Wednesday, October 22, 2014

Resumes that Open Interveiw Doors are Clean, Clear and Logically Written




A recent LinkedIn “Influencer” post not only got my attention, it hit on a topic I address every day of my life.

The Influencer suggested that resumes might want to incorporate what he referred to as “design-thinking” ideas. 

These ideas included graphics and videos.  This is precisely and exactly the opposite advice I give my resume clients…the clients whose resumes open interview doors globally.

Applicant tracking systems (ATS) generally do not know what to do with fancy fonts and boxes found in many resume templates.  Most ATS tools turn fancy fonts and items their artificial intelligence does not understand into gibberish.  This is not how you want to be stored in a recruiter’s database or a company’s database for present or future reference.

Resumes that are clean, clear and logically written with the resume’s audience in mind are resumes that open interview doors.  Better yet, resumes that clearly demonstrate an individual’s accomplishments, contributions and business value are the resumes that capture attention.

When you write your resume, the end product is not for you. It is for someone in your audience.  You have to know your audience.

Present your resume in the language of the audience that will receive and review your resume in a matter of seconds and you’ll very likely find yourself opening interview doors.



Jeff Snyder, Twitter: @secuirtyrecruit, is the Founder and President of SecurityRecruiter.com, SecurityJobCoach.com, SecuirtyCaererCoach.com, SecurityLeadershipCoach.com and he is a well-traveled Public Speaker.

Tuesday, October 21, 2014

Monday, October 20, 2014

Cyber Security News, Education and Vulnerability Patch Report for the Week of October 20, 2014


CYBER SECURITY NEWS OF THE WEEK


FROM OUR FRIENDS AT CITADEL INFORMATION GROUP


Cyber Crime

Oregon Employment Department data breach: more than 851,000 people could be at risk: Hackers may have obtained the personal information of more than 851,300 people after tapping into an Oregon Employment Department database, agency officials announced Monday. OregonLive, October 13, 2014

Cyber Attack

Russian Hackers Used Bug in Microsoft Windows for Spying, Report Says: LONDON — Russian hackers used a bug in Microsoft Windows to spy on several Western governments, NATO and the Ukrainian government, according to a report released Tuesday by iSight Partners, a computer security firm in Dallas. The New York Times, October 14, 2014

Cyber Privacy

Apple defies FBI and offers encryption by default on new operating system: The latest version of Apple’s operating system for desktop and laptop computers, Mac OS X 10.10 “Yosemite”, encourages users to turn on the company’s FileVault disk encryption, as the company hardens its pro-security stance. The Guardian, October 17, 2014
App Behind The Snapchat Leak Admits It Was Hacked, Apologizes: A website that allowed Snapchat users to save images that were supposed to disappear said it was hacked and apologized for allowing thousands of private photos to be leaked online. HuffingtonPost, October 13, 2014

Cyber Warning

In Plain Sight: How Cyber Criminals Exfiltrate Data Via Video: Just like Fortune 500 companies, attackers are investing in sophisticated measures that let them fly beneath the radar of conventional security. DarkReading, October 17, 2014
New attack hides stealthy Android malware in images: A new technique that allows attackers to hide encrypted malicious Android applications inside images could be used to evade detection by antivirus products and possibly Google Play’s own malware scanner. PC World, October 17, 2014
Google reveals major flaw in outdated, but widely-used SSL protocol: Google’s Security Team revealed on Tuesday that the long obsolete, but still all too used, Secure Sockets Layer (SSL) 3.0 cryptographic protocol has a major security flaw. ZDNet, October 15, 2014
Hackers Have A Really Simple Way Of Getting Your Passwords To Sites Like Dropbox And Snapchat: Last night an anonymous hacker claimed to be in possession of 7 million passwords to Dropbox accounts. While that claim was probably false, it demonstrates the increasingly common way that hackers are using to gain access to your passwords. Business Insider, October 14, 2014
Who’s Watching Your WebEx?: KrebsOnSecurity spent a good part of the past week working with Cisco to alert more than four dozen companies — many of them household names — about regular corporate WebEx conference meetings that lack passwords and are thus open to anyone who wants to listen in. KrebsOnSecurity, October 13, 2014

