ANCHOR CYBER FEED

FBI Sees Massive Increase in Espionage, Including Industrial Espionage, Against the US The FBI on Thursday issued a press release discussing what they believe is an increasing threat of economic espionage against US companies. They estimate that such espionage may cost the US as much as "hundreds of billions" of dollars a year. This espionage is not just directed against large industrial companies, but any place where trade secrets and innovations might be found, including third-party organizations (e.g. business partners, vendors, consultants, lawyers, etc.) affiliated with targeted companies. A key take-away is that the threat is more widespread than most people think, and that few organizations are immune. https://www.fbi.gov/news/pressrel/press-releases/fbi-announces-economic-espionage-awareness-campaign http://www.cnn.com/2015/07/24/politics/fbi-economic-espionage/ Microsoft Releases Out-of-Cycle Patch for Critical Font Driver Bug A flaw uncovered in connecti

This post is one in a series of blog posts on the fundamentals of an information security program. You can see the complete list of posts in this series here . At their most basic, cyber security breaches are characterized by unauthorized access. However, that unauthorized access is usually carried out by leveraging the access rights of one or more authorized users. It might be hackers on the other side of the world gaining access to a user's PC via a browser vulnerability and abusing the user's account to find and steal data around the network to which that user has access, whether intentionally or not. Or it might be an insider or disgruntled former employee abusing their legitimate (or formerly legitimate) account to gain access to things to which nobody ever intended them to have access. Ensuring that user accounts are created with appropriate access rights, that access is removed when no longer needed, that when new accesses are granted only the necessary access

Adobe Releases Updates for Two More Serious Zero-Day Flash Vulnerabilities Last Tuesday Adobe released updates to resolve two new serious Flash vulnerabilities that allowed for remote code execution (CVE-2015-5122/23). This was the regularly-scheduled update cycle for Adobe, and they released updates for Shockwave and Acrobat as well. The Flash vulnerabilities are being actively exploited in the wild, and it is essential for all organizations to update Flash as soon as possible. http://www.theregister.co.uk/2015/07/14/adobe_flash_patch_tuesday/ https://helpx.adobe.com/security/products/flash-player/apsb15-18.html Mozilla and Google Take Steps to Block or Restrict Flash in Browsers After weeks of frequent new revelations of serious vulnerabilities in Flash, Mozilla and Google have taken steps to restrict how and when Flash runs within their Firefox and Chrome browsers. Facebook's security chief also called for a plan to end the use of Flash altogether. These actions