Two weeks ago, the Black Hat and DEF CON conferences unveiled tons of new security research, which means last week was packed with interesting security stories. If you find yourself falling behind on security news, and need a "one stop shop" to keep you up to date, this weekly video does just that. Last week's stories included many car hacks, a OS X firmware worm, a big UK … [Read more...]
Piles of August Patches – Daily Security Byte EP.124
While there's lots of interesting security stories I could share today, one of the most practical infosec actions you can take is to keep your software patched. Yesterday was Microsoft and Adobe patch day, and Mozilla also recently released a pretty important Firefox update. Watch the video to learn about these important fixes, and more importantly, follow the links below to … [Read more...]
Office Updates Fix Word 0day and Publisher Flaw
Severity: High Summary: These vulnerabilities affect: Microsoft Word, Publisher, and Office Web Apps How an attacker exploits them: Typically by luring your users into opening malicious Office documents Impact: In the worst case, an attacker can execute code, potentially gaining complete control of your computer What to do: Install the appropriate Microsoft updates as soon … [Read more...]
SharePoint Suffers from XSS and Information Disclosure Flaws
Summary: These vulnerabilities affect: SharePoint Server, Groove Server, Office Web Apps, and InfoPath 2010, which are all part of Microsoft's Office family products How an attacker exploits them: Multiple vectors of attack, including luring your users to a malicious link, or by visiting a specific address on a vulnerable server Impact: In the worst case, an attacker can … [Read more...]
Four Office-related Updates Fix Productivity Software Vulnerabilities
Severity: High Summary: These vulnerabilities affect: Microsoft Visio Viewer 2010, SharePoint Server 2010, OneNote 2010, and Outlook for Mac How an attacker exploits them: Multiple vectors of attack, including luring your users into opening malicious Office documents, or into visiting malicious URLs Impact: In the worst case, an attacker can execute code, potentially … [Read more...]