MICROSOFT: Microsoft Patches Six Critical Security Flaws Affecting Windows, Office. Microsoft said Tuesday as part of its its monthly security bulletin that all Windows users should patch their systems to prevent attackers from exploiting at least two critical flaws. The first two critical patches fix a number of security vulnerabilities in Internet Explorer and Microsoft Edge respectively. The most serious flaw (MS16-001) affecting Internet Explorer could allow an attacker to remotely execute code by tricking a user into visiting a specially-crafted webpage. The attacker would gain the same user rights as the current user, which puts administrators at a greater risk. Read more
ActivePERL: Security Patches for ActivePerl. In mid-December a number of security issues were identified in core modules of the Perl language. The first–found by David Golden of MongoDB and patched with code from Tony Cook–involved the File::Spec::canonpath() returning “untainted” strings even when passed “tainted” inputs. Read more
OpenSSH: Patches Critical Flaw That Could Leak Private Crypto Keys. OpenSSH released a patch for a critical vulnerability that could be exploited by an attacker to force a client to leak private cryptographic keys. The attacker would have to control a malicious server in order to force the client to give up the key, OpenSSH and researchers at Qualys said in separate advisories. Qualys’ security team found the vulnerability Jan. 11 and the OpenSSH team had it patched within three days. Read more
GOOGLE: Rolls Out January 2016 Security Patches. Last year was a rather eventful one in terms of mobile software security, one which saw the rise and subsequent fall of the infamous Stagefright vulnerability, and around halfway through the year, Google and few major OEMs vowed to push monthly security updates to maintain a continuous integration cycle of patches and thus stay ahead of vulnerabilities and the usual 6 month update cycle. Read more
FOR THE CTO, CIO & CISO
LOOKING BACK: 7 Times Technology Transformed Government. Federal Times just wrapped up its 50th year publishing the news and information that matters to federal employees. One thing is certain: in that time, technology drove a number of government transformations. Among all of the possible examples, a few stand out as key moments. Here are the seven most important technology innovations and events — in chronological order — that have shaped the way government operates today. Read more
ENCRYPTION DEBATE: 8 Things CIOs Should Know. Governments want access to encrypted communications to prevent terrorist attacks, but IT professionals and tech vendors say any weakening of encryption is a threat to privacy and data security. Read more
CYBERSECURITY: Year of ‘Fairly Unsophisticated Breaches’ Underscores Need for Cyber Hygiene, According to CISOs. After a year of high-profile breaches, organizations should concentrate on reinforcing crumbling security foundations rather than adopting complex new software, said 25 chief information security officers in a recent survey. Read more
FEDERAL GOVT CTO: 6 Predictions for Federal IT in 2016. 1) Cyber crime legislation goes global. 2) Intelligence officers go rogue. 3) Increased attacks on critical infrastructure. 4) Cloud gets less scary. Read the rest
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.
CALL BLUE MOUNTAIN FOR IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems December 2015 http://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-december-2015.