Windows 10 Anniversary Update: Ransomware
Microsoft has improved its ransomware protections in the Windows 10 Anniversary Update in the face of increased infection rates and a doubling in the number ransomware variants released in 2016. The information is available Here.
Oracle Critical Patch Update Released
The Critical Patch Update for October 2016 was released on October 18th, 2016. Oracle strongly recommends applying the patches as soon as possible.
If you are new to this process, please review Oracle’s Security Fixing Policies and the Critical Patch Update Advisory. After reviewing these resources, if you are unable to determine if you require a software update, or how to apply it, please contact Oracle Support.
The Critical Patch Update Advisory is the starting point for relevant information. It includes the list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities for each product suite, and links to other important documents. Supported products that are not listed in the “Affected Products and Components” section of the advisory do not require new patches to be applied.
Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.
Critical Patch Update Advisories are available at the following location:
Oracle Technology Network:
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
The Critical Patch Update Advisory for October 2016 is available at the following location:
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Important information can also be found at:
https://blogs.oracle.com/security/
Oracle’s Security Fixing Policies are available at the following location:
http://www.oracle.com/support/assurance/vulnerability-remediation/security-fixing.html
Microsoft Releases Security Bulletins, Five Rated Critical
Five of them are rated as Critical as they allow remote code execution on the affected computer.
Remote Code Execution vulnerabilities are ones that allow an attacker to remotely execute commands on a computer.
All Windows users should immediately run Windows update and install all of the available updates as soon as possible.
Apple Security Updates
Apple has released security updates to address vulnerabilities in macOS Server, macOS Sierra, Safari, and iCloud for Windows. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review the Apple security pages for MacOS Server , MacOS Sierra, Safari, and iCloud for Windows and apply the necessary updates.
Adobe Security Bulletin Released
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could allow an attacker to take control of the affected system. User should as always apply Adobe Flash updates ASAP.
Security update for Firefox 49
Mozilla has released an update for Firefox 49 with eighteen fixes, four of which are listed as Critical including a highly scrutinized flaw in its automated update process for add-ons in Firefox, specifically around the expiration of certificate pins. The vulnerability allowed the interception of browser traffic which could lead to remote code execution.
Microsoft releases 11 Security Updates
Included in this update are 11 security updates with 6 of them being labeled as critical allowing remote code execution. Remote code execution allows attackers to execute commands on the vulnerable system without the owner’s knowledge.
All users should immediately run Windows update and install all of the available updates as soon as possible.
New Locky campaign underway
Ransomware continues to be among most insidious threats facing computer users this year. Researchers have recently observed a spike in Locky Ransomware phishing. The most recent campaign uses emails with the subject Re:
The Locky ransomware encrypts files renaming the to [unique_id][identifier].locky. The malware will also delete all of the copies of documents in the Shadow Volume, making impossible to restore files.
The only real defenses against these types of attacks is user education and a solid backup plan.
Adobe patches Flash 0 day
There is a new Adobe Flash Player update that closes 25 security holes, all of which could lead to remote code execution. Updating your Flash player should be done as soon as possible – especially as an exploit for the zero-day vulnerability (CVE-2016-4117) exists and is currently used in the wild.
Microsoft releases 16 Security Updates
Included in these updates are patches for 8 vulnerabilities labeled as critical because they allow an attacker to perform remote code execution on the vulnerable product.
All users should immediately run Windows update and install these security updates as soon as possible
capitalregionit 