Mozilla Releases Security Update for Firefox

Original release date: April 06, 2015 The Mozilla Foundation has released Firefox 37.0.1 to address two vulnerabilities, one of which may allow a remote attacker to conduct man-in-the-middle attacks. Users and administrators are encouraged to review the security advisories for Firefox and apply the necessary updates. This product is provided subject to this Notification and Read more about Mozilla Releases Security Update for Firefox[…]

Google Releases Security Update for Chrome

Original release date: April 01, 2015 Google has released Chrome 41.0.2272.118 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates. Read more about Google Releases Security Update for Chrome[…]

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Original release date: March 31, 2015 The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 37 Firefox ESR 31.6 Thunderbird 31.6 Users and administrators are encouraged Read more about Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird[…]

Cyber Essentials Plus in new Cyber Risk Profiles for Defence suppliers

The Defence Cyber Protection Partnership for companies in the Defence supply chain published new Cyber Risk Profiles a couple of days ago.  They have generated a fairly detailed list of requirements for companies working at each risk profile in the Defence supply chain.  Even the lowest risk profile (e.g. stationary suppliers) specifies Cyber Essentials as a requirement, all other profiles now require Cyber Essentials Plus. […]

Cisco Releases Semiannual IOS Software Security Advisory Bundled Publication

Original release date: March 26, 2015 Cisco has released its semiannual Cisco IOS Software Security Advisory Bundled Publication. This publication includes seven Security Advisories that address vulnerabilities in Cisco IOS Software. Exploits of these vulnerabilities could result in a denial of service (DoS) condition, interface queue wedge, or exchange memory leak. US-CERT encourages users and Read more about Cisco Releases Semiannual IOS Software Security Advisory Bundled Publication[…]

Information Security

ICO tells UK businesses to sort out data protection right now

The ICO has told UK businesses to sort out data protection right now, even though the new European Data Protection is only scheduled to come into force by 2017 at the earliest.

“There is a lot going on in data protection that UK firms should be aware of besides the new EU data protection rules,” deputy information commissioner David Smith told a Westminster eForum in London. […]

Information Security

Mozilla Releases Security Updates for Firefox, Firefox ESR, and SeaMonkey

Original release date: March 20, 2015 | Last revised: March 23, 2015 The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and SeaMonkey. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 36.0.4 Firefox ESR 31.5.3 SeaMonkey 2.33.1 Users Read more about Mozilla Releases Security Updates for Firefox, Firefox ESR, and SeaMonkey[…]

TA15-051A: Lenovo Superfish Adware Vulnerable to HTTPS Spoofing

Original release date: February 20, 2015 | Last revised: February 24, 2015 Systems Affected Lenovo consumer PCs that have Superfish VisualDiscovery installed. Overview Superfish adware installed on some Lenovo PCs install a non-unique trusted root certification authority (CA) certificate, allowing an attacker to spoof HTTPS traffic. Description Starting in September 2014, Lenovo pre-installed Superfish VisualDiscovery Read more about TA15-051A: Lenovo Superfish Adware Vulnerable to HTTPS Spoofing[…]

Information Security

Benefiting from Cyber Essentials

(This is a copy of an article we wrote that was published in the Cyber Security supplement of the New Statesman 12-16 Feb 2015)

Cyber security starts with addressing what you can predict, and anticipating what you cannot

Cyber security risks are perceived to be unpredictable, a perception fed by media coverage of the latest major cyber attacks affecting large companies. However, if these attacks are examined more closely, more often than not the root cause of a successful attack was that cyber defences did not cover all vulnerabilities in the affected company’s IT systems. Many cyber attackers opportunistically exploit commonly known vulnerabilities in weak IT systems. That means some incidents could have been predicted and avoided, had the organisations in question taken steps to identify and address them. […]