Tuesday, September 16, 2014

Security Jobs: Computer Forensics Senior Security Consultant, Southern Connecticut



Computer Forensics Senior Security Consultant

Southern Connecticut
$100,000+ Base, benefits, training opportunities
Education: BA/BS Preferred
Certification:  CISSP Appreciated, GCFA, CCE, CFCE Preferred

The Opportunity:

SecurityRecruiter.com has helped this well-established information security consulting company to grow for years. Our client’s focus is on forensics, business continuity / business recovery, data privacy and information security.  They’ve been providing these services for over 25 years.
Since this firm was created in 1998, it has been on the forefront of providing highly ethical services to prevent exploitation of its clients. 

When they add to their consultant team, they look for consultants who have a passion for the information security profession.  They hire consultants who have a passion for learning and who are curious to know what comes next.  If you’re a candidate for this role, you’ll be challenged to demonstrate your passion, the ways in which you keep up-to-date with the changing security landscape and you’ll be expected to learn new tools in order to deliver world-class forensics services.

Our client operates a lab environment at their corporate office in Southern Connecticut.  You will be expected to work from this office while also making face-to-face visits to client sites.  You will conduct on-site client project planning meetings and you will interface with client management to acquire data, to conduct tests, to review designs, findings and to make recommendations.

Innovation, considerable independent action, and sound technical judgment are required for effective implementation of client requirements.  You must be able to conceive and recommend alternative practices to maximize results and minimize risk.  This position requires organizational skills and dealing with complex and difficult technical and procedural methods.

In addition to a competitive base salary, our client also offers paid holidays, generous vacation, medical, dental, disability insurance, 401 (K) and technical training opportunities.

Required Background Skills:
  • Demonstrate expertise with EnCase Forensic software
  • A 4-year degree is highly appreciated.  Candidates who do not have a 4-year degree will be considered
  • Must have 4+ years of progressively responsible experience and research in digital forensics
  • Demonstrate a deep working knowledge of various operating and network systems, encryption programs and data retrieval procedures
  • Prove an ability to analyze digital data and to think outside the box during investigative tasks
  • Show that you can effectively communicate findings and recommendations orally and in writing
  • Demonstrate a full understanding of “Chain of Custody”
  • Forensics Certification preferred (GCFA, CCE, CFCE, etc.)
  • Familiarity with intrusion detection systems (IDS), security information and event monitoring (SIEM) and log aggregation preferred
  • Having previously testified in court is a plus

Considerable independent action, innovation and sound technical judgment are required.  You must be able to conceive and recommend alternative practices to maximize results and minimize risk.  Tasks could involve computer hard drives, storage devices, cell phones, PDAs, tablets, MP3 players, smart phones, electronic notebooks, video game consoles or any other electronic device to test what a hacker could do in a system or what s/he might have done, or to accumulate evidence that could be admissible in a court of law.

Connecticut Security Jobs, Forensics Security Jobs, Security Forensics Consulting Jobs




Great Resumes Open Interview Doors




There is nothing I enjoy more than reporting wins.  Last Thursday night, my hockey team won its game against the team we least appreciate in our league.  It was a sweet win and it hadn't happened since before my heart surgery. 

Over the weekend, 2 of my favorite 4 football teams won and two came up short.

My Monday morning inbox had this great winning information in it.  

“I apologize that it took me so long to get this email to you. I wanted to really see if this resume would change the landscape for job hunting and sure enough I have been bombarded with phone calls since I launched.  
Just last Friday, I accepted an offer to start at a new company and effectively doubled my salary. This opportunity might have been lost without your assistance and I wanted to thank you for your services.
I find it challenging to put into words just how powerful the blend of skills that Jeff brings to the table, as there are so few people who embody the insight, knowledge, resources, training, leadership, and business management traits that Jeff brings to each and every one of his clients. There is no question that Jeff contributed directly to my career advancement and to me, that is a very powerful thing.”
My resume coaching clients are securing interviews 

They're getting new jobs and they're increasing their Personal Stock Value.  Don't get left behind.  Explore my 1 Hour Resume Coaching service and you'll receive the same service that enabled this client to "effectively double" his salary off of a $259.00 investment in himself and my coaching.


Jeff Snyder's, Security Job Coach, SecurityRecruiter.com, Security Recruiter Blog, 719.686.8810

Monday, September 15, 2014

Cyber Security News, Education and Vulnerability Patch Report for the Week of September 15, 2014



Cyber Security News of the Week


From our friends at Citadel Information Group

Cyber Crime

Home Depot Malware Hints at Different Hackers Than Target’s: Home Depot (HD) was hacked with a malicious software program that plunders store registers while disguising itself as antivirus software, according to two security researchers. Bloomberg BusinessWeek, Septemeber 11, 2014
Home Depot Data Breach Could Be the Largest Yet: Home Depot confirmed on Monday that hackers had broken into its in-store payments systems, in what could be the largest known breach of a retail company’s computer network. The New York Times, Septemner 8, 2014
Home Depot Hit By Same Malware as Target: The apparent credit and debit card breach uncovered last week at Home Depot was aided in part by a new variant of the malicious software program that stole card account data from cash registers at Target last December, according to sources close to the investigation. KrebsOnSecurity, September 7, 2014
Hacked Is The New Black For Retailers. Here’s What You Need To Know: It has not been a pretty week for Home Depot HD -0.58%. Last Tuesday security researcher Brian Krebs reported that there were signs of a massive breach at the retailer and then later, that the breach looked to be especially large, impacting just about all of the retailer’s stores across the country. Forbes, September 7, 2014

Cyber Privacy

Government’s Threat of Daily Fine for Yahoo Shows Aggressive Push for Data: The federal government was so determined to collect the Internet communications of foreign Yahoo customers in 2008 that it threatened the company with fines of $250,000 a day if it did not immediately comply with a secret court order to turn over the data. The New York Times, September 11, 2014
With Apple Pay and Smartwatch, a Privacy Challenge: No one has considered Apple a serious data company, until now. The New York Times, September 10, 2014
Facebook Generation Rekindles Expectation of Privacy Online: Mark Zuckerberg said in 2010 that privacy was no longer a “social norm.” But four years later, the pendulum might be ready to swing the other way. The New York Times, September 7, 2014

Financial Cyber Security

In Wake of Confirmed Breach at Home Depot, Banks See Spike in PIN Debit Card Fraud: Nearly a week after this blog first reported signs that Home Depot was battling a major security incident, the company has acknowledged that it suffered a credit and debit card breach involving its U.S. and Canadian stores dating back to April 2014. Home Depot was quick to assure customers and banks that no debit card PIN data was compromised in the break-in. Nevertheless, multiple financial institutions contacted by this publication are reporting a steep increase over the past few days in fraudulent ATM withdrawals on customer accounts. KrebsOnSecurity, September 8, 2014

Cyber Warning

Salesforce warns customers of malware attack: Salesforce.com users are being targeted by a new version of a computer Trojan that has typically attacked online banking customers until now. PCWorld, September 9, 2014
Hackers launch Apple ID phishing campaign playing on iCloud security worries: The hackers behind the Kelihos botnet are trying to capitalize on users’ increased awareness about the security of Apple online accounts through a new phishing campaign. PCWorld, September 8, 2014
New Mac Malware Used in Cyberespionage Campaign: A dangerous new type of Mac malware has been discovered, and the criminals behind it appear to be a group known for targeting United States industrial companies. Experts say the malware proves that cybercriminals are increasingly targeting Macs as well as PCs. Tom’s Guide, September 5, 2014
‘Your Money or Your Files’ as Threat of Online Stickups Grows: You’re an entrepreneur, managing the business from your PC. You’re a doting mother, with hundreds of photos of your children on your laptop. Now, if someone seized all those files, how much would you pay to get them back? Bloomberg BusinessWeek, August 29, 2014

Cyber Security Management

Cyber Risk Series: Wilson Elser attorney on crisis management, data privacy/security and (re)insurance coverage: Featuring Dr. Stahl Stan Stahl, President of Citadel Information Group, Inc. sat down with attorney Melissa Ventrone who is the chair of the law firm of Wilson Elser’s Data Privacy & Security practice to discuss the legal aspects of cyber crime. Ms. Ventrone practice focuses on Crisis Management, Data Privacy and Security and Insurance and Reinsurance Coverage. World Risk and Insurance News, September 2014