Cyber Security Management

Cyber Risk Series: Board and C-Suite responsible for data breach preparedness: Stan Stahl, President of Citadel Information Group, welcomes Melissa Ventrone, chair of the Data Privacy & Security Practice at the law firm of Wilson Elser, and Worldwide Facilities VP Steve Vallone, to discuss the responsibility of the Board and senior management regarding company preparedness for cyber liability and data breaches. World Risk Insurance News, October 2014
Cybercrime Costs Have Doubled in Last Five Years, Ponemon Report Says: The average annual cost of cybercrime to companies has nearly doubled in the last five years, a new report from a cybersecurity research firm says. American Banker, October 16, 2014

Cyber Security Management – Cyber Defense

‘Silent’ Fix For Windows USB Bug?: Researchers say a newly patched Microsoft USB flaw in older versions of Windows had at some time previously been fixed in newer versions of the OS. DarkReading, October 16, 2014

Cyber Security Management – Cyber Update

Microsoft, Adobe Push Critical Security Fixes: Adobe, Microsoft and Oracle each released updates today to plug critical security holes in their products. Adobe released patches for its Flash Player and Adobe AIR software. A patch from Oracle fixes at least 25 flaws in Java. And Microsoft pushed patches to fix at least two-dozen vulnerabilities in a number of Windows components, including Office, Internet Explorer and .NET. One of the updates addresses a zero-day flaw that reportedly is already being exploited in active cyber espionage attacks. KrebsOnSecurity, October 14, 2014

Financial Cyber Security

Obama signs order to tighten security for federal credit cards: (Reuters) – U.S. President Barack Obama signed an executive order on Friday to beef up security measures for federal credit cards, and urged banks and retailers to follow suit in an effort to combat the growing threat of identity fraud. Reuters, October 17, 2014
N.Y.’s Lawsky Considering Strict Cybersecurity Regime for Banks: Banks chartered in New York could soon be required to appoint chief information security officers and submit to quarterly tests of their systems’ vulnerabilities under a cybersecurity regime being considered by state regulator Benjamin Lawsky. American Banker, October 17, 2014
Can Apple Pay Do to Your Wallet What iTunes Did for Music?: With added security, better design, and improved convenience, Apple Pay hopes to finally make mobile payments commonplace at the register. MIT Technology Review, October 15, 2014
Millions vulnerable to scams as banks launch Know Fraud, No Fraud campaign: Poll finds millions leave themselves open to scams as banks launch campaign The BBA is launching a fraud awareness campaign as YouGov polling reveals that millions of people in Great Britain are unwittingly leaving themselves vulnerable to scams perpetrated by fraudsters posing as their bank. Banking Business Review, October 14, 2014

National Cyber Security

9/11 Commission Urges Senate to Pass Cybersecurity Bill: The 9/11 Commission is calling on Sen. Majority Leader Harry Reed (D-Nev.) to get cybersecurity legislation passed before the end of this Congress. MultiChannel News, October 17, 2014
Steptoe Cyberlaw Podcast, Episode #38: An Interview with Shaun Waterman: Our guest for the podcast is Shaun Waterman, editor of POLITICO Pro Cybersecurity. Shaun is an award-winning journalist who has worked for the BBC and United Press International; and an expert on counterterrorism and cybersecurity. LawFare, October 16, 2014
FBI Director Urges New Encryption Legislation: Encryption algorithms do not acknowledge “lawful access.” DarkReading, October 16, 2014

Cyber Insurance

5 Reasons You Should Have Cyber Liability Insurance: It’s not just for big companies. Cyber insurance can make the difference between staying in business or shutting your doors after an attack. Inc.com, March 18, 2013

Cyber Sunshine

Seleznev Arrest Explains ‘2Pac’ Downtime: The U.S. Justice Department has piled on more charges against alleged cybercrime kingpin Roman Seleznev, a Russian national who made headlines in July when it emerged that he’d been whisked away to Guam by U.S. federal agents while vacationing in the Maldives. The additional charges against Seleznev may help explain the extended downtime at an extremely popular credit card fraud shop in the cybercrime underground. KrebsOnSecurity, October 15, 2014


