Articles In Security

By Nancy Rand, Posted in Security

September 15, SecurityWeek – (International) 6.6 million users affected by ClixSense breach. ClixSense confirmed that the details of over 6.6 million users were stolen after hackers gained access to the company’s database server after accessing an old server still connected to the database. ClixSense reported the vulnerable server has been shut down and restored user balances, forum, and account names, and reset user passwords, among other measures. Source September 14, Softpedia – (Inter... read more.

• September 16, 2016

By Nancy Rand, Posted in Security

September 13, SecurityWeek – (International) Adobe patches 29 vulnerabilities in Flash Player. Adobe released updates for Flash Player, Digital Editions, and Adobe Air SDK & Compiler resolving a total of 37 vulnerabilities, including integer overflow, use-after-free, among other memory corruption issues in Flash Player that can be exploited to leverage arbitrary code execution, as well as several memory corruption flaws and a use-after-free issue in Digital Editions 4.5.1 and earlier that can be e... read more.

• September 15, 2016

By Nancy Rand, Posted in Security

  September 12, SecurityWeek – (International) Critical MySQL zero-day exposes servers to attacks. An independent security researcher discovered a critical zero-day vulnerability affecting the MySQL open-source database software that can be exploited by an attacker who can authenticate to the MySQL database via a Web interface or network connection to leverage arbitrary code execution with root privileges, which can compromise the server running MySQL. The researcher reported that all MySQL bran... read more.

• September 14, 2016

By Nancy Rand, Posted in Security

Gotham Security Daily Threat Alerts   September 9, Softpedia – (International) New Linux trojan discovered coded in Mozilla’s Rust language. Dr. Web security researchers discovered a new trojan coded in Mozilla’s Rust programming language was targeting Linux-based platforms and found that an attacker in control of an Internet Relay Chat (IRC) channel can send a message to the channel’s public chat that forces all connected bots to parse the message and execute the malicio... read more.

• September 13, 2016

By Nancy Rand, Posted in Security

September 9, Softpedia – (International) New Linux trojan discovered coded in Mozilla’s Rust language. Dr. Web security researchers discovered a new trojan coded in Mozilla’s Rust programming language was targeting Linux-based platforms and found that an attacker in control of an Internet Relay Chat (IRC) channel can send a message to the channel’s public chat that forces all connected bots to parse the message and execute the malicious action. The researchers believe this is a testi... read more.

• September 08, 2016

By Nancy Rand, Posted in Security

September 2, SecurityWeek – (International) Apple patches spyware-related zero-days in OS X, Safari. Apple released patches resolving three zero-day vulnerabilities, dubbed Trident affecting its Mac operating system (OS) X including OS X Yosemite, OS X El Capitan, and in Safari for OS X Mavericks that were exploited by Pegasus surveillance software to spy on individuals via iOS devices and could lead to kernel memory disclosure, applications executing arbitrary code with kernel privileges, and arbitra... read more.

• September 06, 2016

By Nancy Rand, Posted in Security

September 1, SecurityWeek – (International) Betabot starts delivering Cerber ransomware. Security researchers from Invincea discovered the Betabot ransomware began carrying out a second-stage payload where the malware delivers the Cerber ransomware on the endpoint of a compromised machine after stealing user passwords in the first-stage, in order for the malware operators to increase their profits. Researchers also found the ransomware was being delivered by the Neutrino exploit kit (EK) and stated th... read more.

• September 02, 2016

By Nancy Rand, Posted in Security

August 31, SecurityWeek – (International) 68 million exposed in old Dropbox hack. Dropbox, Inc. began prompting password resets for more than 68 million users potentially exposed in a July 2012 data breach where user email addresses and hashed and salted passwords for Dropbox accounts may have been improperly accessed after a Dropbox employee’s password was stolen and used to access an employee account that contained a document containing the user information. Dropbox officials do not believe an... read more.

• September 01, 2016

By Nancy Rand, Posted in Security

August 30, Softpedia – (International) New and mysterious FairWare ransomware targets Linux server. A Bleeping Computer analyst reported that at least 3 Linux server administrators discovered that a ransomware variant, dubbed FairWare hacked their servers, removed their Website root folders, and left a ransom note in the /root folder demanding a 2 Bitcoin, or roughly $1,150, payment in order to retrieve the files. The researcher stated there is no evidence that the ransomware encrypts the user’s... read more.

• August 31, 2016

By Nancy Rand, Posted in Security

August 29, Help Net Security – (International) XSS flaw in D-Link NAS devices allows attackers to mess with your data. A security researcher discovered seven D-Link network-attached storage (NAS) devices were plagued with a cross-site scripting (XSS) flaw in the device’s administrative Web interface that can be exploited through an authenticated Server Message Block (SMB) login attempt and could allow attackers to access a targeted device and change the stored contents after detecting the flaw i... read more.

• August 30, 2016