Cyber Security Management – Cyber Defense

When It’s A Good Idea To Invite An Army Of Hackers To Attack You: Last month, Wired had a disturbing scoop for anyone who has posted an embarrassing revelation on the app Secret: a hacker named Benjamin Caudill had come up with a way to identify Secret’s anonymous users. The fear and thrill of learning about the hack was short-lived though. Readers couldn’t rush to their smartphones and start pulling the digital masks off those whose lips had been loosened by the promise of anonymity. The hole had already been patched. Before Rhino Security Lab’s Caudill went to the press, he had disclosed the vulnerability to Secret through its six-month old bug bounty program on HackerOne. It was resolved before the Wired story was published. Forbes, Septemeber 10, 2014
A List of 5 Million ‘Gmail Passwords’ Leaked, But There’s No Need to Panic: It might be time to change some of your passwords — again. But if you’ve used a Gmail password that’s unique from other accounts, you might not have to worry. Mashable, September 10, 2014

Cyber Security Management – Cyber Update

US-CERT Warns of Vulnerability in Cisco Baseboard Controller: US-CERT today released an advisory warning of a vulnerability in Cisco’s Integrated Management Controller (IMC). Cisco released an update that patches the security hole. ThreatPost, September 11, 2014
Critical Fixes for Adobe, Microsoft Software: Adobe today released updates to fix at least a dozen critical security problems in its Flash Player and AIR software. Separately, Microsoft pushed four update bundles to address at least 42 vulnerabilities in Windows, Internet Explorer, Lync and .NET Framework. If you use any of these, it’s time to update! KrebsOnSecurity, September 9, 2014

Cyber Awareness

Best Practices for Employees to Protect the Company From Hackers: In today’s online world, technology users are essentially in a state of near-constant attack. Almost every day there’s a new data breach in the news involving a well-known company and quite often fresh rules for protecting personal information are circulated. Because of malware in email, phishing messages and malicious websites with URLs that are one letter different from popular sites, employees need to maintain a high level of awareness and diligence to protect themselves and their organizations. Entreprenuer, September 8, 2014

Securing the Village

Developers, Academia Team Up on Manual for Secure Software Design: Google, Twitter and Harvard University are cooperating with other businesses and schools to create a manual to help developers design more secure software.eWeek, August 27, 2014
Government launches information sharing partnership on cyber security: New cyber partnership launched to help government and industry share information and intelligence on cyber security threats. Gov.uk, March 27, 2013

National Cyber Security

The Unlikely Alliance of Hackers Fighting the Islamic State: A motley crew of unlikely allies are taking on the Islamic State online, taunting them, taking down Twitter accounts and allegedly jamming the group’s communications, among other things. Mashable, September 9, 2014

Cyber Underworld

5 gangs in Nigeria are behind most Craigslist buyer scams: Five Nigerian criminal gangs are behind most scams targeting sellers on Craigslist, and they’ve taken new measures to make their swindles appear legitimate, according to a new study. ComputerWorld, September 8, 2014

Dread Pirate Sunk By Leaky CAPTCHA: Ever since October 2013, when the FBI took down the online black market and drug bazaar known as the Silk Road, privacy activists and security experts have traded conspiracy theories about how the U.S. government managed to discover the geographic location of the Silk Road Web servers. Those systems were supposed to be obscured behind the anonymity service Tor, but as court documents released Friday explain, that wasn’t entirely true: Turns out, the login page for the Silk Road employed an anti-abuse CAPTCHA service that pulled content from the open Internet, thus leaking the site’s true location. KrebsOnSecurity, September 6, 2014

Profits, falling crimeware prices driving Chinese cybercrime: Trend Micro report finds that the economic and technical barriers to becoming a cybercriminal are much lower today than in the past. CSO, September 5, 2014





Weekend Vulnerability and Patch Report, September 14, 2014


Important Security Updates

Adobe Flash Player: Adobe has released version 15.0.0.152 to fix at least 12 unpatched vulnerabilities, some of which are highly critical, in its Flash Player for the Windows and Mac versions. Updates are available from Adobe’s website. Updates are also available for AIR.

Apple iTunes: Apple has released version 11.4 of iTunes for Windows (64-bit). Updates are available from Apple’s website.

