Articles In Security

By Nancy Rand, Posted in Security

July 7, Softpedia – (International) Dangerous GNU wget vulnerability still not patche din all Linux distros. Security researchers from Golunski and SecuriTeam discovered a GNU wget vulnerability that could be exploited to allow an attacker to upload arbitrary files and achieve code execution due to wget’s improper handling of file names when redirecting users from an initial Hypertext Transfer Protocol (HTTP) Uniform Resource Locator (URL) to a File Transfer Protocol (FTP) link. Source July 7,... read more.

• July 12, 2016

By Nancy Rand, Posted in Security

July 7, Softpedia – (International) New “Patchwork” cyber-espionage group uses copy-pasted malware for its attacks. Security researchers from Cymmetria reported that a new cyber-espionage group dubbed, Patchwork Advanced Persistent Threat (APT) was seen infecting at least 2,500 machines since December 2015 and can infect an underlying operating system (OS) with their malware using spear-phishing emails that contain PowerPoint files as attachments, which are embedded with the Sandworm explo... read more.

• July 12, 2016

By Nancy Rand, Posted in Security

July 1, Softpedia – (International) Google finds 16 bugs, 2 zero-days, in Windows kernel font handling. Microsoft released patches for its Windows kernel that fixed 16 flaws after security researchers from Project Zero discovered that Windows executes all font processing operations in the kernel’s ring-0 with the highest level of permissions, allowing attackers to have direct access to the entire operating system (OS). Source July 1, Softpedia – (International) Free decrypter available fo... read more.

• July 12, 2016

By Nancy Rand, Posted in Security

July 4, Softpedia – (International) Flaws in free SSL tool allowed attackers to get SSL certificates for any domain. StartCom released a new version of its StartEncrypt Linux tool after a security researcher from CompuTest discovered the product had several design and implementation flaws that could allow an attacker to extract signatures from any Web site that enables its users to upload files including GitHub and Dropbox. In addition, an attacker could obtain Secure Sockets Layer (SSL) certificates... read more.

• July 12, 2016

By Nancy Rand, Posted in Security

July 5, SecurityWeek – (International) Information-collecting Android keyboard tops 50 million installs. Security researchers from Pentest Limited discovered a third-party keyboard application for Android dubbed “Flash Keyboard” was allegedly seen conducting malicious activity by communication with servers in several countries and sending personal data including the device manufacturer and model number, International Mobile Station Equipment Identity (IEMI), Android version, user email add... read more.

• July 12, 2016

By Nancy Rand, Posted in Security

June 30, Softpedia – (International) Google adds SEO spam notifications to Google analytics dashboard. Google reported that it will be enhancing its security notifications for compromised Web sites by integrating the Safe Browsing application programming interface (API) into the Google Analytics dashboard, which will help detect malware and warn the Webmaster of a search engine optimization (SEO) spam on their Web site. Source June 29, Softpedia – (International) Android ransomware quadrupled i... read more.

• July 01, 2016

By Nancy Rand, Posted in Security

June 29, Softpedia – (International) Symantec products affected by multiple “as bad as it gets” vulnerabilities. A security researcher from Google’s Project Zero initiative discovered several vulnerabilities in Symantec’s security products including buffer overflow flaws, memory corruption flaws, and a high-severity flaw that does not require user interaction, affects default configuration, and allows the software to run on the highest privilege levels possible due to a vulnera... read more.

• June 30, 2016

By Nancy Rand, Posted in Security

June 28, Softpedia – (International) Microsoft Office 365 corporate users hit by Cerber ransomware attack. Avanan researchers reported that about 57 percent of all companies using Microsoft Office 365 received at least 1 copy of the Cerber ransomware in their inboxes in a June 22 attack that lasted 5 hours before Microsoft blocked the malicious file attachments. Source June 27, SecurityWeek – (International) MIRCOP ransomware claims to be victim, demands payback. Trend Micro researchers reporte... read more.

• June 29, 2016

By Nancy Rand, Posted in Security

June 24, SecurityWeek – (International) Malware can steal data from air-gapped devices via fans. Security researchers from Ben-Gurion University of the Negev discovered a new acoustic data exfiltration method dubbed Fansmitter was leveraging the noise emitted by a computer’s fans to transmit data without relying on speakers by sending bits of data to a nearby mobile phone or a computer equipped with a microphone. Attackers can control the fan to rotate at a specific speed to transmit a “0&... read more.

• June 28, 2016

By Nancy Rand, Posted in Security

June 23, Softpedia; Austin Daily Dot – (International) Hackers breach US company and unwittingly expose 154 million voter records. Security researchers from MacKeeper discovered that a CouchDB database containing details on over 154 million U.S voters was compromised after a hacker took down L2’s, a company that builds, manages, and sells access to U.S. voter records, firewall. The database contained 1-year-old information and was taken down, and authorities were unsure of the identity of the ha... read more.

• June 24, 2016