Articles by 'Nancy Rand'

By Nancy Rand, Posted in Security

December 30, SecurityWeek – (International) Linode hit by DDoS attacks. The Cloud hosting company, Linode, reported that its website, Manager mobile application, Doman Name System (DNS) infrastructure, and data centers in Atlanta, Newark, and London were compromised after the company discovered hackers had conducted distributed denial-of-service (DDoS) attacks for several hours. Security researchers from the company were able to patch the vulnerabilities. Source December 29, SecurityWeek – (International... read more.

• January 04, 2016

By Nancy Rand, Posted in Security

December 16, Softpedia – (International) XRTN ransomware discovered, currently undecryptable. A researcher from Bleeping Computer’s released a report on the XRTN ransomware detailing how the malware infects a computer system by sending email attachments, such as malicious Word documents and batch files that are encoded with JavaScript commands, to a victim’s corporate or personal email, that if opened and downloaded, attackers can execute the JavaScript commands to run batch files that will encrypt personal... read more.

• December 18, 2015

By Nancy Rand, Posted in Security

December 16, Softpedia – (International) FireEye security devices provide attackers with backdoor into corporate networks. Two security researchers discovered several FireEye security products had two zero-day flaws, such as the RCE and privilege escalation bug that can execute malicious code disguised as the highly privileged Malware Input Processor (mip) user and gain administrative privileges on the infected device. FireEye released patches addressing the vulnerabilities. Source December 16, SecurityW... read more.

• December 17, 2015

By Nancy Rand, Posted in Security

December 15, Help Net Security – (International) 13 million MacKeeper users exposed in data breach. MacKeeper, the utility software for Apple Mac products, reported that its database containing passwords and the personal information of 13 million users were exposed in a data breach after a security researcher submitted a Shodan search and discovered four Internet Protocol (IP) addresses led to a MongoDB database belonging to Kromtech, the company that produces MacKeeper. MacKeeper patched the vulnerability... read more.

• December 16, 2015

By Nancy Rand, Posted in Security

December 14, SecurityWeek – (International) Twitter warns users of state sponsored hacking. Twitter reported December 14 that its customers’ user names, Internet Protocol (IP) addresses, phone numbers, and email addresses may have been compromised after a potential state sponsored attack occurred in its systems. Twitter officials advised users to use Tor Project, a software enabling anonymous communication, to protect affected users on social networks. Source December 12, Softpedia – (International) Malw... read more.

• December 15, 2015

By Nancy Rand, Posted in Security

December 11, SecurityWeek – (International) Stealthy backdoor compromised global organizations since 2013: FireEye. Researchers from FireEye reported that the malicious backdoor malware dubbed, LATENTBOT primarily targets the financial services and insurance sectors to steal passwords, record keystrokes, transfer files, and enable attached microphones or webcams by leveraging malicious emails with contaminated Word documents created with Microsoft Word Intruder (MWI) exploit kit (EK) that when opened, execu... read more.

• December 14, 2015

By Nancy Rand, Posted in Security

December 10, SecurityWeek – (International) Many Cisco products plagued by deserializations flaws. Cisco Systems reported that it is investigating which of its products are affected by the Java deserialization vulnerability that can be exploited for remote code execution (RCE) via the Apache Commons Collections library due to the failure of developers to ensure that untrusted serialized data is not accepted for deserialization. Cisco will release software updates addressing the flaw. Source December 10,... read more.

• December 11, 2015

By Nancy Rand, Posted in Security

December 9, SecurityWeek – (International) Apple issues security updates for OS X, iOS, Safari. Apple released security updates patching multiple vulnerabilities within its OS X, iOS, Safari, Xcode, watchOS, and tvOS systems including flaws affecting Apple’s mobile operating system, Siri, Webkit, and components such as the App Sandbox, Compression, CoreMedia Playback, EFI, and File Bookmark, among others. Source December 9, Softpedia – (International) DNS Root servers hit by DDoS attack. Researchers from... read more.

• December 10, 2015

By Nancy Rand, Posted in Security

December 7, Softpedia – (International) Malware steals iOS and BlackBerry backups via infected PCs. Palo Alto Networks released a report stating that many mobile backup tools lack secure encryption protocols, which can allow attackers to steal local mobile backup data and sensitive information from infected Apple Mac and Microsoft Windows computers, and discover and extract Apple iOS and Microsoft BlackBerry backup files via 6 trojan families that use the BackStab attack technique. Security researchers advi... read more.

• December 09, 2015

By Nancy Rand, Posted in Security

December 7, Softpedia – (International) Trifecta of security bugs affecting Dell, Lenovo, and Toshiba products. Security researchers from LizardHQ reported that three major security vulnerabilities were affecting current and older versions of computer products including Dell System Detect, Lenovo’s Solution Center, and Toshiba Service Station that allows attackers to abuse an application program interface (API) to bypass the Windows User Account Control limitations on Dell products, run malicious code and e... read more.

• December 08, 2015