AVG Free Edition: AVG has released version 2015.0.5315 of its 32 bit Free Edition. Updates are available on AVG’s website.

D-Link DIR-626L/DIR-836L/826L: D-Link has released updates for its DIR-626L, DIR-826L and DIR-836L wireless cloud routers to fix moderately critical vulnerabilities reported in previous firmware versions. Update to a fixed version. Updates are available from D-Link’s website.

Google Chrome: Google has released Google Chrome version 37.0.2062.120 for Windows, Mac, and Linux to fix at least 14 vulnerabilities, some of which are highly critical, reported in previous versions. Updates are available from within the browser or from Google Chrome’s website.

Malwarebytes Anti-Exploit: Malwarebytes has released version 1.04.1.1012 of its free Malwarebytes Anti-Exploit. Updates are available from Malwarebytes’ website.

Microsoft Internet Explorer: Microsoft has released updates for all versions of Internet Explorer to fix at least 37 vulnerabilities, some of which are highly critical. Updates are available from within Windows Control Panel or from Microsoft’s website.

Microsoft Patch Tuesday: Microsoft’s Patch Tuesday released 9 updates to address at least 37 vulnerabilities, some of which are highly critical within Windows, Internet Explorer, Office, Windows Media Center, One Note, SQL Server, SharePoint and other Microsoft products.

Mozilla Firefox: Mozilla has released version 32.0.1. Updates are available within the browser or from Mozilla’s website.

Current Software Versions

Adobe Flash  15.0.0.152 [Windows 7: IE]
Adobe Flash  15.0.0.152 [Windows 7: Firefox, Mozilla]
Adobe Flash  15.0.0.152 [Windows 8: IE]
Adobe Flash  15.0.0.152 [Macintosh OS X: Firefox, Opera, Safari]
Adobe Reader 11.0.08
Dropbox 2.10.29 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]
Firefox 32.0.1
Google Chrome 37.0.2062.120
Internet Explorer 11.0.9600.17280
Java SE 7 Update 67 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
QuickTime 7.7.5
Safari 5.1.7 
Safari 7.0.4 [Mac OS X]
Skype 6.20.0.104

Newly Announced Unpatched Vulnerabilities

Adobe Reader/Acrobat: Secunia reports moderately critical unpatched vulnerabilities in Adobe Reader XI and Acrobat XI versions 11.0.08 and prior for Windows, Adobe Reader XI and Acrobat XI versions 11.0.07 and prior for Macintosh, Adobe Reader X and Acrobat X versions 10.1.11 and prior for Windows, Adobe Reader X and Acrobat X versions 10.1.10 and prior for Macintosh. Other versions may also be affected. No solution is currently available. The vendor is planning to release an update within the week of September 15th, 2014.
For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports Cisco has released updates for IOSXR and Unified Computing System (UCS). Apply available updates. Secunia reports unpatched vulnerabilities in Unified Communications Manager, Intelligent Automation for Cloud, UCS Director, Cloud Portal, TelePresence System MXP Series, Unified Computing System (UCS), Unified Communications Manager and others. No official solutions is currently available.

VMware ESXi: Secunia reports VMware has released a partial fix for ESXi to address 2 vulnerabilities reported in versions 5.0, 5.1 and 5.5. Apply update if available.

VMware NSX/vCloud Networking and Security: Secunia reports VMware has released an update for NSX / vCloud Networking and Security to fix a vulnerability reported in VMware NSX Edge 
versions prior to 6.0.6 and VMware vCloud Networking and Security (vCNS) Edge versions prior to 5.5.3 and prior to 5.1.4.2. Update to a fixed version.

VMware vCenter Server: Secunia reports VMware has released updates for its vCenter Server to fix at least 41 unpatched vulnerabilities, some of which are moderately critical, reported in previous versions. Update to version 5.5 Update 2.

VMware vSphere Update Manager: Secunia reports VMware has released updates for its vSphere Update Manager to fix at least 36 vulnerabilities, some of which are moderately critical, reported in previous versions. Update to version 5.5 Update 2.

If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.

Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Copyright © 2014 Citadel Information Group. All rights reserved.


