Articles by 'Nancy Rand'

By Nancy Rand, Posted in Security

June 24, Softpedia – (International) Dyre banking malware uses 285 command and control servers. Security researchers from Symantec released a report revealing that multiple groups are running at least 285 command and control (C&C) servers, as well as 44 machines to deliver payloads and execute man-in-the-browser (MitB) attacks. The servers are located primarily in Ukraine and Russia but located worldwide, and are primarily targeting financial organizations in the U.S. and United Kingdom. Source June... read more.

• June 25, 2015

By Nancy Rand, Posted in Security

June 23, Help Net Security – (International) Critical RubyGems vulns can lead to installation of malicious apps. Security researchers at Trustwave discovered a vulnerability in the RubyGems package manager in which an attacker could redirect a RubyGem client using hypertext transfer protocol secure (HTTPS) to an attacker controlled gem server, bypassing HTTPS verification and allowing the attacker to install malicious or trojan gems. Source June 23, Softpedia – (International) Minor Chrome release fixes... read more.

• June 24, 2015

By Nancy Rand, Posted in Security

June 22, Softpedia – (International) Hackers disrupt Polish airline LOT, ground 10 flights. Officials from LOT Polish Airlines reported that their ground operation systems at Warsaw’s Frederic Chopin Airport suffered a 5-hour cyber-attack that grounded 10 national and international flights and affected about 1,400 passengers June 21. An investigation into the attack is ongoing. Source June 22, Help Net Security – (International) New password recovery scam hitting Gmail, Outlook and Yahoo Mail users. Secu... read more.

• June 24, 2015

By Nancy Rand, Posted in Security

June 19, Threatpost – (International) Static encryption key found in SAP HANA database. Security researchers from ERPScan discovered a vulnerability in SAP’s HANA in-memory relational database management system in which an attacker could use various web-based external attacks to remotely execute code, and then leverage static encryption keys to read encrypted passwords, stored data, and backups. Source June 18, International Business Times – (International) Samsung to issue fix for SwiftKey keyboard bug... read more.

• June 22, 2015

By Nancy Rand, Posted in Security

June 18, Help Net Security – (International) Reddit announces switch to HTTPS-only. Reddit Web site developers reported that starting June 29, the site will only be accessible over hypertext transfer protocol secure (HTTPS) encrypted connections served via the company’s CloudFlare content delivery network (CDN). Source June 18, Securityweek – (International) Drupal security updates patch several vulnerabilities. Drupal developers released updates patching open redirect, information disclosure, and access... read more.

• June 19, 2015

By Nancy Rand, Posted in Security

June 17, Softpedia – (International) Retrospect clients patched to prevent exposure of backup files. Retrospect, Inc. released a patch addressing a password hashing vulnerability in its network backup utility for Apple, Linux, and Microsoft Windows operating systems (OS) in which an attacker with access to networked clients could gain access to users’ backup files. Source June 17, Softpedia – (International) Over 600 million Samsung devices vulnerable to keyboard security risk. Security researchers at N... read more.

• June 18, 2015

By Nancy Rand, Posted in Security

June 16, Infosecurity Magazine – (International) Stegoloader malware hides in images on legit sites. Security researchers from Dell SecureWorks released findings from a report warning of potential new trend in which malware uses digital stenography to evade detection and steal information from affected users via various configurable modules. Source June 16, Softpedia – (International) LastPass has been hacked, change your master password now. Officials from LastPass advised that users change their master... read more.

• June 17, 2015

By Nancy Rand, Posted in Security

June 15, CNN.com – Irony alert: Password-storing company is hacked. On Monday, LastPass announced that hackers broke into its computer system and got access to user email addresses, password reminders, and encrypted versions of people's master passwords. Source June 15, Threatpost – (International) Popular WordPress SEO plugin fixes XSS bug. Security researchers discovered a cross-site scripting (XSS) vulnerability in the Yoast WordPress SEO plugin in which an attacker could leverage “snippet preview” fu... read more.

• June 16, 2015

By Nancy Rand, Posted in Security

June 12, Softpedia – (International) 44.5 million new malware variants recorded in 1 month. Symantec released findings from a report revealing that new malware variants increased by over 50 percent in May to 44.5 million, that the most commonly seen threat on the Apple OS X operating system (OS) was a trojan virus that changes the domain name system settings of affected computers, and that medium-sized companies were the most frequently targeted by spear-phishing attacks. Source June 12, Softpedia – (Int... read more.

• June 15, 2015

By Nancy Rand, Posted in Security

June 11, Securityweek – (International) Serious flaw in iOS mail app exposes users to phishing attacks. A Czech security researcher discovered a vulnerability in Apple’s iOS mobile operating system (OS) in which an attacker can create emails that load remote Hypertext Markup Language (HTML) content when opened, prompting users to input credentials that are sent back to the attacker. Source June 11, Softpedia – (International) Malvertising campaign hits Bejeweled Blitz game on Facebook, CNN Indonesia. Sec... read more.

• June 12, 2015