MOBILE: March Android Security Update Breaks SafetyNet, Android Pay. An issue with the March Android over-the-air security update has been resolved after Nexus 6 users complained that Android Pay no longer worked after installation of the update. The update in fact broke Android’s SafetyNet API which provides a constant check on device integrity, blocking access to certain features – such as Android Pay – if it believes a device has been rooted. A Google representative confirmed to Threatpost that the issue was resolved and the OTA update re-issued, even for devices that had already installed the bad update. Find out more
ADOBE: Flash Player New Security Update. On March 14, Adobe Flash Player users should receive a new security update instead of the February patches. This is because Microsoft has engaged to its earlier plan to defer and deliver the updates at a later date even if the security patches are now available. On February 2017, Adobe has addressed the issue and found a solution in which a patch was able to deal with the security problem. For this reason, users are given access to both MS17-005 Security Update for the Adobe Flash Player. This is due to the update from Adobe and the provision by Microsoft. This vulnerability has been considered a critical issue due to the permission that it can grant the attackers. In a report by security specialists, such a vulnerability indicates that attackers are granted control of the machine that was infected. This is in the sense that they are allowed to send remote commands.. Find out more
SECURITY: After CIA Leaks, Tech Giants Scramble to Patch Security Flaws. Apple, Microsoft, and Google are analyzing leaked CIA documents to see if their products are affected, but security researchers say that most of the flaws have long been fixed. Find out more
CMS: WordPress Finally Patches 6 Glaring Security Issues. WordPress is the most popular CMS in the world – and the most hacked. Just last month, hackers engaged in a “feeding frenzy” at the expense of WordPress sites across the web, exploiting a vulnerability found in the WP REST API plugin. After patching that security issue, Automattic, the company behind WordPress, rolled out yet another security patch this week in the form of WordPress 4.7.3. Find out more
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems March 2017 https://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-march-2017.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.