April 2016 – Is Security for IT & Industrial Control Systems Different?

When we think of IT systems and Industrial Control Systems (ICS) we tend to think that there is a vast difference in the way they are secured and managed but in reality there is little difference in the approach needed to secure the two separate system types.

[…]

Samba

Samba Security Updates Address Badlock Vulnerabilities

The Samba Team has released security updates that address vulnerabilities, collectively known as Badlock, affecting both Windows operating systems and Samba in UNIX-like platforms. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system or create a denial-of-service condition. Users and administrators are encouraged to review Samba Release News Read more about Samba Security Updates Address Badlock Vulnerabilities[…]

January 2016 – Ukraine Power – Cyber Attack

On the 23rd December 2015 Ukraine suffered what is believed to be the first successful cyber-attack on an electricity distribution network cutting the power at 17 substations and leaving 225,000 people without power for several hours. In this blog we review the events leading up to and during the attack and what additional security controls Read more about January 2016 – Ukraine Power – Cyber Attack[…]

Adobe Releases Security Updates for Acrobat, Reader, and Digital Editions

Original release date: March 08, 2016 Adobe has released security updates to address multiple vulnerabilities in Acrobat, Reader, and Digital Editions. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletins APSB16-09 and APSB16-06 and apply the Read more about Adobe Releases Security Updates for Acrobat, Reader, and Digital Editions[…]

Apple Releases Security Update

Original release date: March 09, 2016 Apple has released a security update for Windows 7 and later to address a vulnerability in Apple Software Update. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Users and administrators¬†should review the Apple security website for Software Update 2.2 and apply Read more about Apple Releases Security Update[…]

ISC Releases Security Updates for DHCP Server

Original release date: March 07, 2016 Internet Systems Consortium (ISC) has released security updates to address a vulnerability in versions of ISC Dynamic Host Configuration Protocol (DHCP) server. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Updated versions of ISC DHCP (4.1-ESV-R13 and 4.3.4) will be available soon, and Read more about ISC Releases Security Updates for DHCP Server[…]

HTTPS Vulnerability

SSLv2 DROWN attack could compromise TLS

Security researchers have discovered a new weakness that could allow attackers to spy on encrypted communications between users and one in three HTTPS servers. Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. Exploitation of this vulnerability – referred to as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) in public reporting – may allow a remote attacker to obtain the private key of a server supporting SSLv2.

[…]

Drupal

Drupal Releases Security Updates

Original release date: February 24, 2016 Drupal has released updates to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected website. Available updates include: Drupal core 6.38 for 6.x users Drupal core 7.43 for 7.x users Drupal core 8.0.4 for 8.0.x users Users and Read more about Drupal Releases Security Updates[…]