Archive for June, 2013

Microsoft to Fix two more flaws in IE

June 3rd, 2013

Microsoft will patch 33 vulnerabilities in 10 bulletins relating to Internet Explorer, with two bulletins rated “critical.”

While few details are given about the security issues, today’s advanced security bulletin outlined flaws in a range of other products, including Microsoft Office, .NET Framework, Microsoft Lync, and Windows Essentials.

Bulletin 1 relates to all versions of Internet Explorer 6 to 10, including Windows 8 and Windows RT devices. A patch will be released to fix issues discovered at two security conferences earlier this year.

Bulletin 2 relates to the recent Internet Explorer 8 zero-day flaw designed to target U.S. government workers. The software giant said it was “working” to have a full patch ready for a critical zero-day flaw for Internet Explorer 8, in which the company issued an emergency out-of-band “Fix It” patches on Thursday.

The other eight bulletins are considered “important.”

The remaining eight patches will address flaws that range from denial-of-service errors that can cause Windows to crash, to remote code execution issues in Microsoft Office and Lync, an elevation of privileges that would allow an attacker to gain additional rights to the affected system, and information disclosure issues relating to Windows Essentials 2011 and 2012.

Included with the security patches, we can expect Microsoft to issue a number of non-security related fixes to its Surface Pro and Surface RT tablets, in line with previous months.

Microsoft has delivered 739 updates for Windows 8 and Windows RT in the nearly seven month period since the two versions were launched in October. These fixes included battery life improvements to additional driver support.

The security fixes will be released on May 14 through the usual update channels, such as Windows and Microsoft Update.

Microsoft is doing its best to enhance data security.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Evernote Hacked

June 1st, 2013

Evernote makes it easy to remember things big and small from your everyday life using your computer, phone, tablet and the web. But what happens when Evernote is hacked? Data security breached!

Thankfully the passwords are salted hashes, so it’s unlikely they’ll get brute forced any time soon. As a precaution, Evernote forced a password reset on its entire user base.

Evernote has joined the growing list of companies, whose cloud-based services have suffered a serious security breach, announcing over the weekend that it had implemented a service-wide password reset after attackers accessed user information.

Happily, the company’s announcement notes, the passwords accessed were salted hashes, which should mean they last longer than the passwords lifted from the Australian Broadcasting Corporation recently.

The user information accessed by the attackers also included user Ids and e-mail addresses.

Evernote joins the ranks of numerous other large companies which have been hacked recently (including Apple, Facebook & others compromised by the Java exploit).

All Evernote users were required to reset their passwords in case the attackers are able to recover passwords from the salted hashed list. The password reset will apply not only to Evernote logins, but to all apps that users have given access to their Evernote accounts.

Other major names to be hit in recent attacks include Apple, Facebook, Twitter and Microsoft, with a Java zero-day behind most of the vulnerabilities.

The company says the attack “appears to have been a coordinated attempt to access secure areas of the Evernote Service”.

The usual suggestion, that users choose strong passwords that they don’t re-use, will no doubt be ignored by a small-but-significant number of Evernote’s customers.

Evernote suggests that no user data was leaked, which is good as people tend to store pretty important information in the app (Bank account details, passport scans etc).

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta