Articles by 'Nancy Rand'

By Nancy Rand, Posted in Security

December 3, Securityweek – (International) Ponmocup botnet still actively used for financial gain. Researchers from Fox-IT released a report stating that the malware Ponmocup botnet has infected more than 15 million devices since 2009 and that its infrastructure consists of different components used to deliver, install, execute, and control the malware to prevent researchers from reengineering it. The botnet infects a device via encryption and stores its components in different locations to evade detection,... read more.

• December 07, 2015

By Nancy Rand, Posted in Security

December 2, IDG News Service – (International) Cisco patches permission hijacking issue in WebEx Meetings app for Android. Cisco released patches for an authentication flaw found in its WebEx Meetings application, affecting all older versions of the application before version 8.5.1 that allowed attackers to trick users to download a rogue application to their Android devices, which enabled hackers to infiltrate its permissions settings and gain access to the device. Cisco advised customers to download newer... read more.

• December 04, 2015

By Nancy Rand, Posted in Security

December 2, Securityweek – (International) Google patches over dozen serious flaws in Chrome. Google reported December 1 that its newest version of Chrome 47 includes 41 security patches that address a dozen high severity issues discovered by independent researchers including out-of-bounds access vulnerabilities in V8, Skia, PDFium, use-after-free flaws in Extensions and Document Object Model (DOM), and a type confusion in PDFium, among other patched vulnerabilities. Source   ... read more.

• December 03, 2015

By Nancy Rand, Posted in Security

December 1, Securityweek – (International) Unpatched flaws allow hackers to compromise Belkin routers. A researcher discovered multiple vulnerabilities affecting Belkin’s N150 wireless home routers, including an HTML/script injection that affects the “language” parameter present and causes the device’s web interface to become inoperable; a session hijacking vulnerability that allows an attacker to easily obtain data through a brute force attack due to the fixed state of the session ID as a hexadecimal strin... read more.

• December 02, 2015

By Nancy Rand, Posted in Security

November 30, Securityweek – (International) Microsoft unveils protection against potentially unwanted applications. Microsoft released a new feature for its Systems Center Endpoint Protection (SCEP) and Forefront Endpoint Protection (FEP) systems that includes a new potentially unwanted application (PUA) protection program that automatically identifies unwanted software containing threat names, such as PUA:Win32/Creprote, that targets software bundling technologies, PUA applications, and PUA frameworks and... read more.

• December 01, 2015

By Nancy Rand, Posted in Security

November 19, Securityweek – (International) Microsoft blocks unauthorized code injection in Edge. Microsoft released several improvements to its Edge Software with the introduction of EdgeHTML 13 that adds a security feature to block dynamic-link library (DLL) injections into the browser process and only allow components signed by Microsoft and Windows Hardware Quality Labs (WHQL) signed-device drivers to load. Source November 19, Softpedia – (International) 15-year-old Brit charged with DDoS attacks, bo... read more.

• November 20, 2015

By Nancy Rand, Posted in Security

November 18, The Register – (International) Blackhole’s back: Hated exploit kit returns from the dead. Researchers from Malwarebytes discovered that the previously extinct Blackhole Exploit Kit has resurfaced after finding an active drive-by download campaign via compromised websites with the same Adobe Java platform and PDF exploits as the Blackhole Exploit Kit, which can still compromise vulnerable computers despite its old exploits. Source November 18, Securityweek – (International) Security flaws in... read more.

• November 19, 2015

By Nancy Rand, Posted in Security

November 17, Securityweek – (International) Poor backend security practices expose sensitive data. Researchers at the Technical University of Darmstadt in Germany discovered more than 18.6 million records of security risks associated with the use of Backend-as-a-Service (BaaS) offerings including extrapolation of an ID and an undisclosed key for authentication from a victims’ mobile application that allows attackers access to the backend with the same privileges as the application. Source November 17, Se... read more.

• November 18, 2015

By Nancy Rand, Posted in Security

November 16, Securityweek – (International) Thousands of sites infected with Linux encryption ransomware. Researchers from Dr. Web reported that approximately 2,000 websites were compromised by the Linux file-encrypting ransomware dubbed Linux.Encoder1, that targets the root and home files, web servers, backups, and source code via a downloaded file containing the public RSA key used to store AES keys that adds .encrypt extension to each file, allowing files to be nearly impossible to recover without paying... read more.

• November 17, 2015

By Nancy Rand, Posted in Security

November 13, Securityweek – (International) Flaw in “Spring Social” puts user accounts at risk. Researchers at SourceClear (SRC:CLR) discovered that a vulnerability in Pivotal Software’s Spring Social authentication feature can be exploited via a specially crafted Uniform Resource Locator (URL) that bypasses the cross-site request forgery (CSRF) protection to link an attacker’s account, on a similar service to GitHub or Facebook, with a victim’s account on a compromised website. Pivotal Software patched the... read more.

• November 16, 2015