Weekend Vulnerability and Patch Report, October 20, 2014


Important Security Updates

Adobe Flash Player: Adobe has released version 15.0.0.189 to fix at least 3 highly critical vulnerabilities reported in previous versions. Updates are available from Adobe’s website. Updates are also available for AIR.
Apple iTunes: Apple has released version 12.0.1 of iTunes for Windows (64-bit) to fix at least 82 unpatched vulnerabilities, some of which are highly critical. Updates are available from Apple’s website.
Apple OS X: Apple has released updates for OS X to fix 32 vulnerabilities, some of which are highly critical. Update to version 10.10. Updates are available from Apple’s website.
D-Link Multiple Products: D-Link has released updates for its DSR-500, DSR-500N, DSR-1000, and DSR-1000N wireless routers to a security issues reported in previous firmware versions. Update to firmware version 1.09.b61. Updates are available from D-Link’s website.
Google Chrome: Google has released Google Chrome version 38.0.2125.104 for Windows, Mac, and Linux to fix at least 13 unpatched vulnerabilities, some of which are highly critical, reported in previous versions and versions bundled with Flash Player. Updates are available from within the browser or from Google Chrome’s website.
Malwarebytes Anti-Exploit: Malwarebytes has released version 2.0.3 of its free Malwarebytes Anti-Exploit. Updates are available from Malwarebytes’ website.
Microsoft Internet Explorer: Microsoft has released updates for all versions of Internet Explorer to fix at least 14 highly critical vulnerabilities. Updates are available through the program or from Microsoft’s website.
Microsoft Patch Tuesday: Microsoft’s Patch Tuesday released 9 updates to address at least 24 vulnerabilities, some of which are highly critical within Windows, Internet Explorer, Office, Word, .NET and other Microsoft products.
Mozilla Firefox: Mozilla has released version 33.0 for Firefox to fix at least 9 highly critical unpatched vulnerabilities in previous versions. Updates are available within the browser or from Mozilla’s website. Updates are also available for Thunderbird and SeaMonkey.
Opera: Opera has released version 25 to fix moderately critical unpatched vulnerabilities. Updates are available from within the browser or from Opera’s website.
Oracle Java: Oracle has released versions Java SE 7 Update 72 and Java SE 8 Update 25 to fix at least 25 vulnerabilities, some of which are highly critical. The update is available through Windows Control Panel or Java’s website. [See Citadel's recommendation below]
TechSmith Corporation SnagIt: TechSmith has released version 12.2.1.1968 for SnagIt. Updates are available from TechSmith’s website.

Current Software Versions

Adobe Flash  15.0.0.189 [Windows 7: IE]
Adobe Flash  15.0.0.189 [Windows 7: Firefox, Mozilla]
Adobe Flash  15.0.0.189 [Windows 8: IE]
Adobe Flash  15.0.0.189 [Macintosh OS X: Firefox, Opera, Safari]
Adobe Reader 11.0.09
Dropbox 2.10.39 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]
Firefox 33.0
Google Chrome 38.0.2125.104
Internet Explorer 11.0.9600.17280
Java SE 8 Update 25 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
QuickTime 7.7.5
Safari 5.1.7 
Safari 7.1 [Mac OS X]
Skype 6.21.0.104

Newly Announced Unpatched Vulnerabilities

None
For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Apple OS X Server: Secunia reports Apple has released version 4.0 of OS X Server to fix at least 7 unpatched moderately critical vulnerabilities, a weakness and a security issue. Apply update.
BlackBerry OS: Secunia reports Blackberry has released an update to fix a security issue. Apply update.
Cisco Multiple Products: Secunia reports Cisco has released updates for Intrusion Prevention System (IPS), Adaptive Security Security Appliance, (ASA), 5500 Series, 5500-X Series, IOS XE, and others. Apply available updates.
Citrix XenServer: Secunia reports Citrix has released updates for its XenServer to address at least 6 moderately critical vulnerabilities in versions 6.2 Service Pack 1 and prior. Apply hotfix.
If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.
If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
Copyright © 2014 Citadel Information Group. All rights reserved.


Friday, October 17, 2014

Momentum, This Is A Habit I Could Get Used To



I’ve never written blogs at the end of the day on a Friday but last week ended with great momentum and this week is ending with even stronger momentum.

Highlight

The highlight of my week was an opportunity to speak at the Colorado Springs ISSA Cyber Security meeting where I suspect there were over 100 people in attendance.  I just received a call from a local information security leader who was not at the conference but my business card and a recommendation made it to him.

These emails have come to me over the past 48 hours.  I’m so thankful to the people who wrote these kind messages from the Colorado Springs ISSA.

