Abstract:




[Industry Trends]


1.
Gartner Report: Top 10 Endpoint security ProvidersClick to view the original article

Comment on:Gartner’s 2017 Terminal Security Magic Quadrant report ranks companies in the industry as “leaders,” “challengers,” “domain specific vendors,” or “visionaries.” The top 10 includes Trend Micro, Sophos, Kaspersky Lab, Symantec, McAfee, Microsoft, Cylance, SentinelOne,Carbon Black, and CrowdStrike.

[Industry Trends]


2, Uber
According to
Fifty-seven million user data were stolen in October 2016
Click to view the original article

Summary:Uber itself revealed that 57 million users’ data had been stolen in October 2016, and that management at the time paid the hacking group $100,000 for “data destruction” without informing the public. The current CEO said that Under his leadership, Uber will take a zero-tolerance approach to user data security.

Uber has been embroiled in a series of controversies over management turmoil and alleged gender discrimination. The disclosure of concealed information has once again dragged down its credibility.

Comment on:Uber is often reported to have $10 million, $20 million vulnerabilities in Hackerone, including code execution and internal chat breaches

Some bloggers revealed on the Internet that Uber was hacked not because of an advanced attack, but by accessing Uber’s server after extracting user passwords from codes submitted by Uber employees on Github. Uber paid $100,000 to settle the matter, but was later rediscovered by lawyers in an unrelated audit.

[Related security incidents]


Microsoft released 53 bug fixes on Patch Day Tuesday November

Summary: On November 14, 2017, Microsoft issued the Monthly Security Vulnerability Bulletin. This month’s vulnerability bulletin addressed 53 vulnerabilities, including 19 critical, 31 critical and three moderate vulnerabilities. These vulnerabilities affect: Microsoft Edge, Internet Explorer, Microsoft’s scripting engine and other products. Among them, browser products (CVE-2017-11848, CVE-2017-11827), ASP.NET (CVE-2017-8700) have information leakage risks, and Windows EOT Font engine information disclosure vulnerability (CVE-2017-11832) and Windows kernel information disclosure vulnerability (CVE-2017-11853) need to be paid close attention to.

Details of the announcement are as follows:

  • Internet Explorer


  • Microsoft Edge


  • Microsoft Windows


  • Microsoft Office and Microsoft Office Services and Web Apps


  • ASP.NET Core and .NET Core


  • Chakra Core

Comments: Enterprises can update patches timely according to business conditions to improve server security. First, you are advised to enable The Windows Update function and click “Check for Updates” to download and install security patches based on service conditions.

After the installation, restart the server to check the operating status of the system.

Note:You are advised to perform tests and back up data and take snapshots to prevent accidents.



I look forward to hearing your feedback



Financial, government and game security information will be selected through the cloud community column,

Ali Cloud security wechat and Weibo, meet with you every week.

If you are an Ali Cloud user,


You are also welcome to check this week’s industry news through email and Dingding public account.












Scan code to participate in global security information selection

Reader research and feedback



We will discuss each of your suggestions carefully

And invited excellent respondents to join the VIP reader group







Scan code to join THE LAB reader spike group