Articles by 'Nancy Rand'

By Nancy Rand, Posted in

June 26, Softpedia – (International) Uber bugs allowed hackers to gather details on rides, drivers, passengers. Security researchers from Integrity discovered 14 issues in Uber Technologies Inc.’s system that could be exploited to extract user details via the mobile app’s Help Section, obtain a driver’s and user’s universally unique identifier (UUID) and request private information such as names, pictures, location, car types, status, among other data, and use over 1,000 active... read more.

• June 28, 2016

By Nancy Rand, Posted in Security

June 24, SecurityWeek – (International) Malware can steal data from air-gapped devices via fans. Security researchers from Ben-Gurion University of the Negev discovered a new acoustic data exfiltration method dubbed Fansmitter was leveraging the noise emitted by a computer’s fans to transmit data without relying on speakers by sending bits of data to a nearby mobile phone or a computer equipped with a microphone. Attackers can control the fan to rotate at a specific speed to transmit a “0&... read more.

• June 28, 2016

By Nancy Rand, Posted in Security

June 23, Softpedia; Austin Daily Dot – (International) Hackers breach US company and unwittingly expose 154 million voter records. Security researchers from MacKeeper discovered that a CouchDB database containing details on over 154 million U.S voters was compromised after a hacker took down L2’s, a company that builds, manages, and sells access to U.S. voter records, firewall. The database contained 1-year-old information and was taken down, and authorities were unsure of the identity of the ha... read more.

• June 24, 2016

By Nancy Rand, Posted in Uncategorized

May 31, SecurityWeek – (International) 65 million users affected by Tumblr breach. Tumblr officials reported that as a precaution, they have reset all their customers’ passwords after an Australian security researcher found that a hacker under the online name, “peace_of_mind” posted the information of 50 million Tumblr accounts on a darknet Web site called, “The Real Deal” for a small sum of money. The same hacker was also seen selling millions of records of LinkedIn, Fling.com, and Myspace users. Source ... read more.

• June 01, 2016

By Nancy Rand, Posted in Security

May 26, SecurityWeek – (International) Angler EK malvertising campaign abuses recent Flash zero-day. Security researchers from Malwarebytes reported that a previously patched zero-day flaw in Adobe Flash Player was being exploited in a new malvertising campaign targeting ad networks through a conditional malicious code which redirects users to the Angler exploit kit (EK) after executing fingerprinting checks. Attackers exploit the vulnerability via specially crafted Microsoft Office documents. Source May... read more.

• May 31, 2016

By Nancy Rand, Posted in Security

May 26, SecurityWeek – (International) “Wekby” group uses DNS requests for C&C communications. Security researchers from Palo Alto Networks discovered that an advanced persistent threat (APT) group named Wekby, APT 18, Dynamite Panda, and TG-0416, was using the “pisloader” malware to infiltrate a system via Domain Name System (DNS) requests for command & control (C&C) communications, which allows the malware to bypass security products. The “pisloader” malware was believed to be a variant of the... read more.

• May 27, 2016

By Nancy Rand, Posted in Security

May 25, Softpedia – (International) Fiverr removes DDoS-for-Hire services from its marketplace. Fiverr banned and removed a series of ads reportedly providing distributed denial-of-service (DDoS)-related offerings on its marketplace Web site after security researchers from Incapsula found several DDoS services. Source May 25, Softpedia – (International) Hackers take over thousands of Twitter accounts and tweet out adult content. Symantec discovered that over 2,500 Twitter accounts were compromised after... read more.

• May 26, 2016

By Nancy Rand, Posted in Security

May 23, SecurityWeek – (International) Exploit for recently patched flash flaw added to Magnitude EK. A French security researcher discovered that attackers were integrating the Magnitude exploit flaw against previously patched Flash Player 21.0.0.213 installations to potentially deliver various pieces of malware, including Locky and Cerber ransomware. The exploit was not fully implemented in Magnitude and researchers advised users to be cautious of the exploit. Source May 21, Softpedia – (International)... read more.

• May 25, 2016

By Nancy Rand, Posted in Uncategorized

May 20, The Register – (International) 60 percent of Androids exposed by new attack on mediaserver. A security researcher from Duo reported that about 60 percent of enterprise Android phones running Lollipop version 5 operating system (OS), KitKat version 4.4, and Marshmallow version 6 OS were susceptible to a Qualcomm Secure Execution Environment (QSEE) vulnerability after researchers discovered the flaw in the mediaserver component that could allow an attacker to gain complete control over the device by t... read more.

• May 23, 2016

By Nancy Rand, Posted in Security

May 19, Softpedia – (International) A quarter of all hacked WordPress sites can be attributed to three plugins. Sucuri conducted an investigation on over 11,485 compromised Web sites and released its “Website Hacked Report” which revealed that during the first 3 months of 2016, 78 percent of hacked Web sites were using the WordPress Content Management System (CMS) platform and found that attackers were primarily using outdated plugins to hack WordPress sites. Outdated plugins included RevSlider, GravityForm... read more.

• May 20, 2016