"It was my pleasure meeting you at yesterday's ISSA conference. I really enjoyed your presentation. It was a nice break from the standard technical briefings ISSA puts together for these types of events.  I told Glenn York he should have you speak at more of the ISSA's forums. As a transitioning USAF veteran, the tips you mentioned during the briefing really touched me….You're briefing sent me on a soul search to figure out what path I should take for this new second career I'm beginning to pursue…. I just wanted to thank you for coming over and sharing your wisdom and humor with us…"
"Wanted to send a personal thank you for speaking at the conference. Your presentation was very well received.  Hope to see you at ISSA-COS meetings and future conferences."
"I’m a member of ISSA and attended your presentation yesterday. I didn't get a chance to thank you in person so email will have to do. I’ve seen a lot of ISSA talks and yours might be the best one I’ve seen. As you pointed out ISSA members are a diverse group both in age and skill and my impression is that you spent considerable thought on how to include everyone. I thought you nailed it."

Morning

This morning, I was fortunate to discuss career advancement strategy with a very bright up-and-coming information security leader who wants to align his personal marketing package and his personal career strategy for future success.  This call got my day started off with tremendous momentum.

My next call came from a former resume writing client who wants help to align his resume with his LinkedIn presence.  This same client is very happy with his current role but he has an eye open toward the future.  We discussed what our career coaching and emotional intelligence coaching could do to help him prepare for the next level in his career.  For this client, the next level will be a significant CISO role.  My day picked up more momentum.

Afternoon

This afternoon I was privileged to coach two absolutely outstanding CISOs towards higher levels of career success. Both CISOs are already successful but both are interested in maximizing their performance.  Helping these guys to maximize their performance feeds my top 5 Maximizer strength.  I love doing this work!

Working with two more people in a row who are both coach-able and teachable made my day end with significant momentum to roll into Monday morning.

The Weekend


Now for some family time and one-on-one time with my mountain bike this weekend before the trails are soon covered with snow and we’ll have to break out the snowshoes!

Jeff Snyder's, Security Career Coach, Security Recruiter Blog, 719.686.8810

Wednesday, October 15, 2014

Try Something New…Stretch Yourself!



September 2011

Three years ago, a CISO client I deeply appreciate in Los Angeles called and asked if I would consider coming to LA to speak to his Information System Security Association (ISSA) group.  It was the first time I’d ever spoken in front of a group larger than 10 or so people in my entire life.

When Dan called and put this question on the table, I thought about it quickly and accepted the invitation. I immediately called my wife and told her I was going to Los Angeles to speak.  She asked me what I was going to say.  I told her I didn't know. I just knew that I’d accepted an invitation to speak to an audience of security professionals.

Leaving The Comfort Zone

From stepping out of my comfort zone and stretching myself to do something entirely new, I’ve gained new relationships with some of the smartest cyber security professionals on the planet.  I was invited back to ISSA-LA to speak to their CISO Forum last year.  Some of the relationships that started in 2011 deepened on my second visit and through subsequent interaction with outstanding CISOs.

Since stepping out that first time, I’ve been very fortunate to meet even more dynamic and rocket science smart security professionals in Dallas, Denver and Las Vegas.  Today, I got to meet a new group of smart people when I was privileged to speak to the Colorado Springs ISSA. 

I had a blast sharing information to help the Colorado Springs ISSA members to Maximize their Careers.  The conference is still in full gear through the end of the day. I had to get back to my office for scheduled calls.  

Reward

I’ve been invited back to speak again by the ISSA leadership in Colorado Springs. A professor from the University of Colorado Colorado Springs (UCCS) asked me if I would be willing to speak to his Master’s level Cyber Security class.  Many people were kind enough to tell me that I caused their thinking to stretch today.

It was a great day in my book.  Can I get better as s speaker?  You bet I can and I’m already working on making adjustments to the delivery I shared today so I’ll be more effective when I speak in a couple of weeks in Austin and San Antonio.

Yes, I’m a little bit wound up today because I got to do something I love to do that I’ve only recently discovered that I love to do. 

How About You?

My question for you today is this.  What could you do to stretch and step outside your comfort zone that would be beneficial to your career and your own self-confidence?


Jeff Snyder’s, Security Career Coach, Security Recruiter Blog, 719.686.8810

Tuesday, October 14, 2014

ISSA Colorado Springs, Cyber Security Conference 11.15.14, Jeff Snyder Public Speaker




Colorado Springs ISSA
Cyber Security Conference
Wednesday October 15, 2014
8 AM 
University of Colorado, Colorado Springs


If you're in or around Colorado Springs, consider attending the ISSA Cyber Security Conference.  I'll be speaking on "Maximizing Your Career" in Cyber Security at 10:40 AM. 

