Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity
    • Development
    • PC Hardware

    Patch Tuesday, Financial Cyber-Crime, APT Lead Week’s Security News

    Written by

    Fahmida Y. Rashid
    Published September 18, 2011
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Updates dominated the week, with system administrators having to work through Microsoft’s monthly Patch Tuesday release, Adobe’s quarterly update for Reader and Acrobat, and Oracle’s out-of-band update to fix a denial-of-service vulnerability.

      Microsoft’s Patch Tuesday did not have any surprises since the company had accidentally released the details the week before. All five bulletins had been rated “important.” However, the Internet Storm Center at the SANS Institute cautioned that Microsoft may be under-reporting the severity of three of the patches. The difference lies in the fact that Microsoft rates vulnerabilities that require the targeted user to do something before it can compromise the system, such as opening a file, as “important,” Wolfgang Kandek, CTO of Qualys, told eWEEK. Qualys considers that opening an Excel or Word file is considered a normal activity, and has given the bulletins higher priority.

      Adobe released a much larger update, with 13 patches fixing critical vulnerabilities in Reader and Adobe. The updates repaired a number of remote code execution flaws in Reader and Acrobat X, 9.x and 8.x. Adobe’s quarterly patch update also included a fix to the Adobe Approved Trust List to remove the DigiNotar Qualified Certificate Authority certificate.

      A few weeks after Apache developers rolled out a fix to patch the security bug in how the Apache Web server handled HTTP headers, Oracle released its own out-of-band update for its application servers that are based on Apache software. When exploited, attackers could cause denial of service on servers by consuming memory and CPU resources. Oracle patched the flaw in Oracle Fusion Middleware, Oracle Application Server and Oracle Enterprise Manager.

      Cyber-criminals targeting financial institutions were a popular topic this week. Federal law-enforcement officials testified at a Congressional hearing that criminals were increasingly targeting financial institutions. Online account takeovers were on the rise, even though organizations were getting better at stopping the money from being transferred out of the institution. Criminals are getting better at coming up with new tactics, and organizations needed to step up their security defenses, the officials said.

      Financial cyber-criminals are relying on social-engineering tactics to compromise accounts, whether it’s by tricking users into clicking on a phishing or spear-phishing email, opening an attachment containing a malicious Adobe document or opening a link posted on the social-networking sites, according to a presentation at the New York InfraGard Cyber-Defense Summit this week.

      Insider threats were also a big concern this week, as the financial world was rocked by the admission from Swiss bank UBS that a rogue trader had executed unauthorized trades that could cost the company $2 billion in losses. Organizations are often overlooking their employees, especially highly “trusted” ones when assessing risk and implementing security policies. Senior executives may not be subject to the same checks as the rest of the organization, when they should be subject to more because they have “extraordinary access to assets,” according to John Rostern, managing director at Coalfire.

      RSA Security revealed some findings from its closed-door summit in July on advanced persistent threats. Security professionals from government agencies and the private sector acknowledged that APTs were more prevalent than publicly assumed.

      Fahmida Y. Rashid
      Fahmida Y. Rashid

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.