Monday, September 08, 2014

Cyber Security News, Education and Vulnerability Patch Report for the Week of September 8, 2014

 

Cyber Security News of the Week


From our friends at Citadel Information Group

Cyber Crime

Hackers Breach Security of HealthCare.gov Test Site: WASHINGTON — Hackers breached security at the website of the government’s health insurance marketplace, HealthCare.gov, but did not steal any personal information on consumers, Obama administration officials said Thursday. The New York Times, September 4, 2014
Data: Nearly All U.S. Home Depot Stores Hit: New data gathered from the cybercrime underground suggests that the apparent credit and debit card breach at Home Depot involves nearly all of the company’s stores across the nation. KrebsOnSecurity, September 3, 2014

Financial Cyber Security

Fighting Cybercrime in Canada: Canada is considering adopting tougher data security and cybercrime legislation that could serve as a model for other nations, says Claudiu Popa, an information security expert who’ll be a panelist at Information Security Media Group’s Fraud Summit Toronto. BankInfoSecurity, August 27, 2014

Cyber Warning

Hackers exploit critical vulnerability in popular WordPress theme component: Attackers are actively exploiting a critical vulnerability in a WordPress plug-in that’s used by a large number of themes, researchers from two security companies warned Wednesday. PCWorld, September 4, 2014

Cyber Security Management

Growing security threats put focus on CISO role: This week Home Depot became the latest in the growing list of major organizations that are the apparent targets of cybercriminals. Indeed, cybercrime seems rampart and cyberdefenses appear woefully inadequate. Both of these place greater focus on the need for chief information security officers. While most companies still do not have such a professional on payroll, the ranks are growing. Jamey Cummings, principal and co-leader of Korn Ferry’s Cybersecurity Center of Expertise, spoke with FierceCIO about the need for CISOs, they skills they should have, and the value they can bring to an organization. FierceCIO, September 4, 2014
Cyber Crime Means Business- Potentially Yours: MacDonnell Ulsch is Managing Director of Cybercrime and Breach Response at PricewaterhouseCoopers LLP. He served on the United States Secrecy Commission and is the author of two books, Cyber Threat! How to Manage the Growing Risk of Cyber Attacks (Wiley, 2014) and THREAT! Managing Risk in a Hostile World (The IIA Research Foundation, 2008). Ulsch has advised a variety of private sector and federal agency clients and has led many complex breach investigations. Forbes, September 4, 2014
Cyber Risk Series: The Threat…The Response: Featuring Dr. Stahl – Stan Stahl, President Citadel Information Group, Inc. sat down with Marc Maiffret, who is the Chief Technology Officer at BeyondTrust, a leading security and compliance management company to discuss the evolution of cyber crime and what companies should do to protect themselves. Mr. Maiffret a security research pioneer is credited with discovering some of the first major vulnerability discoveries in Microsoft software. 8 minute video on WRIN.TV. World Risk and Insurance News, September, 2014
10 Ways To Strengthen Healthcare Security: As recent hacks show, keeping a healthcare organization safe from security threats takes planning, technical expertise, and business knowledge. Has your team taken these 10 steps? InformationWeek, August 26, 2014

Cyber Security Management – Cyber Defense

Apple Plans to Extend 2FA to iCloud: In the wake of the iCloud photo theft scandal, Apple’s CEO said the company plans to extend its two-factor authentication system to logins to the iCloud service from mobile device. The change will come when iOS 8.0 comes out later this month. ThreatPost, September 5, 2014
Europol launches international cybercrime task force: Europol launched a cybercrime task force Monday to fight online crime in the EU and other countries. PCWorld, September 1, 2014
After alleged iCloud breach, here’s how to secure your personal cloud: A hacker may have been responsible for leaking explicit photos of celebrities due to a weak link in their Apple iCloud accounts. Here’s what you can do to keep your embarrassing selfies (and company secrets) out of the public eye. ZDNet, September 1, 2014
PCI SECURITY STANDARDS COUNCIL PUBLISHES GUIDANCE FOR MAINTAINING PCI: Today, the PCI Security Standards Council, an open global forum for the development of payment card security standards, published guidance on building PCI Data Security Standard (PCI DSS) practices into daily business processes. Developed by a PCI SSC Special Interest Group (SIG) including merchants, banks and security assessors, the Best Practices for Maintaining PCI DSS Compliance Information Supplement will help organizations ensure ongoing security for cardholder data. PCI Security Standards Council, August 28, 2014