By clicking on the ISSA logo above, you'll be taken to the registration page on the Colorado Springs ISSA website.

Parking: 

4 Diamonds
5025 N Nevada Ave
Colorado Springs, CO 80918
Parking services recommended that attendees park at 4 Diamonds and catch the campus shuttle up to the University Center.  Parking at 4 Diamonds is free and they have shuttles running to campus every 10 minutes. 

Monday, October 13, 2014

Cyber Security News, Education and Vulnerability Patch Report for the Week of October 13, 2014





Cyber Security News of the Week

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP


Cyber Crime

Malware Based Credit Card Breach at Kmart: Sears Holding Co. late Friday said it recently discovered that point-of-sale registers at its Kmart stores were compromised by malicious software that stole customer credit and debit card information. The company says it has removed the malware from store registers and contained the breach, but that the investigation is ongoing. KrebsOnSecurity, October 10, 2014
Dairy Queen Latest to Suffer Customer Card Hack: Ice cream and fast food chain Dairy Queen is the latest retailer to reveal a hack of its customer data. ABC News, October 9, 2014
Hackers’ Attack Cracked 10 Financial Firms in Major Assault: The huge cyberattack on JPMorgan Chase that touched more than 83 million households and businesses was one of the most serious computer intrusions into an American corporation. But it could have been much worse. The New York Times, October 3, 2014

Cyber Privacy

1,000 a day ask Google to scrub web: Google is being swamped with requests from Europeans trying to erase unflattering links to their past from the world’s dominant internet search engine. Independent.ie, October 10, 2014
Thousands of Snapchat images may have been hacked via a third-party image-saving service: The database of a Snapchat image-saving service — not associated with Snapchat itself — has allegedly been hacked, and the hackers have claimed on 4chan that they will make hundreds of thousands of Snapchat users’ private images and videos available in a searchable database. GigaOm, October 10, 2014
We Want Privacy, but Can’t Stop Sharing: IMAGINE a world suddenly devoid of doors. None in your home, on dressing rooms, on the entrance to the local pub or even on restroom stalls at concert halls. The controlling authorities say if you aren’t doing anything wrong, then you shouldn’t mind. The New York Times, October 4, 2014

Financial Cyber Securty

Cash machine hackers have made ‘millions’ with Tyupkin malware: Criminals have made millions of dollars by physically installing malware on cash machines across the world, Interpol and security company Kaspersky have warned. The Guardian, October 8, 2014
Obama Had Security Fears on JPMorgan Data Breach: President Obama and his top national security advisers began receiving periodic briefings on the huge cyberattack at JPMorgan Chase and other financial institutions this summer, part of a new effort to keep security officials as updated on major cyberattacks as they are on Russian incursions into Ukraine or attacks by the Islamic State. The New York Times, October 8, 2014

Identity Theft

AT&T Customers Information Security Breach: Offers Apology and One Year’s worth of Free Credit Monitoring Services to Customers: AT&T the telecommunications company is in the news for security breach of its customers. An employee working in the company was the cause for this illegal act putting the company in a tight spot. However, AT&T has come forward with an apology to its customers and is also offering one year’s free credit monitoring services to those who may have been victims of this illegal act. An insider had illegally accessed personal information of its subscribers which include account information along with their social security numbers and driver’s license information. An unspecified number of AT&T accounts were believed to have been affected by this offence. This incident occurred in the month of August 2014. International Business Times, October 8, 2014
Huge Data Leak at Largest U.S. Bond Insurer: On Monday, KrebsOnSecurity notified MBIA Inc. — the nation’s largest bond insurer — that a misconfiguration in a company Web server had exposed countless customer account numbers, balances and other sensitive data. Much of the information had been indexed by search engines, including a page listing administrative credentials that attackers could use to access data that wasn’t already accessible via a simple Web search. KrebsOnSecurity, October 7, 2014
Ways to Protect Yourself After the JPMorgan Hacking: The numbers are shocking: Personal information from 76 million households may have been compromised as part of the cyberattack on JPMorgan Chase. That is the equivalent of two out of every three households in the United States, though a small portion of those affected may be overseas. The New York Times, October 3, 2014

Cyber Warning

‘iWorm’ malware controls Macs via Reddit, more than 17K affected: Security researchers recently discovered that more than 17,000 Macs around the world have been infected by a new OS X malware threat called “iWorm,” which at one point used Reddit.com as a go-between to cull user data, perform various system actions and execute Lua scripts. AppleInsider, October 3, 2014

