SECURITY PATCHES
ANDROID: Google Fixes Final ‘Quadrooter’ Flaws with New Security Patch. In the latest round of Android security fixes, the company fixed two remaining flaws that were part of the so-called “Quadrooter” set of vulnerabilities announced last month. Quadrooter was particularly troublesome because the set of four flaws (hence the name “quad”) affected at least 900 million Android devices. These high-risk vulnerabilities would allow a dedicated and well-trained attacker to gain complete access to an affected phone and its data. Read more
[ZDNET.COM]
OS X: New OS X Security Updates Patch Same Zero-Days as iOS 9.3.5. Apple released iOS 9.3.5 to patch three zero-day bugs that could be used to access personal data on an infected phone. Dubbed “Trident,” the bugs were used to create spyware called Pegasus that was used to target at least one political dissident in the United Arab Emirates. Find out more
[ARSTECHNICA.COM]
MICROSOFT: Microsoft to End Decades-old Pick-a-Patch Practice in Windows 7. Microsoft announced that beginning in October it will offer only cumulative security updates for Windows 7 and 8.1, ending the decades-old practice of letting customers choose which patches they apply. Read more
[COMPUTERWORLD.COM]
WORDPRESS: Critical Security Holes Affecting Thousands of Websites. WordPress 4.6.1 is now available and it patches two security flaws that put thousands of websites at risk. The first flaw, a cross-site scripting vulnerability, was discovered in June by security researcher Cengiz Han. This flaw allows an attacker to upload a specially crafted image to a WordPress site then inject malicious JavaScript code to steal login credentials, session tokens or to remotely execute more malicious code. The second flaw is a path traversal vulnerability in the upgrade package uploader discovered by Dominik Schilling of WordPress’ own security team. Find out more
[KOMANDO.COM]
==========
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems August 2016 http://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-august-2016.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.
==========
