Articles by 'Nancy Rand'

By Nancy Rand, Posted in Security

May 26, Securityweek – (International) New Linux-based router worm used in social network scheme. Security researchers at ESET discovered a new piece of malware, known as Moose, that primarily spreads by compromising unsecure Linux-based consumer routers and can eavesdrop on communications. Compromised devices steal unencrypted network traffic, mostly from social network sites, and act as a proxy service for botnet operators. Source May 26, Associated Press– (National) IRS says thieves stole tax info fro... read more.

• May 29, 2015

By Nancy Rand, Posted in Security

May 26, Softpedia – (International) Apache HBase fixes denial-of-service, info disclosure flaw. Apache released a fix for a vulnerability in its HBase software in which a remote attacker with network access could create a denial-of-service (DoS) condition and read sensitive information by exploiting insecure Access Control Lists (ACLs) on the ZooKeeper quorum. Source May 26, Securityweek – (International) Synology fixes XSS, command injection vulnerabilities in NAS software. Taiwan-based Synology release... read more.

• May 27, 2015

By Nancy Rand, Posted in Security

May 22, Softpedia – (International) Apache Hive infrastructures vulnerable to authentication flaw in HiveServer2. Apache reported that a vulnerability in all versions of its HiveServer2 interface for Apache Hive enterprise data warehouse infrastructure in which users without proper credentials could gain access by exploiting a flaw in the Lightweight Directory Access Protocol (LDAP) authentication mode. The company recommended that users update to the newest version or disable unauthenticated binds in the L... read more.

• May 26, 2015

By Nancy Rand, Posted in Security

May 20, Softpedia – (International) TLS protocol flawed, HTTPS connections susceptible to FREAK-like attack. Cryptography and security researchers discovered that approximately 8.4 percent of the top one million domains containing mail and web servers are vulnerable to an attack dubbed Logjam, in which an attacker could compromise a secure communication between a client and server by downgrading the transport layer security (TLS) connection to 512-bit export-grade cryptography due to left over variants of t... read more.

• May 26, 2015

By Nancy Rand, Posted in Security

May 19, Securityweek – (International) Attackers use trojanized version of PuTTY to steal SSH credentials. Security researchers at Symantec discovered that actors are using a malicious version of the PuTTY open-source secure shell (SSH) software to access systems remotely and steal data by copying secure server connection info and login details to be sent to an attacker-controlled server. The software bypasses common firewalls and security products due to its whitelisted status and used by system and databa... read more.

• May 21, 2015

By Nancy Rand, Posted in Uncategorized

May 15, Softpedia – (International) Apache fixes vulnerability affecting security manager protections. The security team responsible for Apache Tomcat discovered a vulnerability in multiple versions of the software’s open-source web server and servlet container that could allow an attacker to bypass protections for the Security Manager component and run malicious web applications. Source May 14, CNN – (International) Washington Post mobile site temporarily shut down in apparent hack. The Washington Post... read more.

• May 19, 2015

By Nancy Rand, Posted in Uncategorized

May 14, Softpedia – (International) Cisco TelePresence vulnerable to unauthorized root access, denial of service. Cisco reported two vulnerabilities in versions of its TelePresence TC and TE video conference products in which an attacker could exploit improper authentication protocols for internal services to bypass authentication and obtain root access on the system, and a flaw in the network drivers in which an attacker could use specially crafted internet protocol (IP) packets sent at a high rate to caus... read more.

• May 18, 2015

By Nancy Rand, Posted in Security

May 13, Softpedia – (International) Flash Player 17.0.0.188 addresses security holes. Adobe released updates for Flash Player that fixed 18 vulnerabilities, including 10 memory corruption, heap overflow, integer overflow, type confusion, and use-after-free bugs that could allow an attacker to run arbitrary code on an affected system. Source May 13, Softpedia – (International) Mozilla Firefox 38 fixes 13 vulnerabilities, 5 are critical. Mozilla released fixes for 13 vulnerabilities in Firefox version 38,... read more.

• May 14, 2015

By Nancy Rand, Posted in Security

May 7, Threatpost – (International) Apple fixes webkit vulnerabilities in Safari browser. Apple released an update for its Safari Web browser fixing multiple vulnerabilities in Webkit, including memory corruption and anchor element issues that could be exploited by an attacker to send users to malicious Web sites, leading to arbitrary code execution or unexpected application termination, as well as a state management problem in which unprivileged origins could access file system contents via a specially cra... read more.

• May 11, 2015

By Nancy Rand, Posted in Security

May 6, Softpedia – (International) Tinba banking trojan checks for sandbox before launching. Security researchers from F-Secure discovered a new variant of the Tiny Banker (Tinba) trojan, which checks for mouse movement and the active window a user is working on to ensure that it is executed on a real machine and not a sandbox before running its malicious routines. The trojan also queries the number of cylinders available to the system’s storage device to determine if it is a virtual machine. Source May... read more.

• May 08, 2015