SECURITY PATCHES
MICROSOFT: Thanksgiving Turkeys: One Patch Disappears, Another Yanked. If you’re just coming back from the long US Thanksgiving weekend, all sorts of Windows patch inanities await. The Epson dot matrix bug in this month’s security patches was fixed for older versions of Windows, but .NET patch KB 4049016 and others got pulled. Read more
[COMPUTERWORLD.COM]
REPORT: Java Developers Aren’t Applying Security Patches. Application security vendor Veracode has released the “2017 State of Software Security Report,” and the results paint an unflattering picture of Java developers. An alarming 88 percent of Java applications contain at least one vulnerable component, the report’s authors found. Why? Developers don’t patch components in production once vulnerabilities are found and new versions of those components are released. Get the plugin.
[ADTMAG.COM]
WORDPRESS: Patches SQL Injection Bug in Security Release. A bug discovered in WordPress allows attackers to trigger an SQL injection attack leading to complete website hijacking. The vulnerability CVE-2017-14723 was discovered in the WordPress content management system (CMS) versions 4.8.2 and below. Webmasters should update immediately to prevent website takeovers. Find out more
[ZDNET.COM]
INTEL: Patches Management Engine for Critical Vulnerabilities. Intel issued a critical firmware update on Nov. 20 for a set of eight vulnerabilities that impact the Intel Management Engine firmware. “In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience,” Intel stated in an advisory. Read more
[EWEEK.COM]
==========
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems October 2017 https://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-october-2017.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.
==========