ANCHOR CYBER FEED

ABA Study Shows the Law Firm Breaches are on the Rise In a survey released this week, the ABA reported that approximately 20% of attorneys surveyed reported that their firms had experienced an information security breach of some type over the past year. Of respondents, 3% reported experiencing breaches the resulted in unauthorized access to client data, and 5% reported that their breaches resulted in the need to notify clients. The greatest increase was seen in firms with 100 or more lawyers. http://www.americanbar.org/groups/departments_offices/legal_technology_resources/publications.html https://bol.bna.com/aba-survey-data-breaches-rising-at-large-firms/ Adobe Releases New Flash Version, Fixes 23 Security Flaws Last Monday, Adobe released a new version of their Flash browser plug-in, version 19.0.0.185. This release fixes 23 security issues with Flash, at least some of which Adobe considers of the highest possible priority (Adobe doesn’t provide priority ratings for indiv

This post is one in a series of blog posts on the fundamentals of an information security program. You can see the complete list of posts in this series here . When most people think of technical controls for information security, the first one they tend to think of is anti-virus software. After it was first widely commercialized in the late 1980s, antivirus software became known as the thing you needed to have to deal with the security of your computer. And by the mid-90s, when the connecting, communicating, and downloading over the Internet became more and more the reason for using a computer, antivirus software came to be seen as an essential accessory to modern computing life. The traditional approach of anti-virus software was to check digital files against a set of “signatures” of known virus (or, more broadly, malicious software or malware) files, in order to delete or quarantine dangerous files found stored on the computer. This technique has been refined and enhanced, pa

New WordPress Version Released; Fixes Three Security Issues Last Tuesday, WordPress.org released version 4.3.1 of their web content management system. The new version fixes two cross-site scripting vulnerabilities and a privilege-escalation issue. WordPress is the most popular website management software in use today; in some cases, organizations are using it without even realizing they are doing so. Vulnerabilities in third-party "plugins" for WordPress are common, but the core WordPress code has been relatively trouble-free of late. If you have a website running on WordPress, it is important to ensure you update it as soon as possible. https://wordpress.org/news/2015/09/wordpress-4-3-1/ http://www.darkreading.com/vulnerabilities---threats/wordpress-dodges-further-embarassment-by-patching-three-vulns-/d/d-id/1322213? Malware Found in Hundreds of iPhone/iPad Apps in Official App Store Malware has been discovered in several hundred (so far) apps in the official App

Malvertising Attacks Via Major Sites and Advertising Providers Persist Dynamic web advertisements containing malicious code are continuing to show up on major, reputable sites and advertising networks. The latest such attack announced involved malicious advertisements distributed through Yahoo's advertising network beginning in late July. In many ways, such malvertising attacks are becoming as big a threat as phishing attacks. The targeting capabilities of web advertising networks enable attackers to use such networks to aim their malware campaigns at users based on common attributes such as income, purchasing interests, etc. Proactive protection against exploits is the best solution, as well as limiting exposure to common web-based vulnerabilities such as Flash-based advertisements. http://www.scmagazine.com/hackers-spread-malware-via-yahoo-ads/article/437075/ http://www.scmagazine.com/drudge-report-other-high-traffic-websites-delivered-malware-over-three-week-period/article