Information Security

Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)

Original release date: April 08, 2015 The Network Time Foundation’s NTP Project has released an update addressing multiple vulnerabilities in ntpd. Exploitation of these vulnerabilities may allow an attacker to conduct a man-in-the-middle attack or cause a denial of service condition. Users and administrators are encouraged to review Vulnerability Note VU#374268 for more information and Read more about Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)[…]

Information Security

Amazon cloud contract terms meet EU standards on data transfers

Certain contract terms used by cloud provider Amazon Web Services have been deemed by the Luxembourg DPA to be a safe way of effecting international data transfers. The decision of the National Commission for Data Protection in Luxembourg (on behalf of the Article 29 Working Party) follows a similar endorsement given to Microsoft last year. Read more about Amazon cloud contract terms meet EU standards on data transfers[…]

Information Security

IC3 Issues Alert for Fake Government Websites

Original release date: April 07, 2015 The Internet Crime Complaint Center (IC3) has released an alert that warns consumers of fraudulent government-services websites that mimic legitimate ones.  Scam operators lure consumers to these fraudulent websites in order to steal their personal identifiable information (PII) and collect fees for services that are never delivered. US-CERT encourages Read more about IC3 Issues Alert for Fake Government Websites[…]

Information Security

IC3 Releases Alert on Web Site Defacements

Original release date: April 07, 2015 The Internet Crime Complaint Center (IC3) has issued an alert addressing recently perpetrated Web site defacements. The defacements advertise themselves as associated with the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS). However, FBI assesses that the perpetrators are not actually associated with Read more about IC3 Releases Alert on Web Site Defacements[…]

Mozilla Releases Security Update for Firefox

Original release date: April 06, 2015 The Mozilla Foundation has released Firefox 37.0.1 to address two vulnerabilities, one of which may allow a remote attacker to conduct man-in-the-middle attacks. Users and administrators are encouraged to review the security advisories for Firefox and apply the necessary updates. This product is provided subject to this Notification and Read more about Mozilla Releases Security Update for Firefox[…]

Google Releases Security Update for Chrome

Original release date: April 01, 2015 Google has released Chrome 41.0.2272.118 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates. Read more about Google Releases Security Update for Chrome[…]

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Original release date: March 31, 2015 The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 37 Firefox ESR 31.6 Thunderbird 31.6 Users and administrators are encouraged Read more about Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird[…]

Cyber Essentials Plus in new Cyber Risk Profiles for Defence suppliers

The Defence Cyber Protection Partnership for companies in the Defence supply chain published new Cyber Risk Profiles a couple of days ago.  They have generated a fairly detailed list of requirements for companies working at each risk profile in the Defence supply chain.  Even the lowest risk profile (e.g. stationary suppliers) specifies Cyber Essentials as a requirement, all other profiles now require Cyber Essentials Plus. […]

Cisco Releases Semiannual IOS Software Security Advisory Bundled Publication

Original release date: March 26, 2015 Cisco has released its semiannual Cisco IOS Software Security Advisory Bundled Publication. This publication includes seven Security Advisories that address vulnerabilities in Cisco IOS Software. Exploits of these vulnerabilities could result in a denial of service (DoS) condition, interface queue wedge, or exchange memory leak. US-CERT encourages users and Read more about Cisco Releases Semiannual IOS Software Security Advisory Bundled Publication[…]