releeh.com: David Wheeler’s Professional Portfolio
Apple has released QuickTime 7.7.2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review Apple Support Article HT5261 and apply any necessary updates to help mitigate the risk.
This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
Google has released Google Chrome 19 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update to Chrome 19.
This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
Mike Chapple offers best practices to defend your network against the latest threat to the security landscape, targeted APT attacks.
Adobe has released security bulletins to alert users of critical vulnerabilities in multiple products. The following products are affected:
Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or take control of an affected system.
US-CERT encourages users and administrators to review the Adobe security bulletin and apply any necessary updates to help mitigate the risk.
This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
Apple has released iOS 5.1.1 for iPhone, iPod, iPad, and iPad 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, perform a cross-site-scripting attack, or spoof a website address.
US-CERT encourages users and administrators to review Apple Support Article HT5278 and apply any necessary updates to help mitigate the risk.
This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
RuggedCom Rugged Operating System (ROS), used in RuggedCom network infrastructure devices, contains a hard-coded user account with a predictable password.
This user account cannot be manually disabled. An attacker who successfully guesses the password may be able to gain complete administrative control of the ROS device.
As a workaround, RuggedCom has recommended disabling the rsh service and setting the number of telnet connections allowed to 0.
For more information, please see US-CERT Vulnerability Note VU#889195.
This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
Will HTML5 replace Flash? Expert Michael Cobb discusses whether HTML5 security is better than Flash, and why HTML5 traffic can be harder to secure.
Oracle has released its Critical Patch Update for April 2012 to address 88 vulnerabilities across multiple products. This updates contains the following security fixes:
US-CERT Encourages users and administrators to review the April 2012 Critical Patch Update and apply any necessary updates to help mitigate the risks.
This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
In this screencast, Mike McLaughlin offers a short Burp Suite tutorial, including the key features of this powerful pen testing tool: Burp Proxy.
Apple has released security updates to address Flashback malware in the following products:
Apple has released a malware removal tool for the most common variant of the Flashback malware. If the malware is discovered, the tool will notify the user and remove it automatically. If the malware is not discovered, no indication will be given.
US-CERT encourages users and administrators to review article HT5247 and HT5254 and apply any necessary updates to help mitigate the risk.
This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify