Security Protection – Harry Waldron MVP Rotating Header Image

Adobe Flash Player – OOB Security Update NOV 2014

Users should update Adobe products as prompted and below is a new OOB emergency update released just a few days ago

http://www.f-secure.com/weblog/archives/00002768.html

http://helpx.adobe.com/security/products/flash-player/apsb14-26.html

 
Adobe has released an out-of-band update to fix a vulnerability in Flash Player which was reported by F-Secure. We discovered the vulnerability while analyzing a Flash exploit from an exploit kit called Angler. We received the sample from Kafeine, a renowned exploit kit researcher. He asked us to identify the vulnerability which was successfully exploited with Flash Player 15.0.0.152 but not with 15.0.0.189. That would imply the vulnerability was something patched in APSB14-22. However, based on the information that we had received via Microsoft Active Protections Program the exploit didn’t match any of the vulnerabilities patched in APSB14-22 (CVE-2014-0558, CVE-2014-0564, or CVE-2014-0569).

MALWARE: Point-of-Sale attack threat high for 2014 holiday season

Symantec documents that high risk during the forthcoming holiday seasons still remains high.  While it is likely many companies have strengthened controls, it still is a cat-and-mouse game in staying ahead of latest malware developments

http://www.symantec.com/connect/blogs/pos-malware-potent-threat-remains-retailers

 
As Americans gear up for another holiday shopping season, the threat posed by point-of-sale malware remains high. More than a year after the discovery of the first major attacks against POS networks, many US retailers are still vulnerable to this type of attack and are likely to remain so until the complete transition to more secure payment card technologies in 2015. While some retailers have enhanced security by implementing encryption on their POS terminals, others have not and retailers will continue to be a low-hanging fruit for some time. While the introduction of new technologies will help stem the flow of attacks, it will not eliminate fraud completely and attackers have a track record of adapting their methods.

MALWARE: Regin advanced spyware threat

Symantec documents a highly advanced form of spyware that is very stealth-like and difficult to detect and may have been used in variety of attacks

http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf

http://www.symantec.com/security_response/writeup.jsp?docid=2013-121221-3645-99

 
An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since at least 2008. A back door-type Trojan, Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen. Customizable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals.

Microsoft Security Updates – NOVEMBER 2014

Critical Security updates to Microsoft Windows, Internet Explorer,  Office and other products became available on Patch Tuesday. This is a large security update and users should promptly update to enjoy best levels of protection. So far, no issues encountered in early use after installation.  

https://isc.sans.edu/diary/Microsoft+November+2014+Patch+Tuesday/18941

http://technet.microsoft.com/en-us/security/bulletin/ms14-nov

Leadership – Thanksgiving reflections

For IT Project Managers, this the John Maxwell blogs are exellent resource

http://www.johnmaxwell.com/blog/happy-thanksgiving-1

QUOTE: Here in the United States, tomorrow is Thanksgiving. For most of us, that means time with family, great food, and a chance to reflect on what we’re thankful for from the past year. When I look back on this year, I can’t help but be thankful for some amazing blessings. Among them…

* Spend time with my 93-year-old dad and his wife, Betty.
* Healthy family and wonderful grandchildren.
* My team, who make me better than I am.
* The best year that my companies have ever had.
* Grateful for your support, your focus on personal growth, and your willingness to journey with me in creating lives of impact and significance.

Microsoft OOB update – MS14-068 Kerberos security patch

A few days ago, Microsoft released an out-of-band update  and this is beneficial to apply

http://blogs.technet.com/b/msrc/archive/2014/11/19/security-bulletin-ms14-068-released.aspx

 
Today, we released an out-of-band security update to address a vulnerability in Kerberos which could allow Elevation of Privilege. This update is for all supported versions of Windows Server and includes a defense-in-depth update for all supported versions of Windows. We strongly encourage customers to apply this update as soon as possible by following the directions in Security Bulletin MS14-068.

