Articles In Security

By Nancy Rand, Posted in Security

October 28, SecurityWeek – (International) Apple patches flaws in Xcode, Windows software. Apple released version 8.1 of its Xcode integrated development environment (IDE) to address 10 vulnerabilities in Node.js and OpenSSL that an attacker could exploit for arbitrary code execution or to cause an application to crash. Apple also released iTunes version 12.5.2 and iCloud version 6.0.1 for Microsoft Windows due to flaws in the WebKit Web browser engine, which can be exploited through processing specia... read more.

• October 31, 2016

By Nancy Rand, Posted in Security

October 27, SecurityWeek – (International) Cisco patches 9 flaws in Email Security Appliance. Cisco Systems, Inc. released software updates for its Email Security Appliances (ESA) to resolve a total of nine vulnerabilities, including three denial-of-service (DoS) flaws in the AsyncOS software for Cisco ESA which could allow an unauthenticated remote attacker to cause a DoS condition using maliciously crafted emails and attachments. Cisco also patched vulnerabilities that could allow unauthenticated at... read more.

• October 28, 2016

By Nancy Rand, Posted in Security

October 25, SecurityWeek – (International) Android root exploits abuse Dirty COW vulnerability. Security researchers found that the Dirty COW Linux kernel vulnerability disclosed the week of October 17 can be exploited by a local attacker to escalate privileges to root on Android devices running a Linux kernel higher than 2.6.22 and to compromise an entire system by altering the copy-on-write cache provided by the kernel to change what the system and apps see when reading the affected files. NowSecure... read more.

• October 26, 2016

By Nancy Rand, Posted in Security

October 24, Help Net Security – (International) Dyn DDoS attack: The aftermath. New Hampshire-based Dyn DNS Company suffered 3 distributed denial-of-service (DDoS) attacks involving millions of Internet Protocol (IP) addresses that targeted the company’s managed Domain Name Server (DNS) infrastructure and rendered many Websites and online services such as Twitter, PayPal, and Etsy, among others inaccessible for several hours October 21. Security researchers from Flashpoint and Akamai confirmed t... read more.

• October 25, 2016

By Nancy Rand, Posted in Security

October 21, SecurityWeek – (International) Weebly breach affects over 43 million users. Weebly, a San Francisco-based Web hosting service, confirmed that hackers stole the account information of over 43 million users, including usernames, Internet Protocol (IP) addresses, and password hashes after breaching the company’s systems in February 2016. The company advised its user to reset their passwords and the cause of the breach remains under investigation. Source October 20, Softpedia – (I... read more.

• October 25, 2016

By Nancy Rand, Posted in Security

October 20, SecurityWeek – (International) Lexmark patches critical flaw in printer management tool. Lexmark International, Inc. released an update for its Markvision Enterprise printer management software after security researchers from Digital Defense Inc. (DDI) found the software was plagued with a vulnerability in the Apache Flex BlazeDS that can be exploited to read arbitrary files via specially crafted Action Message Format (AMF) messages and retrieve the file storing the admin credentials, as w... read more.

• October 21, 2016

By Nancy Rand, Posted in Security

October 19, SecurityWeek – (International) Oracle Critical Patch Update for October 2016 fixes 253 vulnerabilities. Oracle Corporation released its Critical Patch Update (CPU) for October 2016 to resolve a total of 253 new security flaws in several of its products, including 36 flaws in its Oracle Communications Applications, 14 flaws in the Oracle E-Business Suite that can be remotely exploited without authentication, 24 flaws in its Financial Services Applications, and issues affecting its Retail Ap... read more.

• October 20, 2016

By Nancy Rand, Posted in Security

October 18, Softpedia – (International) WordPress sites under attack via security flaw in unmaintained plugin. Security researchers from White Fir Design discovered the WordPress Marketplace plugin was plagued with an arbitrary file upload vulnerability that could allow an attacker to upload arbitrary files on Websites with the plugin installed and potentially take over a site’s underlying server. The researchers discovered the flaw after detecting scans for the plugin’s Cascading Style Sh... read more.

• October 19, 2016

By Nancy Rand, Posted in Security

October 17, SecurityWeek – (International) Siemens patches flaws in SIMATIC, license manager products. Siemens released software updates addressing several vulnerabilities in its SIMATIC and Automation License Manager (ALM) products after Kaspersky Lab researchers discovered ALM was plagued with a critical path traversal issue that could allow a remote attacker to upload files to the disk, create and remove files, or move existing files via specially crafted packets, as well as a denial-of-service (Do... read more.

• October 18, 2016

By Nancy Rand, Posted in Security

October 13, SecurityWeek – (International) Critical vulnerability patched in Cisco conferencing product. Cisco reported that its Cisco Meeting Server (CMS) prior to version 2.0.6 and Acano Server prior to versions 1.8.18 and 1.9.6 were plagued with a critical vulnerability affecting the Extensible Messaging and Presence Protocol (XMPP) service that could allow an unauthenticated attacker to access the system as another user if the XMPP is enabled on the affected devices, as the XMPP service incorrectl... read more.

• October 17, 2016