Articles In Security

By Nancy Rand, Posted in Security

August 9, SecurityWeek – (International) Vulnerabilites found in several Fortinet products. Vulnerability Lab released the details of several flaws affecting the Web interface of the Fortinet FortiManager and FortiAnalyzer security management and reporting appliances including a vulnerability that can be exploited by a remote attacker with access to a low-privileged user account to inject arbitrary code into the application if a victim clicks on a link or visits a Webpage containing the malicious code... read more.

• August 18, 2016

By Nancy Rand, Posted in Security

August 10, Softpedia – (International) Data of nearly 2 million users exposed in Dota2 forum hack. Researchers from LeakedSource reported that the Dota2 official developers forum was breached after hackers stole the usernames, email addresses, user identifiers, passwords, and IP addresses of nearly 2 million of the forum’s users July 10 by hashing and salting the password with the MD5 algorithm. Forum administrators patched the vulnerability and reset all user account passwords. Source August 1... read more.

• August 18, 2016

By Nancy Rand, Posted in Security

August 11, SecurityWeek – (International) Linux flaw allows attackers to hijack web connections. Researchers from the University of California at Riverside and the U.S. Army Research Laboratory discovered a vulnerability affecting the Transmission Control Protocol (TCP) specification implemented in Linux kernel could be leveraged to intercept TCP-based connections between two hosts on the Internet, to track users’ activity, terminate connections, and inject arbitrary data into a connection after... read more.

• August 18, 2016

By Nancy Rand, Posted in Security

August 12, Softpedia – (International) Locky ransomware uses vulnerable PHP forms for spam distribution. Researchers from Cisco’s OpenDNS team discovered that the group behind the Locky ransomware is leveraging security flaws in a PHP: Hypertext Preprocessor (PHP)-based Web-to-email service that allows the cybercriminals to brute-force the Web from and make it send a message with the Locky payload attached to any email address due to a vulnerability in a PHP contact form script. Researchers advi... read more.

• August 18, 2016

By Nancy Rand, Posted in Security

August 16, Softpedia – (International) FalseCONNECT vulnerability affects software from Apple, Microsoft, Oracle, more. A security researcher discovered a flaw in how applications from several vendors respond to Hypertext Transfer Protocol (HTTP) CONNECT requests via HTTP/1.0 407 Proxy Authentication Required responses which could allow an attacker with a foothold in a compromised network and the ability to listen to proxy traffic to detect HTTP CONNECT requests sent to the local proxy and issue a 407... read more.

• August 17, 2016

By Nancy Rand, Posted in Security

August 14, Softpedia – (International) Sharp increase in malware utilizing SSL. Blue Coat released a report revealing that the number of malware samples employing secure sockets layer (SSL) increased from 500 samples per month to 29,000 over a 2 month period and the number of active command and control (C&C) servers that used SSL-protected connections to communicate with their bots increased from 1,000 servers in quarter 1 of 2015 to 200,000 servers in quarter 2 after the security firm analyzed th... read more.

• August 16, 2016

By Nancy Rand, Posted in Security

August 5, Softpedia – (International) HEIST attack can steal data from HTTP-encrypted traffic. Two security researchers discovered hackers could carry out a Web-based attack, dubbed HEIST to steal encrypted content from Hypertext Transfer Protocol Secure (HTTPS) traffic by embedding special JavaScript code on a Webpage that fetches content via a hidden JavaScript call from a private page containing sensitive information including credit card numbers and Social Security numbers, then pinpoints the size... read more.

• August 08, 2016

By Nancy Rand, Posted in Security

August 4, SecurityWeek – (International) Critical flaws found in Cisco small business routers. Cisco released patches for its small business RV series routers after researchers discovered a critical flaw affecting the Web interface that allows remote, unauthenticated attackers to execute arbitrary code with root privileges, a high severity flaw that can be exploited remotely to perform a directory traversal and access arbitrary files on the system, and a medium severity command shell injection flaw th... read more.

• August 05, 2016

By Nancy Rand, Posted in Security

August 2, Help Net Security – (International) 36,000 SAP systems exposed online, most open to attacks. ERPScan released a comprehensive SAP Cybersecurity Threat Report which revealed the average number of security patches for SAP products per year has decreased, while the amount of vulnerable platforms has increased and now includes modern cloud and mobile technologies such as HANA. The report also found that SAP’s Customer Relationship Management (CRM), Enterprise Portal (EP), and Supplier Rela... read more.

• August 04, 2016

By Nancy Rand, Posted in Security

August 2, Softpedia – (International) Windows flaw reveals Microsoft account passwords, VPN credentials. Researchers discovered an exploit affecting the way Microsoft Windows handles old authentication procedures for shared network resources where an attacker could embed a disguised link to a server message block (SMB) resource inside a Webpage or an email viewed via Outlook that sends the victim’s login credentials to authenticate on the malicious actor’s domain once the user accesses the... read more.

• August 03, 2016