X
Euclid Security Newsletter 1/27/17
Mark Anderson

SECURITY NEWS

Gmail will block .js file attachments starting February 13, 2017

Gmail currently restricts certain file attachments (e.g. .exe, .msc, and .bat) for security reasons, and starting on February 13, 2017, we will not allow .js file attachments as well.

https://gsuiteupdates.googleblog.com/2017/01/gmail-will-restrict-js-file-attachments.html

Over 199,500 Systems Still Vulnerable to Heartbleed OpenSSL Bug

It's more than two and half years since the discovery of the critical OpenSSL Heartbleed vulnerability, but the flaw is still alive as it appears that many organizations did not remediate properly to the serious security glitch. It was one of the biggest flaws in the Internet's history that affected the core security of as many as two-thirds of the world's servers i.e. half a million servers at the time of its discovery in April 2014.

http://thehackernews.com/2017/01/heartbleed-openssl-vulnerability.html

https://www.shodan.io/report/DCPO7BkV

NOTABLE RECENT SECURITY UPDATES

Chrome 56 Patches 51 Vulnerabilities

Google this week released Chrome 56 in the stable channel, patching no less than 51 vulnerabilities in the popular browser.

https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html

Mozilla Releases Security Updates

Mozilla has released a security update to address multiple vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/

WordPress Releases Security Update

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/

Cisco Releases Security Updates

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The WebEx Browser extension update resolves a critical flaw that could allow remote attackers to take control of the system.

https://tools.cisco.com/security/center/publicationListing.x

Apple Releases Security Updates

Apple has released security updates to address multiple vulnerabilities in several products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

macOS Update: https://support.apple.com/en-us/HT207483

iOS Update: https://support.apple.com/en-us/HT207482