Articles by 'Nancy Rand'

By Nancy Rand, Posted in Security

July 27, Threatpost – (International) Android Stagefright flaws put 950 million devices at risk. Security researchers at Zimperium zLabs reported that about 950 million Android devices are vulnerable to flaws in the operating system’s (OS) Stagefright media engine, in which excessive permissions could allow an attacker to send a Multimedia Messaging Service (MMS) or Google Hangouts message to trigger the vulnerability, granting system access on the affected device. Source July 27, Securityweek – (Interna... read more.

• July 29, 2015

By Nancy Rand, Posted in Security

July 24, Securityweek – (International) Red Hat patches “libuser” library vulnerabilities. Red Hat patched two vulnerabilities in its “libuser” library, including a race condition flaw that could lead to a denial-of-service (DoS) condition and a bug in the chfn function of the userhelper utility that an attacker could leverage to create a DoS condition and achieve privilege escalation on the system. Source July 24, SC Magazine – (International) Sophos moves to patch Web Security Appliance flaws. A secur... read more.

• July 27, 2015

By Nancy Rand, Posted in Security

July 23, Threatpost – (International) Four zero days disclosed in internet explorer. Hewlett Packard’s Zero Day Initiative released four new remote code execution (RCE) zero day vulnerabilities in Microsoft’s Internet Explorer, including an issue in how the browser processes arrays representing cells in Hyptertext Markup Language (HTML) tables in which an attacker could execute code under the context of the current process. Source July 23, The Register – (International) Flash zero-day monster Angler domi... read more.

• July 24, 2015

By Nancy Rand, Posted in Security

July 22, Securityweek – (International) Siemens patches vulnerabilities in SIPROTEC, SIMATIC, RuggedCom products. Siemens released updates for its SIPROTEC 4 and SIPROTEC Compact devices addressing a vulnerability in which an attacker could cause a denial-of-service (DoS) condition, a locally exploitable flaw in its SIMATIC WinCC Sm@rtClient application for Android in which an attacker could extract credentials for the Sm@rtServer, and a flaw in RuggedCom devices leaving them vulnerable to Padding Oracle On... read more.

• July 23, 2015

By Nancy Rand, Posted in Security

July 21, Securityweek – (International) Configuration issue exposes 30,000 MongoDB instances: researcher. The founder of the Shodan computer search engine reported that a default listening configuration in MongoDB exposed about 30,000 database instances containing 592.2 terabytes (TB) of data. Source July 20, Network World – (International) Microsoft issues critical out-of-band patch for flaw affecting all Windows versions. Microsoft released an update addressing a critical remote code execution vulnerab... read more.

• July 22, 2015

By Nancy Rand, Posted in Security

July 20, Help Net Security – (International) Ashley Madison hacked, info of 37 million users stolen. Hackers calling themselves “The Impact Team” reportedly accessed and stole personal information and financial records of 37 million of AvidLife’s Ashley Madison Web site as well as user databases for 2 other sites that thecompany owns. The hack was perpetrated in response to Avid Life’s failure to provideits offered “full delete” feature for user profiles. Source July 17, Securityweek – (International) Ea... read more.

• July 22, 2015

By Nancy Rand, Posted in Security

July 17, Help Net Security – (International) Nearly all Web sites have serious security vulnerabilities. Acunetix released a report on 15,000 Web site and network scans of 5,500 companies revealing that almost half of Web applications scanned contained high security vulnerabilities, and 4 of 5 were affected by medium security vulnerabilities, plying that most organizations fail to comply with the Payment Card Industry Data Security Standard (PCI DSS), among other findings. Source July 16, Help Net Securi... read more.

• July 20, 2015

By Nancy Rand, Posted in Security

July 16, Threatpost – (International) Security support ends for remaining Windows XP machines. Microsoft ended security support for Microsoft Security Essentials customers running Windows XP as part of its July Patch Tuesday roll-out, and released security advisories for a patched race condition flaw in the Malicious Software Removal Tool (MSRT) allowing for privilege escalation, as well as an update enhancing use of Data Encryption Standard (DES) encryption keys. Source July 16, Securityweek – (Internat... read more.

• July 17, 2015

By Nancy Rand, Posted in Security

July 15, IDG News Service – (International) Darkode computer hacking forum shuts after investigation spanning 20 countries. U.S. authorities filed hacking charges against 12 suspects affiliated with the Darkode hacker Web forum after the FBI and law enforcement organizations from 20 countries shut down the site and arrested or searched 70 Darkode members worldwide. The Web site allowed hackers to share technology and tradecraft used to infect computers and wireless devices of victims. Source July 15, Sof... read more.

• July 16, 2015

By Nancy Rand, Posted in Security

July 14, Threatpost – (International) Flash Player update patches two Hacking Team zero days. Adobe released patches addressing two critical use-after-free vulnerabilities in ActionScript 3 revealed in data dumped from a recent breach of the Italian surveillance software company Hacking Team. Both flaws allowed an attacker to use a Web site hosting the exploit to completely take over an affected system. Source July 13, Threatpost – (International) Kaseya patches two bugs in VSA IT management platform. Ka... read more.

• July 15, 2015