Apple has released updates to OS X and iTunes to address multiple vulnerabilities, some of which could allow an attacker to execute arbitrary code, obtain website credentials, or take control of the affected system.

Updates are available:
1: OS X Mavericks 10.9.3 for OS X Mavericks 10.9 to 10.9.2
2: iTunes 11.2 for Windows 8, 7, Vista, and XP SP3 or later

Users and administrators are encouraged to review Apple Security Updates HT6246 and HT6245, and apply the necessary updates.

Adobe has released security updates to address multiple vulnerabilities in Reader, Acrobat, Flash Player, and Illustrator. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system.

The following updates are available:

• Adobe Reader XI 11.0.07 for Windows and Macintosh
• Adobe Reader X 10.1.10 for Windows and Macintosh
• Adobe Acrobat XI (11.0.07) for Windows and Macintosh
• Adobe Acrobat X (10.1.10) for Windows and Macintosh
• Adobe Flash Player 13.0.0.214 for Windows, Macintosh, and Linux
• Adobe Flash Player 11.2.202.359 for Linux
• Adobe AIR SDK and Compiler 13.0.0.111 for Windows and Macintosh
• Adobe Illustrator (subscription) 16.2.2 for Windows and Macintosh
• Adobe Illustrator (non-subscription) 16.0.5 for Windows and Macintosh
• Users and administrators are encouraged to review Adobe Security Bulletins APSB14-11, APSB14-14, and APSB14-15 and apply the necessary updates.

Google has released security updates to address multiple vulnerabilities in Chrome. Some of these vulnerabilities may lead to memory corruption or arbitrary code execution. Read More »

Many organisations may have a false sense of security resulting from their investments in non-agile security tools and processes they have relied on for years. Yet firewalls, antivirus, intrusion detection systems (IDS) and intrusion prevention systems (IPS) are increasingly less effective as attackers leverage encryption and other innovative techniques to evade them.

Following the well-publicized mass looting of data from Target Inc. in late 2013, most companies are devoting renewed energy to bolstering their cybersecurity measures. The awareness that digital information is at risk extends across businesses of all sizes as well as to private citizens, who have become much less complacent over the past year.

A sense of urgency about digital security is fueled not just by the widespread occurrence of data theft by hackers, but also via the ongoing concern for privacy issues driven by disclosures of extensive National Security Agency (“NSA”) information gathering.

In response to these threats, companies are taking a variety of steps, and the digital security industry is seeing strong growth and innovation. CRN has talked with security firms across the industry, and reports the following trends in 2014 surrounding data protection and cybersecurity.

• Enhanced use of encryption, and more careful attention to the maintenance and proper configuration of existing encryption systems, is one of the first lines of defense used to thwart would-be attackers.
• Increased scrutiny of internal data use is another common response to Target’s woes. Behavioral analytic technologies allow firms to monitor users within the company as well as end users, remaining alert for suspicious behavior that accompanies theft or attack with malware.
• Resistance to cloud technology is growing. While this area offers huge rewards for companies and end users in terms of efficiency and access, the security liabilities that accompany cloud technology create a drag on the speed with which many firms are willing to adopt it.
• Risk assessment and software analysis to screen for vulnerabilities is gaining a front seat at many organizations. Keeping software up-to-date to avoid known weaknesses and testing proprietary software for unnoticed vulnerabilities are both front-line defensive maneuvers that are receiving more attention in 2014.
• More destructive attacks that damage computer systems and stored data could become a problem, as political and cause-focused hacktivist groups target particular corporations or government sites.
• Rising levels of smartphone malware means more security efforts directed to Android and other mobile platforms, as well as the individual apps businesses use to interact with their customers. Apps that were originally harmless but then changed ownership, much like the Chrome extensions Google recently pulled from its Play Store, pose a similar type of new threat.
• Old fashioned phishing and hacking of individual users is gaining in popularity as cybercriminals seek access to account credentials, while avoiding sophisticated security measures.
• More sophisticated malware and better encryption of malicious code allow cyberattackers to evade virus detection and removal tools.
• Active defense is a relatively new concept in computer security that is garnering extra attention these days. The idea is to convince hackers that they are into their target area, when they’ve actually been diverted and trapped in a shell where they can be easily identified and in some cases, retaliated against.
• Following up on network threats is a necessity that requires manpower organizations don’t always have available. Active monitoring and maintenance by managed service providers and hiring forensics experts to respond to threats are two popular solutions.
• The end of the internet as we know it sounds extremely dramatic, but it may actually be a possibility. CRN says that “NSA surveillance revelations could cause the Internet to break up into ‘national segments,’ which would have serious consequences for the security industry,” according to Alex Gostov, who works researching security issues at Kaspersky Lab. As countries attempt to protect their sensitive government data and that of their citizens, new restrictions on foreign access may have serious impacts on security and the functioning of the system itself.

Data theft, damage to databases and other types of cybercrimes pose an immense threat to businesses and organizations of all kinds today. A successful attack can cost huge sums of money and destroy reputations, along with years of work. With so much at stake, it is imperative that leaders acknowledge and respond to the new and intensified threats of computer security flaws.