Articles by 'Nancy Rand'

By Nancy Rand, Posted in Security

July 27, Softpedia – (International) Two vulnerabilities affect LastPass, both allow full password compromise. Researchers with Google Project Zero and Detectify discovered a vulnerability affecting LastPass through its JavaScript code that parsed the Uniform Resource Locator (URL) of the page LastPass was working on, potentially allowing an attacker to gain a user’s credentials by tricking the user into accessing a URL in the form of “attacker-site.com/@twitter.com/@script.php.” The... read more.

• July 28, 2016

By Nancy Rand, Posted in Security

July 25, Help Net Security – (International) Critical holes in Micro Focus Filr found, plugged. Micro Focus released patches addressing a cross-site request forgery (CSRF) flaw, an Operating System (OS) Command Injection vulnerability, a persistent cross-site scripting (XSS) flaw, a path traversal, and an authentication bypass vulnerability in its Filr enterprise file management and collaborative file sharing solution after a SEC Consult researcher discovered the flaws during a quick security check. S... read more.

• July 28, 2016

By Nancy Rand, Posted in Security

July 22, Softpedia – (International) Decrypter available for ODCODC ransomware. Security researchers from BloodyDolly released a decrypter for the ODCODC ransomware that circumvents ODCODC’s RSA-2048 encryption to recover the victim’s files without paying the ransom. Source July 21, SecurityWeek – (International) Persistent XSS patched in WooCommerce WordPress plugin. WooCommerce released version 2.6.3 of its ecommerce plugin for WordPress addressing a persistent cross-site scriptin... read more.

• July 25, 2016

By Nancy Rand, Posted in Security

July 21, Help Net Security – (International) Vulnerabilities affecting SAP HANA and SAP Trex put 10,000 customers at risk. Onapsis released security advisories reporting on vulnerabilities in SAP High-Performance Analytic Appliance (HANA) and SAP Trex including a critical risk brute force attack affecting SAP HANA that could allow an attacker to gain unrestricted access to business information, and a critical risk remote command execution flaw affecting SAP Trex that could allow an unauthenticated att... read more.

• July 25, 2016

By Nancy Rand, Posted in Security

  July 20, SecurityWeek – (International) Oracle’s critical patch update for July contains record number of fixes. Oracle released its July Critical Patch Update (CPU) that addressed a total of 276 vulnerabilities in several of its products including 19 critical security flaws affecting the Oracle WebLogic Server component, the Hyperion Financial Reporting component, and the Oracle Health Sciences Clinical Development Center component, among other applications. The update also resolves 36... read more.

• July 21, 2016

By Nancy Rand, Posted in Security

July 19, SecurityWeek – (International) Apple patches tens of vulnerabilities in iOS, OS X. Apple Inc., released security updates for several of its products including OS X El Capitan version 10.11.6, which patched a total of 60 security bugs affecting components such as audio, FaceTime, and CFNetwork, among others after a Zscaler researcher discovered the flaws could allow unprivileged applications to access cookies stored in the Safari browser. Apple also released iOS version 9.3.3., resolving 43 vu... read more.

• July 20, 2016

By Nancy Rand, Posted in Security

July 18, Help Net Security – (International) Ubuntu Forums hacked again, 2 million users exposed. Canonical chief executive officer (CEO) reported that an attacker exploited a Structured Query Language (SQL) injection flaw in its Ubuntu Forums to access and download part of the Forums database, containing usernames, email addresses, and internet protocol addresses (IPs) for 2 million users. Canonical shut down the database, reset all users’ passwords, and installed a Web application firewall aft... read more.

• July 19, 2016

By Nancy Rand, Posted in Security

July 15, SecurityWeek – (International) New trojan helps attackers recruit insiders. Researchers at Gartner Research and Diskin Advanced Technologies found a new trojan dubbed “Delilah” that uses social engineering and extortion to recruit insiders by collecting personal information and capturing video from the targeted user’s webcam while instructing users to use virtual private networks (VPNs) and the Tor network in order to manipulate or blackmail the targeted individual. Source ... read more.

• July 18, 2016

By Nancy Rand, Posted in Security

July 14, IDG News Service – (International) Juniper patches high-risk flaws in Junos OS. Juniper Networks fixed several vulnerabilities in the Junos operating system (OS) used on its networking and security appliances, including an information leak in the J-Web interface, vulnerabilities that could lead to denial of service conditions, a potential kernel crash, a potential memory buffer (mbuf) leak, a crypto vulnerability, and an issue with SRX Series devices. Source July 14, Softpedia – (Inter... read more.

• July 15, 2016

By Nancy Rand, Posted in Security

July 13, SecurityWeek – (International) SAP patches critical Clickjacking vulnerabilities. SAP released 10 Security Patch Day Notes and 26 Support Package Notes addressing several vulnerabilities, including a critical Clickjacking flaw in multiple SAP frameworks and technologies, denial of service flaws, missing authorization checks, code injection, and a cross-site scripting (XSS) issue, among other vulnerabilities. Source July 13, Softpedia – (International) New Stampado ransomware advertised... read more.

• July 14, 2016