Articles In Security

By Nancy Rand, Posted in Security

April 13, SecurityWeek – (International) Adobe patches flaws in Creative Cloud, RoboHelp. Adobe released Creative Cloud version 3.6.0.244, which patched an important vulnerability in the sync process that affected Creative Cloud Libraries version 3.5.1.209 and earlier versions, as well as a security hotfix for RoboHelp Server version 9, which patched a critical vulnerability linked to the Structured Query Language (SQL) queries that could lead to information disclosure, among other patched vulnerabilities.... read more.

• April 14, 2016

By Nancy Rand, Posted in Security

April 12, SecurityWeek – (International) Ramdo Click-Fraud malware continues to evolve. Security researchers from Dell SecureWorks and Palo Alto Networks released an analysis on the Ramdo click-fraud malware, also known as Redyms, which stated that the Ramdo malware was capable of downloading and installing additional malicious software on infected devices after it tricks users into selecting an online ad from other infection systems. The report stated that while the malware was not very sophisticated, its... read more.

• April 13, 2016

By Nancy Rand, Posted in Security

April 11, Softpedia – (International) Petya ransomware unlocked, you can now recover password needed for decryption. Two security researchers discovered ways to help victims of the Petya ransomware retrieve locked files and unlock computers after one researcher created two Web sites where victims can obtain the decryption password, and another researcher from Emsisoft created a tool that can help generate passwords needed to unlock victims’ computers. Source April 11, SecurityWeek – (International) Nucle... read more.

• April 12, 2016

By Nancy Rand, Posted in Security

April 7, Softpedia – (International) Security experts crack Dridex admin panel, recover victim data. Security researchers from buguroo reported that they were able to retrieve user data and analyze Dridex’s activity to mitigate future attacks after researchers found the Internet Protocol (IP) address of one of the Dridex admin panels, previously known as Subnet 220, hardcoded in the malicious JavaScript files. The Subnet 220 was running an older version of the Dridex backend that was previously discovered w... read more.

• April 12, 2016

By Nancy Rand, Posted in Security

April 7, Softpedia – (International) Google reCAPTCHA cracked in new automated attack. Three security researchers developed a new automated attack that can bypass Google’s reCAPTCHA system and Facebook’s CAPTCHAS systems’ security measures and machine learning after solving the systems’ image answers security protocol with a 70.78 percent success rate when conducting studies on 2,235 CAPTCHAs. The new attack proved a higher degree of accuracy than previously reported and could potentially allow malicious ha... read more.

• April 08, 2016

By Nancy Rand, Posted in Security

April 6, Softpedia – (International) Windows’ Pirrit adware ported to OS X via Qt Framework. Security researcher from Cybereason discovered that the OSX/Pirrit adware was infecting Apple Mac users for the first time and hijacking users’ Web traffic with several ads via the Qt Framework, which allows programmers to write applications that work on Apple Mac devices, Linux systems, and Microsoft Window devices. The malware was seen using several steps to infiltrate a system after a user launches a Pirrit-laced... read more.

• April 08, 2016

By Nancy Rand, Posted in Security

April 5, SecurityWeek – (International) Researchers bypass patch for old IBM Java flaw. The founder and chief executive officer (CEO) of Security Explorations reported that a sandbox escape vulnerability in IBM Java, which was previously patched in 2013, could still be exploited by attackers after discovering the flaw could be abused by making minor modifications to the proof-of-concept (PoC) code published by the company in July 2013. A patch has yet to be released, but IBM was working to release a fix. So... read more.

• April 06, 2016

By Nancy Rand, Posted in Security

April 4, Softpedia – (International) Authentication flaw in Microsoft accounts gets researcher $13,000 reward. Microsoft patched a cross-site request forgery (CSRF) flaw in its main authentication system after a security researcher found attackers could gain access to its Azure, Outlook, and Office servers by altering the “wreply” parameter and sending authentication tokens to a hacker-controlled Web site due to improper input filtering on the “wreply” Uniform Resource Locator (URL). Source April 4, Secu... read more.

• April 05, 2016

By Nancy Rand, Posted in Security

April 1, SecurityWeek – (International) Code execution flaw found in Lhasa decompression library. Lhasa released version 0.3.1 for its open source tool and library product addressing an integer underflow vulnerability after Cisco TALOS researchers found hackers could exploit the flaw for arbitrary code execution by tricking victims into opening a specially crafted file, as well as through file scanning systems that leverage the vulnerable library to read the content of LZH and LHA files. Source March 31,... read more.

• April 05, 2016

By Nancy Rand, Posted in Security

March 31, SecurityWeek – (International) Malware detection bypass vulnerability found in Cisco firepower. Cisco released software updates fixing a high severity vulnerability after a researcher found that the flaw was caused by improper input validation of fields in Hypertext Transfer Protocol (HTTP) that could allow a remote, unauthenticated attacker to bypass malicious file detection and block security features by crafting an HTTP request and sending it to the victims’ system. Source March 31, The Regi... read more.

• April 01, 2016