Mozilla Firefox – v34 to feature advanced search

As a complementary browser, v34 will provide improved security and functionality in next release

https://blog.mozilla.org/ux/2014/11/find-it-faster/

http://venturebeat.com/2014/11/25/mozilla-unveils-firefox-will-soon-offer-one-click-buttons-for-all-your-search-engines/

 
How often have you done a web search, already knowing that you would click the first result that looked like a Wikipedia page? Quite often? Then Firefox is about to make your life easier. With the new one click searches, you can instantly find what you are looking for across the web. When typing a search term into the Firefox search box, you will notice two new things: first, we improved the design of search suggestions to make them look a lot more organized. And second: there is an array of buttons below your search suggestions. These buttons allow you to find your search term directly on a specific site quickly and easily. We are shipping Firefox with a set of pre-installed search engines that are tailored to your language. You can easily show and hide them in your search preferences.

Leadership – Importance of positive attitude

John Maxwell’s Leadership blog is a favorite resource for Project Management advice.

QUOTE: A positive attitude can be a person’s greatest asset. In fact, an upbeat attitude can take people to places that their ability could never carry them on its own. Attitude acts like a booster rocket, lifting people to a higher altitude than they could otherwise climb.

While attitude alone won’t guarantee success, attitude is a difference-maker. All else being equal, attitude gives an advantage or edge over the competition. Therefore, whenever you have a choice to make between two business partners, vendors, or job candidates with similar credentials, pick the one with the better attitude.

A person’s attitude is more apparent in some conditions than in others. Here are three situations in which a person’s true attitude is likely to surface.

1.When they experience negative feelings
2. When they must deal with mundane details
3. When they face adversity

FaceBook – New Anti-Spam controls for NOV 2014

Facebook has recently improved anti-spam controls as noted below

http://facecrooks.com/Internet-Safety-Privacy/Facebook-Tells-Page-Owners-Stop-Spamming-News-Feeds.html/

http://newsroom.fb.com/news/2014/11/news-feed-fyi-reducing-overly-promotional-page-posts-in-news-feed/

QUOTE: Facebook announced this week that it has once again tweaked its News Feed algorithm based on a user survey, and will now devalue “overly promotional page posts.”

According to Facebook, they want to get rid of spammy page posts that push people to buy a product or download an app, encourage them to enter contests or sweepstakes and posts that simply reuse content from Facebook ads. Though concerns have already been raised that this change is simply a way for Facebook to boost its own revenue by moving advertising from promotional posts to Facebook ads, Facebook vehemently denied the new algorithm will lead to any more ads.

“This change will not increase the number of ads people see in their News Feeds,” the site wrote in its announcement. “The idea is to increase the relevance and quality of the overall stories – including Page posts – people see in their News Feeds. This change is about giving people the best Facebook experience possible and being responsive to what they have told us.”

FaceBook – New Privacy policy as of NOV 2014

FaceBook – New Privacy policy as of NOV 2014

Facebook has recently updated & improved their privacy policy.  Users may be prompted to review settings, which is always valuable over coming days (as I received notification this morning)

http://blogs.wsj.com/digits/2014/11/13/facebook-gives-its-privacy-policy-a-makeover/

http://facecrooks.com/Internet-Safety-Privacy/Facebook-Simplifies-Privacy-Policy-%e2%80%93-Again.html/

https://www.facebook.com/about/terms-updates

 
This week, Facebook announced another tool designed to further simplify its privacy policy and make it understandable to the layperson. The feature, called “Privacy Basics,” is a set of interactive guides that walk users through basic security questions, like how to delete content from the site and how to limit visibility in search. In addition to the new look, Facebook also edited the language in its privacy policy to make it less legal-sounding and complicated. It has also been dramatically shortened, down from about 9,000 words to only 2,700. “The idea here is to give people more accessible information about how Facebook works,” Erin Egan, the company’s chief privacy officer, told The New York Times. “It’s simpler, it’s easier to read.”