagazine.com/onapsis-release-sap-systems-study/article/413304/
Comments
Post a Comment