Articles In Security

By Nancy Rand, Posted in Security

November 4, Help Net Security – (International) GitLab plugs critical flaw in its code repository manager software. GitLab released security updates for its Community Edition (CE) and Enterprise Edition (EE) of its code repository manager software resolving a critical flaw in the import/export project feature that did not adequately check for symbolic links in user-provided archives, thereby allowing an authenticated user to access the contents of any file accessible to the GitLab service account. Sou... read more.

• November 07, 2016

By Nancy Rand, Posted in Security

November 2, SecurityWeek – (International) Belkin WeMo devices expose smartphones to attacks. Invincea security researchers discovered two serious vulnerabilities affecting Belkin’s WeMo home automation devices and their associated Android applications, including a flaw that could be exploited to remotely gain root access to a WeMo device, and a cross-site scripting (XSS) flaw in WeMo’s Android app that could be exploited to execute arbitrary JavaScript code in the context of the Android a... read more.

• November 04, 2016

By Nancy Rand, Posted in Security

November 2, The Register – (International) Multiple RCE flaws found in Memcached web speed tool. Web performance tool Memcached received security patches after a security researcher from Cisco Systems, Inc., discovered that Memcached version 1.4.31 and earlier were plagued with three integer overflow vulnerabilities that could be exploited to achieve remote code execution (RCE) on a targeted system, and are manifested in Memcached functions used to insert, append, or modify key-value data pairs. The r... read more.

• November 03, 2016

By Nancy Rand, Posted in Security

November 1, Help Net Security – (International) Google warns of actively exploited Windows zero-day. Google disclosed a Microsoft Windows zero-day local privilege escalation vulnerability in the Windows kernel that could allow attackers to escape the sandbox. Google researchers warned that the flaw is being actively exploited in the wild. Source October 31, SecurityWeek – (International) Nymaim starts using PowerShell to download payload. Verint security researchers discovered the Nymaim malwar... read more.

• November 02, 2016

By Nancy Rand, Posted in Security

October 30, Softpedia – (International) Serial spammer pleads guilty, faces up to ten years in jail. A Florida resident pleaded guilty October 27 for orchestrating spam campaigns where he and 2 co-conspirators operated a legitimate business named A Whole Lot of Nothing LLC, which provided on-demand spam campaigns for legitimate business and illegal parties, including groups selling untested pharmaceutical drugs. The charges state the trio built botnets to distribute their spam, constructed proxy netwo... read more.

• November 01, 2016

By Nancy Rand, Posted in Security

October 28, SecurityWeek – (International) Apple patches flaws in Xcode, Windows software. Apple released version 8.1 of its Xcode integrated development environment (IDE) to address 10 vulnerabilities in Node.js and OpenSSL that an attacker could exploit for arbitrary code execution or to cause an application to crash. Apple also released iTunes version 12.5.2 and iCloud version 6.0.1 for Microsoft Windows due to flaws in the WebKit Web browser engine, which can be exploited through processing specia... read more.

• October 31, 2016

By Nancy Rand, Posted in Security

October 27, SecurityWeek – (International) Cisco patches 9 flaws in Email Security Appliance. Cisco Systems, Inc. released software updates for its Email Security Appliances (ESA) to resolve a total of nine vulnerabilities, including three denial-of-service (DoS) flaws in the AsyncOS software for Cisco ESA which could allow an unauthenticated remote attacker to cause a DoS condition using maliciously crafted emails and attachments. Cisco also patched vulnerabilities that could allow unauthenticated at... read more.

• October 28, 2016

By Nancy Rand, Posted in Security

October 25, SecurityWeek – (International) Android root exploits abuse Dirty COW vulnerability. Security researchers found that the Dirty COW Linux kernel vulnerability disclosed the week of October 17 can be exploited by a local attacker to escalate privileges to root on Android devices running a Linux kernel higher than 2.6.22 and to compromise an entire system by altering the copy-on-write cache provided by the kernel to change what the system and apps see when reading the affected files. NowSecure... read more.

• October 26, 2016

By Nancy Rand, Posted in Security

October 24, Help Net Security – (International) Dyn DDoS attack: The aftermath. New Hampshire-based Dyn DNS Company suffered 3 distributed denial-of-service (DDoS) attacks involving millions of Internet Protocol (IP) addresses that targeted the company’s managed Domain Name Server (DNS) infrastructure and rendered many Websites and online services such as Twitter, PayPal, and Etsy, among others inaccessible for several hours October 21. Security researchers from Flashpoint and Akamai confirmed t... read more.

• October 25, 2016

By Nancy Rand, Posted in Security

October 21, SecurityWeek – (International) Weebly breach affects over 43 million users. Weebly, a San Francisco-based Web hosting service, confirmed that hackers stole the account information of over 43 million users, including usernames, Internet Protocol (IP) addresses, and password hashes after breaching the company’s systems in February 2016. The company advised its user to reset their passwords and the cause of the breach remains under investigation. Source October 20, Softpedia – (I... read more.

• October 25, 2016