[월:] 2017년 06월

No Image

Microsoft releases additional updates to protect against potential nation-state activity

2017-06-14 KENNETH 0

Microsoft releases additional updates to protect against potential nation-state activity On May 12, 2017, the WannaCrypt ransomware served as an all too real example of the danger of cyber attacks to individuals and businesses globally. In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations. To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows. Due to the elevated risk for destructive cyber attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt. For more technical information [ more… ]

No Image

June 2017 security update release

2017-06-14 KENNETH 0

June 2017 security update release Microsoft releases additional updates for older platforms to protect against potential nation-state activity Today, as part of our regular Update Tuesday schedule, we have taken action to provide additional critical security updates to address vulnerabilities that are at heighted risk of exploitation due to past nation-state activity and disclosures. Some of the releases today are new, and some are for older platforms under custom support agreements, that we are making publicly available today. Customers with automatic updates enabled are protected and there is no additional action required. For customers managing updates, or those on older platforms, we encourage them to apply these updates as soon as possible. Our security teams actively monitor for emerging threats to help us prioritize and take appropriate action. We are committed to ensuring our customers are protected against these potential [ more… ]

No Image

USN-3318-1: GnuTLS vulnerabilities

2017-06-14 KENNETH 0

USN-3318-1: GnuTLS vulnerabilities Ubuntu Security Notice USN-3318-1 13th June, 2017 gnutls26, gnutls28 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in GnuTLS. Software description gnutls26 – GNU TLS library gnutls28 – GNU TLS library Details Hubert Kario discovered that GnuTLS incorrectly handled decoding a statusresponse TLS extension. A remote attacker could possibly use this issue tocause GnuTLS to crash, resulting in a denial of service. This issue onlyapplied to Ubuntu 16.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. (CVE-2017-7507) It was discovered that GnuTLS incorrectly handled decoding certain OpenPGPcertificates. A remote attacker could use this issue to cause GnuTLS tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2017-7869) Update instructions The problem can be corrected by updating your [ more… ]

AWS GovCloud 두번째 리전 2018년 출시 예고

2017-06-14 KENNETH 0

AWS GovCloud 두번째 리전 2018년 출시 예고 AWS GovCloud(US)는 미국내 AWS 고객에게 클라우드에 민감한 데이터 및 규제 워크로드를 호스팅 할 수 있는 공간을 제공합니다. 2011년에 AWS GovCloud(US) 리전 시작되었으며 미국 서쪽에 위치하고 있습니다. AWS GovCloud (미국)는 미국 시민권자인 미국 시민권자 및 사업 등록 업체만 사용 가능하며, AWS 루트 계정 소유자는 접근 자격이 부여되기 전에 해당 사용자가 미국인인지 확인해야합니다. GovGloud는 미국 정부의 접근 요구 사항을 충족해야 하는 미국 정부 규제 산업 분야의 미국 정부 기관 및 업체 등에서 사용할 수 있습니다. 2018년에 AWS GovCloud(US-East) 리전을 개설하고, 고객에게 데이터 내구성 및 탄력성 및 고가용성, 재난 복구 옵션 등을 제공할 수 있도록 하게 되었습니다.  현재 AWS GovCloud (US-West)라고 부르는 기존 리전과 마찬가지로 새 리전 역시 격리하여, 국제 무기 거래 규제 (ITAR), NIST 표준,  연방 정부 위험 관리 및 인증 관리 프로그램 (FedRAMP), 국방성 방어 규정 2-4, DFARs, IRS1075 및 형사 사법 정보 서비스 [ more… ]

No Image

4025685 – Guidance related to June 2017 security update release – Version: 1.0

2017-06-14 KENNETH 0

4025685 – Guidance related to June 2017 security update release – Version: 1.0 Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of additional guidance for critical security updates, that are at heightened risk of exploitation due to past and threatened nation-state attacks and disclosures. Some of the releases are new, and some are for older platforms that we are making publicly available today. Source: 4025685 – Guidance related to June 2017 security update release – Version: 1.0