Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Development
    • PC Hardware

    Patch Tuesday, Financial Cyber-Crime, APT Lead Week’s Security News

    By
    Fahmida Y. Rashid
    -
    September 18, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Updates dominated the week, with system administrators having to work through Microsoft’s monthly Patch Tuesday release, Adobe’s quarterly update for Reader and Acrobat, and Oracle’s out-of-band update to fix a denial-of-service vulnerability.

      Microsoft’s Patch Tuesday did not have any surprises since the company had accidentally released the details the week before. All five bulletins had been rated “important.” However, the Internet Storm Center at the SANS Institute cautioned that Microsoft may be under-reporting the severity of three of the patches. The difference lies in the fact that Microsoft rates vulnerabilities that require the targeted user to do something before it can compromise the system, such as opening a file, as “important,” Wolfgang Kandek, CTO of Qualys, told eWEEK. Qualys considers that opening an Excel or Word file is considered a normal activity, and has given the bulletins higher priority.

      Adobe released a much larger update, with 13 patches fixing critical vulnerabilities in Reader and Adobe. The updates repaired a number of remote code execution flaws in Reader and Acrobat X, 9.x and 8.x. Adobe’s quarterly patch update also included a fix to the Adobe Approved Trust List to remove the DigiNotar Qualified Certificate Authority certificate.

      A few weeks after Apache developers rolled out a fix to patch the security bug in how the Apache Web server handled HTTP headers, Oracle released its own out-of-band update for its application servers that are based on Apache software. When exploited, attackers could cause denial of service on servers by consuming memory and CPU resources. Oracle patched the flaw in Oracle Fusion Middleware, Oracle Application Server and Oracle Enterprise Manager.

      Cyber-criminals targeting financial institutions were a popular topic this week. Federal law-enforcement officials testified at a Congressional hearing that criminals were increasingly targeting financial institutions. Online account takeovers were on the rise, even though organizations were getting better at stopping the money from being transferred out of the institution. Criminals are getting better at coming up with new tactics, and organizations needed to step up their security defenses, the officials said.

      Financial cyber-criminals are relying on social-engineering tactics to compromise accounts, whether it’s by tricking users into clicking on a phishing or spear-phishing email, opening an attachment containing a malicious Adobe document or opening a link posted on the social-networking sites, according to a presentation at the New York InfraGard Cyber-Defense Summit this week.

      Insider threats were also a big concern this week, as the financial world was rocked by the admission from Swiss bank UBS that a rogue trader had executed unauthorized trades that could cost the company $2 billion in losses. Organizations are often overlooking their employees, especially highly “trusted” ones when assessing risk and implementing security policies. Senior executives may not be subject to the same checks as the rest of the organization, when they should be subject to more because they have “extraordinary access to assets,” according to John Rostern, managing director at Coalfire.

      RSA Security revealed some findings from its closed-door summit in July on advanced persistent threats. Security professionals from government agencies and the private sector acknowledged that APTs were more prevalent than publicly assumed.

      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×