From Microsoft patches to apps stealing records, here's security news IT leaders need to know - monetary put up

This week's highlights additionally encompass patches from Adobe, Riverbed, Juniper and more.

Microsoft Patch Tuesday fixes distinct flaws already beneath attack

This month, Microsoft has issued protection updates for multiple items, including windows (including fixes for the simply-released Creators update), Hyper-V, Microsoft office for each windows and Mac, WordPad, web Explorer, Microsoft part browser, .net Framework, Silverlight, visual Studio for Mac, and Adobe Flash for home windows 8.x and 10. One critical flaw in all supported versions of Microsoft note has already been used by means of attackers to unfold malware; it most effective requires opening the doc to spark off, and might't be stopped with the aid of disabling macros. A 2d, in information superhighway Explorer, lets an attacker inject counsel from one domain into an additional, and the third, which changed into not patched however has been mitigated, is in the Encapsulated PostScript (EPS) filter in Microsoft workplace. be aware that a few of the updates undergo this warning: "If the workstation uses an AMD Carrizo DDR4 processor, installation this replace will block downloading and setting up future windows updates. Microsoft is working on a decision and should provide an update in an upcoming free up."

Adobe concerns fifty nine patches for Flash, Reader, Photoshop, and greater

Adobe has launched safety updates to tackle vulnerabilities in Adobe crusade, Flash participant, Acrobat and Reader, Photoshop CC, and inventive Cloud. most of the bugs – forty four of them – are rated critical, and could enable a faraway attacker to take manage of an affected equipment.

Riverbed technology patches SteelCentral Portal

Threatpost reviews that Riverbed know-how has patched four severe vulnerabilities in its SteelCentral portal that might enable an attacker to access application facts, in addition to flow during the community to compromise different Riverbed agents. The considerations were found out in January by researchers at Digital protection, who posted details of the failings after the patches were released. purchasers can contact Riverbed help via its assist portal for greater suggestions.

Juniper patches distinctive products

The Register reports that Juniper has patched vulnerabilities in nine products, including Junos, EX sequence switches, BIND for SRX, vSRX and J-series contraptions, and the NorthStar controller. Juniper has issued ten protection advisories concerning the considerations, some of which can lead to denial of service after they trigger the equipment to crash.

The cyber web systems Consortium patches BIND

The cyber web techniques Consortium (ISC) has issued patches for 3 concerns in its open-source DNS server, BIND. Two are rated of medium severity, and one, which can be utilized in a denial of provider assault, is rated excessive. as soon as of the Medium severity flaws might permit an unprivileged consumer to concern instructions that may stop the server, and the other, which handiest affects servers with certain configurations, could enable an attacker to create a question that would terminate the program's execution.

App mixtures can steal information

Researchers at Virginia Tech have found out that pairs of Android apps will also be used to steal records. They analyzed greater than 100,000 of the most commonly downloaded Android apps, and located just about 23,500 pairs that may leak facts. Over half of the pairs additionally let probably the most pair access counsel it at all times changed into forbidden to see. The Atlantic posted a non-technical evaluation of the findings, noting that sometimes a malicious app takes expertise of a flaw in an extra app to execute its attack.

Payday loan enterprise Wonga suffers records breach

UK-based mostly payday mortgage firm Wonga has published an advisory warning purchasers that there was "unlawful and unauthorized access" to their own records, which may additionally include name, e-mail address, home address, cell quantity, the remaining 4 digits of bank card numbers and/or bank account numbers and sort code. It doesn't agree with passwords were stolen, but recommends customers exchange their passwords as well as taking different precautions. as much as 245,000 consumer within the UK had been affected, and an additional 25,000 in Poland.