Articles In Security

By Nancy Rand, Posted in Security

May 18, SC Magazine – (International) Cisco patch blocks DoS vulnerability. Cisco released patches for its Adaptive Security Appliance (ASA) software after security researchers found attackers could alter a memory block, allowing the system to cease transferring traffic and cause a denial-of-service (DoS) situation. The flaw was reportedly linked to an issue in the installation of Internet Control Message Protocol (ICMP) error handling for Internet Protocol Security (IPSec) packets. Source May 18, Securi... read more.

• May 19, 2016

By Nancy Rand, Posted in Security

May 17, SecurityWeek– (International) Critical vulnerability in Symantec AV Engine exploited by just sending an email. Symantec updated its Antivirus Engine (AVE) addressing a critical memory corruption flaw after a security researcher from Google Project Zero discovered the flaw affected most Symantec and Norton-branded antivirus products and reported the issue related to how the antivirus products handle executables compressed in the ASPack file compressor. The vulnerability can be remotely exploited for... read more.

• May 18, 2016

By Nancy Rand, Posted in Security

May 16, SecurityWeek – (International) Data leaked from hacker forum Nulled.io. Risk Based Security reported that the popular forum, Nulled.io was compromised after hackers leaked a 1.3Gb archive containing more than 536,000 user account information including usernames, email addresses, hashed passwords, application program interface (API) credentials for payment gateways, authentication logs, and Internet Protocol (IP) addresses, among other data. Researchers are unsure how the Nulled.io database was compr... read more.

• May 17, 2016

By Nancy Rand, Posted in Security

May 12, SecurityWeek – (International) Adobe patches Flash zero-day exploited in the wild. Adobe updated its Flash Player for Microsoft Windows, Apple Mac, and Linux addressing 25 vulnerabilities including a type confusion, use-after-free, buffer overflow, directory search path, various memory corruption vulnerabilities that can lead to arbitrary code execution, and a zero-day that has been exploited in the wild. Source May 12, Softpedia – (International) 7-Zip 16.0 released to fix gaping security hole.... read more.

• May 16, 2016

By Nancy Rand, Posted in Security

May 12, SecurityWeek – (International) Google patches more high risk vulnerabilities in Chrome 50. Google released a round of security patches for Chrome 50 addressing five vulnerabilities, three of which were deemed high severity, and include a same origin bypass issue in the Document Object Model (DOM), a same bypass bug in Blink V8 bindings, and a buffer overflow flaw in V8. A directory traversal flaw using the file scheme on Android, and a race condition bug in loader were also patched, among other vuln... read more.

• May 13, 2016

By Nancy Rand, Posted in Security

May 11, SecurityWeek – (International) Wi-Fi flaw exposes Android devices to attacks. Google and the developers of Wi-Fi Protected Access (WPA) supplicant patched a high severity privilege escalation flaw that is used in the Android operating system (OS) and several other products after SEARCH-LAB researchers determined that the vulnerability can be exploited to write arbitrary values in the wpa_supplicant configuration file, allowing an attacker to execute arbitrary code with elevated privileges or disrupt... read more.

• May 12, 2016

By Nancy Rand, Posted in Security

May 10, Softpedia – (International) SS7 attack leaves WhatsApp and Telegram encryption useless. Positive Technologies researchers unveiled a new attack that utilizes Signaling System No. 7 (SS7) to carry out attacks on encrypted communications apps such as WhatsApp and Telegram by spoofing a mobile network node and intercepting the initial phase of a chat between two users. The researchers were able to impersonate a second user through SS7 loopholes that were never patched. Source May 10, Softpedia – (In... read more.

• May 11, 2016

By Nancy Rand, Posted in Security

May 9, SecurityWeek – (International) Over two dozen flaws found in Aruba products. Aruba Networks patched some of the 26 security flaws discovered by a Google security engineer, and is working to patch the remaining vulnerabilities which impact all versions of ArubaOS, AirWave Management Platform 8.x versions prior to 8.2, and Aruba Instant access points (IAP) prior to 4.1.3.0 and 4.2.3.1. Some of the vulnerabilities discovered include the transmission of login credentials via Hypertext Transfer Protocol (... read more.

• May 10, 2016

By Nancy Rand, Posted in Security

May 6, Help Net Security – (International) Android trojan pesters victims, won’t take no for an answer. Avast researchers determined that an information-stealing Android trojan that is inadvertently downloaded by users, begins its infection after an icon is installed in the launcher in the name of a fake app which launches a dialog box that asks the user to grant it admin rights and blocks further access. Users can remove the trojan by powering down the phone and restoring it to factory settings or uninstal... read more.

• May 10, 2016

By Nancy Rand, Posted in Security

May 5, SecurityWeek – (International) Cisco patches serious flaws in FirePOWER , TelePresence. Cisco released software updates patching several vulnerabilities in its FirePOWER and TelePresence products including a critical vulnerability that allows a remote, unauthenticated attacker to bypass authentication and gain access to a targeted system, as well as several high severity denial-of-service (DoS) vulnerabilities that could allow a remote attacker to cause a system to stop inspecting and processing pack... read more.

• May 06, 2016