Articles In Security

By Nancy Rand, Posted in Security

April 25, Help Net Security – (International) Compromised credentials still to blame for many data breaches. A Cloud Security Alliance survey found that a lack of scalable identity access management systems, a lack of ongoing automated rotation of cryptographic keys, passwords, and certificates, as well as failure to use multifactor authentication were the major causes of data breaches. The findings also indicated that 22 percent of companies who suffered a data breach, attributed the breach to compromised... read more.

• April 27, 2016

By Nancy Rand, Posted in Security

April 22, SecurityWeek – (International) Adobe patches flaw in analytics AppMeasurement for Flash Library. Adobe release its Analytics AppMeasurement for Flash library version 4.0.1 which patched a Document Object Model (DOM)-based cross-site scripting (XSS) vulnerability after a security researcher discovered the vulnerability when the debugTracking feature was enabled. The flaw affects version 4.0 and earlier platforms. Source April 21, Softpedia – (International) Law enforcement, government agencies s... read more.

• April 25, 2016

By Nancy Rand, Posted in Security

April 21, SecurityWeek – (International) Cisco patches severe flaws in Wireless LAN controller. Cisco released software updates for its Wireless LAN Controller (WLC) products which patch several critical flaws and high severity denial-of-service (DoS) vulnerabilities including an issue related to the Hypertext Transfer Protocol (HTTP) Universal Resource Language (URL) redirection feature of WLC software that can allow an unauthenticated attacker to remotely trigger a buffer overflow and cause affected devic... read more.

• April 22, 2016

By Ed Bratter, Posted in Security

As a consultant in the Active Directory (AD) space, I see a lot of AD environments up close. One theme that has become painfully clear to me is that we, as the gatekeepers of Active Directory, are not doing a good enough job of securing our kingdom. Even the organizations that put a strong emphasis on security come up short in one way or another. This is often because the security professionals are focused on other areas of the network such as firewalls or intrusion detection. Those security professionals... read more.

• April 21, 2016

By Nancy Rand, Posted in Security

April 20, Softpedia – (International) New PWOBot Python malware can log keystrokes, mine for bitcoin. Security researchers from Palo Alto Networks discovered a new malware family dubbed PWOBot was encoded in Python and PWOBot modules can execute other binaries, launch an Hypertext Transfer Protocol (HTTP) server, log keystrokes, execute custom Python code, query remote Universal Resource Languages (URLs), as well as mine for bitcoins by using the victim’s central processing unit (CPU) or graphics processing... read more.

• April 21, 2016

By Nancy Rand, Posted in Security

April 19, Softpedia – (International) Pro-ISIS group defaces 88 websites in three-day rampage. A hacking group titled, Team System Dz reportedly hacked and defaced 88 Web sites from France, Israel, the U.K, and the U.S. April 14 – April 16, leaving pro-Islamic State messages on each compromised Web page, many of which were running WordPress systems. Source April 19, SecurityWeek – (International) Google analyzes effectiveness of website hack notifications. Google and the University of California, Berkele... read more.

• April 20, 2016

By Nancy Rand, Posted in Security

April 18, SecurityWeek – (International) 3.2 million devices exposed to ransomware attacks: Cisco. Security researchers from Cisco Talos discovered that approximately 3.2 million computers were vulnerable to file-encrypting ransomware due to out-of-date software after an Internet scan on already compromised devices revealed that more than 2,100 backdoors across 1,600 Internet Protocol (IP) addresses were associated with governments, schools, aviation companies, and other organizations. Cisco advised adminis... read more.

• April 20, 2016

By Ken Phelan, Posted in Security

Ransomware is all the rage in the news as more and more people are hit by this particularly tough form of malware. I thought I would walk through one of the more prevalent attack patterns and provide some suggestions on how to combat this. Let me start off by saying that the ransomware attack is advanced and designed to get through most of the existing security products that are on the market. But since it’s in the news, every security vendor is talking about how they stop ransomware. It’s a common problem... read more.

• April 18, 2016

By Nancy Rand, Posted in Security

April 15, SecurityWeek – (International) No patches for QuickTime Flaws as Apple ends support on Windows. ZDI reported that Apple will no longer release security updates for Window versions of QuickTime after a security researcher from Source Incite found a heap corruption vulnerability that could allow an attacker to exploit the flaw for remote code execution (RCE) once a victim accesses a maliciously crafted Web site or file. Apple released instructions on ways to remove QuickTime for Window users and adv... read more.

• April 18, 2016

By Nancy Rand, Posted in Security

April 14, SecurityWeek – (International) Google patches serious account recovery vulnerability. Google released patches addressing several vulnerabilities in its account recovery process after a researcher named “Ramzes” found that attackers could change a user’s password and hijack a user’s account by executing arbitrary code in the context of a help article by specifying a page, which attackers controlled, in an sanitized Universal Resource Language (URL) parameter that could have been exploited when a us... read more.

• April 15, 2016