Skip to main content
Tag

internet of things security

|||||||

Third-Party Patch Update: August 2018

By News, Patch ManagementNo Comments
[vc_single_image image=”24905″ img_size=”full”]

Chrome Vulnerability Endangers Your Private Data

A vulnerability has been found within Chrome that would allow actors to access information stored by other web platforms, such as major data hoarders Facebook and Google.

CVE-2018-6177 was uncovered by Ron Masas, a security researcher from Imperva, and reported to Google. “With several scripts running at once — each testing a different and unique restriction — the bad actor can relatively quickly mine a good amount of private data about the user,” Masas said.

With their latest release, v68.0.3440.106, Google says the issue has been fixed. At the time of writing this article, there are no known active exploits of this vulnerability.

We recommend you update to the latest version of Chrome immediately.

Use Syxsense to inventory your environment and rapidly deploy any needed updates. On the home screen, you can quickly see which devices require critical updates.

By clicking on the graph, you’ll jump right into a patch deployment process, prepopulated to deploy critical updates to all devices that need them. You can easily modify this task to be more specific or start the task as-is to deploy the critical patches.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_separator]

Third-Party Patch Updates

Below is a table of third-party updates:

[vc_single_image image=”24900″ img_size=”large”]
Vendor Category Patch Version and Release Notes: CVSS SCORE
Adobe Media Software  

Acrobat DC: v18.011.20058 – https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/continuous/dccontinuousaug2018.html#dccontinuousaugusttwentyeighteen

 

Acrobat DC: v17.011.30099 – https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/classic/dcclassic17.011aug2018.html#dc17-011augusttwentyeighteen

 

Acrobat DC: v15.006.30448 – https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/classic/dcclassic15.006aug2018.html#dc15-006augusttwentyeighteen

 

Flash Player Plugin and ActiveX: v30.0.0.154 – https://helpx.adobe.com/flash-player/release-note/fp_30_air_30_release_notes.html#fixed_issues

 

N/A
Apple Media Software  

iTunes: v12.8.0.150 – https://support.apple.com/kb/dl1814?locale=en_US

 

 

N/A

Don Ho  

Notepad++: v7.5.8 – https://notepad-plus-plus.org/news/notepad-7.5.8-released.html

 

Evernote  

Evernote: v6.14.5.7671 – https://evernote.com/security/updates

 

FileZilla FTP Solution  

FileZilla: v3.35.2 – https://filezilla-project.org/versions.php

 

N/A
GNOME Foundation Image Processing and Editing  

GIMP: v2.10.6 – https://www.gimp.org/release-notes/gimp-2.10.html

 

Google Browser  

Chrome: v68.0.3440.106 – https://chromereleases.googleblog.com/2018/08/stable-channel-update-for-desktop.html

 

N/A
KeePass Password Manager  

KeePass: v2.39.1 – https://keepass.info/news/n180506_2.39.html

 

Mozilla Browser and Email Application  

Firefox: v61.0.2 – https://www.mozilla.org/en-US/firefox/61.0.2/releasenotes/

 

Thunderbird: v60.0 – https://www.thunderbird.net/en-US/thunderbird/60.0/releasenotes/

 

|||

Third-Party Patch Update: June 2018

By NewsNo Comments
[vc_single_image image=”24615″ img_size=”full”]

Third Party Software Updates: June 2018

Roku TV & Sonos IoT devices, which are widely used in businesses that handle sensitive consumer data, such as credit card number and health records, are vulnerable to DNS hacking. These two IoT devices are frequently installed within fast casual dining, medical and dentist businesses.

These devices can be exploited thanks to two common IoT issues; IoT devices do not require authentication for connections received on a local network and because HTTP is more prevalent to control embedded devices.

These vulnerabilities could enable anyone to “virtually map” your network, which has much wider consequences such as DoS (Denial of Service) to your most critical infrastructure, disrupting your end user experience or potentially planning much more sophisticated cyber warfare.

Just imagine what could happen if a hacker could learn the OS host name & IP information for all your servers.

Both Roku and Sonos are actively working to resolve these issues, but updates will be necessary to secure your devices.

Start a trial with Syxsense and see if these devices are in your network.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_separator]

Third-Party Patch Updates

Below is a table of third-party updates from June 2018: 

Vendor Category Patch Version and Release Notes: CVSS SCORE
Adobe Media Software  

AIR: v30.0.0.107 – https://helpx.adobe.com/flash-player/release-note/fp_30_air_30_release_notes.html

 

Flash Player: v30.0.0.113 – https://helpx.adobe.com/security/products/flash-player/apsb18-19.html

 

N/A
Citrix  

Citrix Receiver: v4.12 – https://docs.citrix.com/en-us/receiver/windows/current-release.html

 

Evernote  

Evernote: v6.13.13.7425 –

 

FileZilla FTP Solution  

FileZilla: v3.34 – https://filezilla-project.org/versions.php

 

N/A
Google Browser  

Chrome: v67.0.3396.99 – https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-chrome-os_26.html

 

N/A
 

Malwarebytes

Antivirus  

Malwarebytes: v3.5.1.2522 – https://www.malwarebytes.com/support/releasehistory/

 

Mozilla Browser and Email Application  

Firefox: v60.0.2 – https://www.mozilla.org/en-US/firefox/60.0.2/releasenotes/

 

Peter Pawlowski Audio Player  

Foobar2000: v1.4 – https://www.foobar2000.org/changelog

 

Uvnc bvba Remote Access Tool  

UltraVNC: v1.2.2.1

 

WinSCP SFTP, SCP, and FTP client  

WinSCP: v5.13.3 – https://winscp.net/eng/docs/history