OpenSSL: OpenSSL Team Fixes SSLv2 Downgrade Issue. The OpenSSL project has delivered on its promise made at the start of the week and released versions 1.0.1r and 1.0.2f, which addressed two security bugs, one labeled as “high severity” and one as a “low severity” issue. Read more
MOZILLA: Patches Critical Vulnerabilities in Firefox 44. Mozilla has patched a number of critical vulnerabilities in Firefox 44 and Firefox Extended Release 38.6, which were released this week. The most serious flaws were memory vulnerabilities that lived in both the public and extended support versions of the browser. Read more
MICROSOFT: January Security Patch Can Break SharePoint 2013. Microsoft’s Stefan Gossner described a workaround by installing patch KB3114508, released on Jan. 5. Klindt, in an update to his blog post, explained that it was an “individual patch from the Foundation CU that fixes” the problem. However, he noted that the patch should be tested first, as it can’t be uninstalled. Read more
JAVA: 8 Critical Java Security Holes Fixed by Quarterly Patch. Oracle Corp.’s latest Critical Patch Update (CPU), published last week, includes fixes for eight Java security holes, three of which were rated critical, earning Common Vulnerability Scoring Standard (CVSS) scores of 10.0.Read more
MANAGEMENT: IT Security Staff Want a Challenge, Not More Money. The notion that people are mercenaries when it comes to work and would most likely move if given an opportunity to earn more is, by a large margin, incorrect. That’s basically what a new report by developers AlienVault says. The report, entitled ‘Blood on HR’s floor – The challenge of Retaining IT Security Skills’, has a couple of interesting points. Read more
NETWORK SECURITY: 91 Percent of IT Security Execs Say Their Company’s Sensitive Data Is Vulnerable. And 39 percent have suffered a data breach or failed a compliance audit due to security issues in the past year alone, a recent survey found. Read more
FDA: FDA Guidelines Target IoT Medical Device Security. The U.S. Food and Drug Administration last week took a step toward addressing the threat the Internet of Things poses to patients and their data by releasing some proposed guidelines for managing cybersecurity in medical devices. “A growing number of medical devices are designed to be networked to facilitate patient care. Networked medical devices, like other networked computer systems, incorporate software that may be vulnerable to cybersecurity threats,” the FDA says in its proposal. Read more
RESEARCH: IT Security Pros Lack the Confidence and Know-how to Protect Payment Data. 54% of surveyed IT professionals said their companies had a data breach involving payment data an average of four times in past two years. Read more
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems December 2015 http://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-december-2015.
SIGN ON FOR IT SECURITY SUPPORT FROM BLUE MOUNTAIN DATA SYSTEMS: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain Data has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS = EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.