Articles In Security

By Nancy Rand, Posted in Security

May 4, SecurityWeek – (International) Attackers exploit critical ImageMagick vulnerability. Two security researchers discovered a remote code execution (RCE) vulnerability dubbed, “ImageTragick,” was leveraged in the wild and found in the open-source software, ImageMagick. Attackers could exploit the flaw to gain access to the victim’s server by creating an exploit file and assigning the file an image extension to bypass the security check, which tricks ImageMagick into converting the malicious file and act... read more.

• May 05, 2016

By Nancy Rand, Posted in Security

May 3, SecurityWeek – (International) Google patches 40 vulnerabilities in Android. Google released security updates for its Android operating system (OS) patching 40 vulnerabilities including a remote code execution (RCE) flaw in Mediaserver that could allow an attacker to execute code within the software, and a privilege escalation flaw in the Android debugger that could allow a malicious application to execute arbitrary code in Android debugger or kernel, among other patched flaws. Source May 2, Secur... read more.

• May 04, 2016

By Nancy Rand, Posted in Security

May 2, SecurityWeek – (International) Serious flaw found in “PL/SQL Developer” update system. Allround Automations released a new version of its PL/SQL Developer product after an application security consultant discovered that version 11.0.4, and earlier versions, used Hyper Text Transfer Protocol (HTTP) updates and did not validate the downloaded file’s authenticity, allowing a man-in-the-middle (MitM) attacker to replace the authentic Uniform Resource Locator (URL) with another URL that leads to a malicio... read more.

• May 03, 2016

By Nancy Rand, Posted in Security

April 28, Softpedia – (International) Slack API credentials left in GitHub repos open new door for corporate hacking. Security researchers from Detectify Labs reported that companies in all industries may be at risk after finding that developers were leaving sensitive credentials inside open-sourced code following a scan on GitHub projects which revealed over 1,500 Slack access tokens were available online. The access tokens could allow attackers to access application program interfaces (APIs) and harvest u... read more.

• May 02, 2016

By Nancy Rand, Posted in Security

April 28, SecurityWeek – (International) Critical, high severity flaws patched in Firefox. Mozilla released its web browser, Firefox 46 that patched a total of 14 vulnerabilities including 4 critical vulnerabilities affecting the browser engine, which could cause crashes and potential arbitrary code execution, as well as a high severity vulnerability that could be exploited via specially crafted Web content and cause an exploitable crash, among other flaws. Source April 28, The Register – (International)... read more.

• April 29, 2016

By Nancy Rand, Posted in Security

April 27, Help Net Security – (International) DDoS aggression and the evolution of IoT risks. Neustar released its findings after conducting a survey on over 1,000 information technology (IT) professionals across 6 continents which revealed that 76 percent of companies are investing in distributed denial-of-service (DDoS) protection as DDoS attacks are continuing to evolve from single large attacks to multi-vector attacks. Forty-seven percent of attacked organizations were participating in information shari... read more.

• April 28, 2016

By Nancy Rand, Posted in Security

April 26, Softpedia – (International) Facebook bug allowed attackers to take over accounts on other sites. Facebook patched a flaw in its account registration process after security researchers from Bitdefender discovered the flaw could allow attackers to take over users’ profiles on Web sites where the Facebook Social Login feature was available by adding an attacker’s email address as a secondary address, enabling the attacker to verify the profile and make modifications to the account information. Source... read more.

• April 27, 2016

By Nancy Rand, Posted in Security

April 25, Help Net Security – (International) Compromised credentials still to blame for many data breaches. A Cloud Security Alliance survey found that a lack of scalable identity access management systems, a lack of ongoing automated rotation of cryptographic keys, passwords, and certificates, as well as failure to use multifactor authentication were the major causes of data breaches. The findings also indicated that 22 percent of companies who suffered a data breach, attributed the breach to compromised... read more.

• April 27, 2016

By Nancy Rand, Posted in Security

April 22, SecurityWeek – (International) Adobe patches flaw in analytics AppMeasurement for Flash Library. Adobe release its Analytics AppMeasurement for Flash library version 4.0.1 which patched a Document Object Model (DOM)-based cross-site scripting (XSS) vulnerability after a security researcher discovered the vulnerability when the debugTracking feature was enabled. The flaw affects version 4.0 and earlier platforms. Source April 21, Softpedia – (International) Law enforcement, government agencies s... read more.

• April 25, 2016

By Nancy Rand, Posted in Security

April 21, SecurityWeek – (International) Cisco patches severe flaws in Wireless LAN controller. Cisco released software updates for its Wireless LAN Controller (WLC) products which patch several critical flaws and high severity denial-of-service (DoS) vulnerabilities including an issue related to the Hypertext Transfer Protocol (HTTP) Universal Resource Language (URL) redirection feature of WLC software that can allow an unauthenticated attacker to remotely trigger a buffer overflow and cause affected devic... read more.

• April 22, 2016