SECURITY PATCHES
WINDOWS: Windows 7 Update Guide: How ‘Security-Only’ and ‘Monthly Rollups’ Differ. Microsoft in 2016 changed the way it rolls out updates for Windows 7 and Windows 8.1, leaving many IT admins and users confused. Here’s how to sort out what the company is doing. Read more
[COMPUTERWORLD.COM]
APPLE: Patches a Very Bad iOS HomeKit Bug. There’s usually little to no security news about Apple software bugs, but lately the company has suffered a string of problematic vulnerabilities. The latest was flaw in iOS HomeKit that could allow an attacker with access to a device’s corresponding iCloud account to remote control smart home products, like smart locks and garage door openers. Apple announced a temporary server-side fix when news of the bug became public, and the company said it will push a complete patch early next week. The attack would have only affected iOS 11, and wouldn’t have been easy to carry out, but given the security problems that have come up with macOS High Sierra, it’s significant that bad bugs are showing up in Apple’s latest mobile operating system as well. Read more
[WIRED.COM]
GOOGLE: Patches 37 Security Issues in Chrome. Google issued patches for 37 security issues in Chrome, with one being rated critical and six considered high risks, with the release of Chrome 63.0.3239.84. The critical vulnerability (CVE-2017-15407) was an out of bounds write in QUIC (Quick UDP Internet Connections), which was reported by Ned Williamson on October 26 earning him $10,500. The six patched vulnerabilities that are rated high (CVE-2017-15408, CVE-2017-15409, CVE-2017-15410, CVE-2017-15411, CVE-2017-15412 and CVE-2017-15413) cover three specific problems, heap buffer overflow in PDFium, out of bounds write in Skia and use after free in libXML. These were all reported in September and October and earned the bug bounty hunters between $5,000 and $6,337 for their effort. Read more.
[SCMAGAZINE.COM]
ANDROID: Google Releases December Security Bulletin for Android, KRACK Fix Included. You have to thank the Android gods that Google is as regular as the sunrise when it comes to releasing their monthly Android Security Bulletin. Ever since the Stagefright vulnerability was made public, the mothership has made it its own responsibility to put out a monthly patch for evolving Android security risks. The patch for December 2017 is now out, both for general Android devices, and one specific to Nexus and Pixel devices. Find out more
[ANDROIDCOMMUNITY.COM]
==========
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems November 2017 https://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-november-2017.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.
==========