HIPAA

Medical identity theft: How the health care industry is failing us: Unlike the financial services industry, health care companies lack measures to adequately prevent identity theft, even as they continue to digitize medical records and other sensitive information. Fortune, August 31, 2014

Cyber Awareness

Bank hack attack: What you should do: With the FBI investigating a cyberattack that hit at least five banks, including JPMorgan Chase, many consumers are wondering what they can do to protect themselves if their accounts have been compromised. USA Today, August 28, 2014

Cyber Underworld

Inside the strange and seedy world where hackers trade celebrity nudes: When nude photos of more than 100 prominent celebrities began appearing on the internet over Labor Day weekend, people assumed that the leak was intentional: there was a hacker, or hackers, who were posting these images for fun or profit, and they had used recently discovered security flaws in Apple’s iCloud system to break into accounts and make off with these pictures. The Verge, September 4, 2014
A Google Site Meant to Protect You Is Helping Hackers Attack You: Before companies like Microsoft and Apple release new software, the code is reviewed and tested to ensure it works as planned and to find any bugs. Wired, September 2, 2014

share on TwitterLike Weekend Vulnerability and Patch Report, September 7, 2014 on Facebook


Weekend Vulnerability and Patch Report, September 7, 2014


Important Security Updates

Dropbox: Dropbox has released version 2.10.29 for its file hosting program. Updates are available at Dropbox’s website. [See Citadel's warning below]
Google Chrome: Google has released Google Chrome version 37.0.2062.103 for Windows, Mac, and Linux to fix at least 10 highly critical vulnerabilities reported in previous versions. Updates are available from within the browser or from Google Chrome’s website.
Mozilla Firefox: Mozilla has released version 32 to fix at least 7 highly critical unpatched vulnerabilities reported in previous versions. Updates are available within the browser or from Mozilla’s website.
Opera: Opera has released version 24.0.1558.53 to fix multiple moderately critical unpatched vulnerabilities reported in previous versions. Updates are available from within the browser or from Opera’s website.
Skype: Skype has released Skype 6.20.0.104. Updates are available from the program or Skype’s website.

Current Software Versions

Adobe Flash  14.0.0.176 [Windows 7: IE]
Adobe Flash  14.0.0.179 [Windows 7: Firefox, Mozilla]
Adobe Flash  14.0.0.176 [Windows 8: IE]
Adobe Flash  14.0.0.176 [Macintosh OS X: Firefox, Opera, Safari]
Adobe Reader 11.0.08
Dropbox 2.10.29 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]
Firefox 32.0
Google Chrome 37.0.2062.103
Internet Explorer 11.0.9600.17126
Java SE 7 Update 67 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
QuickTime 7.7.5
Safari 5.1.7 
Safari 7.0.4 [Mac OS X]
Skype 6.20.0.104

Newly Announced Unpatched Vulnerabilities

None
For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports Cisco has released an update to fix an unpatched vulnerability in its IOS XR. Upgrade to version 5.1.3.4i.BASE or later. Secunia reports an unpatched vulnerability in Cisco’s Transport Gateway for Small Call Home reported in versions 3.6 and 4.0. Other versions may also be affected. No official solution is currently available.
McAfee Multiple Products: Secunia reports McAfee has released an update to fix multiple vulnerabilities reported in previous versions. Apply hotfixes HF988208 and HF983758 or update to version 5.1.2 when available (Scheduled to be released Q1 2015). Secunia reports McAffee has released an update to fix multiple vulnerabilities reported in previous versions. Apply hotfix HF983759 or update to version 4.6.9 when available (Scheduled to be released Q1 2015).
Novell Groupwise: Secunia reports Novell has released an update to Groupwise to fix a security bypass vulnerability reported in previous versions. Apply Support Pack 1 (SP1) or later.
WordPress: US-Cert reports WordPress has released an update to address multiple vulnerabilities. WordPress 3.7.3 or 3.8.3 users will be updated to 3.7.4 or 3.8.4. Users operating older, unsupported versions of WordPress are encouraged to upgrade to 3.9.2.
If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.
If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
Copyright © 2014 Citadel Information Group. All rights reserved.

SecurityRecruiter.com's Security Recruiter Blog