Articles by 'Nancy Rand'

By Nancy Rand, Posted in Security

March 3, Help Net Security – (International) Phishers target victims of iOS device theft. Security researchers at Malwarebytes discovered an elaborate phishing campaign that targets victims of iOS device theft by using spoofed messages and a fake iCloud log-in Web page, which is available in 10 different languages, to steal users’ log-in credentials, enabling the thieves to unlock the stolen devices. Source March 3, Securityweek – (International) Lossy image compression can hide malicious code in PDF fil... read more.

• March 05, 2015

By Nancy Rand, Posted in Security

March 2, Help Net Security – (International) 0-day flaw in Seagate NAS devices endangers thousands. A security researcher discovered that certain firmware versions of Seagate Business Storage 2-Bay NAS devices are susceptible to an easily-exploitable zero-day remote code execution vulnerability due to outdated Web-enabled application management versions of Hypertext Preprocessor (PHP), CodeIgniter, and Lighttpd technologies that contain known security issues. The company is reportedly working on the issue.... read more.

• March 03, 2015

By Nancy Rand, Posted in Security

February 27, Softpedia – (International) Apps bypass Google Play verification and spew tempest of ads. Bitdefender security researchers discovered 10 apps hosted in Google Play that use social engineering to trick users into installing ad-spewing software and relied on deceptive tactics to ensure persistence on users’ devices. None of the apps linked to Web sites hosting malware, allowing the apps to bypass Google Play quality controls. Source February 27, Securityweek – (International) Critical vulnerab... read more.

• March 02, 2015

By Nancy Rand, Posted in Uncategorized

February 26, Securityweek – (International) Lizard Squad hijacks Lenovo website, emails. Lizard Squad hackers hijacked the Lenovo Web site and email servers by using CloudFlare IP addresses to modify DNS records in Lenovo domain registrar accounts and redirect users to defacement pages, and changed mail server records to allow the group to intercept emails sent to Lenovo email addresses. The hijacking mirrored a similar attack that targeted Google Vietnam during the week of February 23. Source February 2... read more.

• February 27, 2015

By Nancy Rand, Posted in Security

February 25, Securityweek – (International) Mozilla fixes 17 vulnerabilities in Firefox 36. Mozilla released version 36 of its Firefox browser closing 17 vulnerabilities and flaws, including 4 rated as critical. Source February 25, Help Net Security – (International) New DDoS attack and tools use Google Maps plugin as proxy. PLXsert security researchers discovered that attackers are exploiting a known vulnerability in Joomla’s Google Maps plugin by spoofing the sources of requests, causing results to be... read more.

• February 26, 2015

By Nancy Rand, Posted in Security

February 23, SC Magazine – (International) Older vulnerabilities a top enabler of breaches, according to report. Hewlett Packard security researchers reported that 44 percent of known breaches happened as a result of server misconfigurations and vulnerabilities discovered years ago. The report cites 33 percent of identified exploit samples from Microsoft Windows, 11 percent from Adobe Reader and Acrobat, 6 bugs in Oracle Java, and 2 flaws in Microsoft Office flaws. Source February 23, Securityweek – (Int... read more.

• February 25, 2015

By Nancy Rand, Posted in Security

February 23, The Register – (International) Cisco IPv6 processing bug can cause DoS attacks. Cisco announced that its NCS 6000 and Carrier Routing System (CRS-X) contain an IPv6 software bug that attackers could repeatedly exploit by sending a malformed IPv6 packet, carrying extension headers, through an affected Cisco IOS XR device line card to cause an extended denial of service (DoS) condition. Source February 23, Securityweek – (International) Superfish SSL interception library found in several appli... read more.

• February 24, 2015

By Nancy Rand, Posted in Security

February 20, Softpedia – (International) Commercial spyware found in enterprise environment. Security researchers at Lacoon Mobile Security and Check Point discovered 18 different commercial remote access trojan (mRAT) spying tools that connect to the company’s Wi Fi and communicate with the command and control (C&C) server on 1,000 of 900,000 corporate mobile devices tested. The spyware, generally marketed for monitoring children, allows employers to track the location of users, log activity on the dev... read more.

• February 23, 2015

By Nancy Rand, Posted in Security

February 19, Softpedia – (International) Over 250,000 home routers found with duplicate SSH keys. A Shodan researcher discovered that mis-configuration of devices likely led over 250,000 home routers from Spain, 200,000 routers from mostly China and Taiwan, and 150,000 routers from the U.S. and Japan to share the same Secure Shell (SSH) keys, which could allow an attacker to gain access to any device with a single key. Researchers recommended disabling SSH connectivity in the router. Source February 19,... read more.

• February 20, 2015

By Nancy Rand, Posted in Security

February 18, Softpedia – (International) Author of Android Xbot malware includes curse at AV companies. Avast security researchers discovered that the Xbot Android malware infected over 2,570 installations in 350 unique files through third-party marketplaces since the beginning of February. The malware persistently runs on infected devices, has the capability to download content to command and control (C&C) servers, and primarily focuses on capturing, reading, and writing short text messages. Source ... read more.

• February 19, 2015