Nearly Half of Breaches Due to Vulnerabilities that are Two to Four Years Old
Old vulnerabilities, for which patches have long been available, are to blame for a large number of breaches according to a report from Hewlett-Packard’s security team. Many enterprises are far enough behind in patching that vulnerabilities in software such as Java from as long ago as 2011 are still leading to significant malware infections and data breaches. As always, a good vulnerability management and patching strategy is essential for all organizations.
Bad Norton Anti-Virus Update Crippled Internet Explorer on Some Computers
An anti-virus update released by Symantec for several Norton and Symantec security products caused conflicts or complete failure of Internet Explorer for many customers. Symantec issued a new update the next day to fix the issue. In many cases, a manual update was required to resolve the problem. Updates for security software are a tricky issue; installing them regularly and quickly is important, but problems have not been uncommon in the past. If possible, a quick test on a sample computer is a good practice before authorizing an organization-wide update of any software.
Google Expands Warnings on Potentially Unwanted or Malicious Downloads in Chrome
Google’s Chrome web browser has had built-in warnings for the past couple of years when users attempt to download software that is known or suspected of being malicious or “potentially unwanted” (a catch-all for adware and other nuisance programs that are not explicitly malicious). Last week Google expanded these warnings to warn users when they visit websites which are known to host such downloads, even before the user attempts to actually download such files.
Firefox Update Released; Version 36 Fixes a Number of Critical Vulnerabilities
Last Tuesday Mozilla released an updated version of their Firefox web browser which fixes a total of 17 security flaws, six of which are rated “high” and three of which are rated “critical.” This is a regularly-scheduled Firefox update.