National Cyber Security

What The United States Can Learn From Israel About Cybersecurity: Two weeks ago, Israeli Prime Minister Benjamin Netanyahu announced the creation of a new cyber defense authority to defend Israel’s civilian networks. This is the latest in a series of steps taken by Israel’s government to bridge the public-private cyber divide and bolster the country’s position as a global leader in cybersecurity. Forbes, October 7, 2014

Cyber Underworld

Only 100 cybercrime brains worldwide says Europol boss: There are only “around 100″ cybercriminal kingpins behind global cybercrime, according to the head of Europol’s Cybercrime Centre. BBC, October 10, 2014

Cyber Misc

Signed Malware = Expensive “Oops” for HP: Computer and software industry maker HP is in the process of notifying customers about a seemingly harmless security incident in 2010 that nevertheless could prove expensive for the company to fix and present unique support problems for users of its older products. KrebsOnSecurity, October 9, 2014
Cyber crime: First online murder will happen by end of year, warns US firm: Governments are ill-prepared to combat the looming threat of “online murder” as cyber criminals exploit internet technology to target victims, the European policing agency warned. In its most alarming assessment of the physical danger posed by online crime, Europol said it expected a rise in “injury and possible deaths” caused by computer attacks on critical safety equipment. The Independent, October 5, 2014



Weekend Vulnerability and Patch Report, October 12, 2014


Important Security Updates

Dropbox: Dropbox has released version 2.10.39 for its file hosting program. Updates are available at Dropbox’s website. [See Citadel's warning below]
Google Chrome: Google has released Google Chrome version 38.0.2125.101 for Windows, Mac, and Linux to fix at least 13 unpatched vulnerabilities, some of which are highly critical, reported in previous versions. Updates are available from within the browser or from Google Chrome’s website.
Google Chrome for Android: Google has released version 38.0.2125.102 of Google Chrome for Android to fix a vulnerability reported in previous versions. Updates are available through the device.
Google Chrome for iOS Facetime: Google has released version 38.0.2125.59 of Google Chrome for iOS Facetime to fix a moderately critical vulnerability reported in previous versions. Updates are available through the device.
KeePass: KeePass has released version 1.28 of its open source password manager. Updates are available from the KeePass website.
Skype: Skype has released Skype 6.21.0.104. Updates are available from the program or Skype’s website.

Current Software Versions

Adobe Flash  15.0.0.167 [Windows 7: IE]
Adobe Flash  15.0.0.152 [Windows 7: Firefox, Mozilla]
Adobe Flash  15.0.0.167 [Windows 8: IE]
Adobe Flash  15.0.0.152 [Macintosh OS X: Firefox, Opera, Safari]
Adobe Reader 11.0.09
Dropbox 2.10.39 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]
Firefox 32.0.3
Google Chrome 38.0.2125.101
Internet Explorer 11.0.9600.17280
Java SE 7 Update 67 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
QuickTime 7.7.5
Safari 5.1.7 
Safari 7.1 [Mac OS X]
Skype 6.21.0.104

Newly Announced Unpatched Vulnerabilities

None
For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports Cisco has released updates for WebEx, Adaptive Security Appliance (ASA), IOS XR , and others. Apply available updates.
McAfee Email and Web Security Appliance: Secunia reports at least 6 moderately critical unpatched vulnerabilities in McAfee’s Email and Web Security Appliance reported in version 5.6 patch 5. Other versions may also be affected. No official solution is currently available.
McAfee Multiple Products: Secunia reports McAfee has released updates for Email Gateway, Next Generation Firewall (NGFW), Web Gateway, Firewall Enterprise Control Center to fix at least 6 highly critical vulnerabilities reported in previous versions. Update to a fixed version or apply hotfix.
McAfee SSL VPN: Secunia reports at least 6 highly critical vulnerabilities in McAfee’s SSL VPN (formerly Stonesoft SSL VPN reported in version 1.5.204. Other versions may also be affected. No official solution is currently available.
VMware vSphere: Secunia reports VMware has released an update to vSphere to fix at least 6 moderately critical unpatched vulnerabilities reported in previous versions. Upgrade to version 2.0 and apply patch.
If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.
If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
Copyright © 2014 Citadel Information Group. All rights reserved.


SecurityRecruiter.com's Security Recruiter Blog