Articles In Security

By Nancy Rand, Posted in Security

September 1, SecurityWeek – (International) Betabot starts delivering Cerber ransomware. Security researchers from Invincea discovered the Betabot ransomware began carrying out a second-stage payload where the malware delivers the Cerber ransomware on the endpoint of a compromised machine after stealing user passwords in the first-stage, in order for the malware operators to increase their profits. Researchers also found the ransomware was being delivered by the Neutrino exploit kit (EK) and stated th... read more.

• September 02, 2016

By Nancy Rand, Posted in Security

August 31, SecurityWeek – (International) 68 million exposed in old Dropbox hack. Dropbox, Inc. began prompting password resets for more than 68 million users potentially exposed in a July 2012 data breach where user email addresses and hashed and salted passwords for Dropbox accounts may have been improperly accessed after a Dropbox employee’s password was stolen and used to access an employee account that contained a document containing the user information. Dropbox officials do not believe an... read more.

• September 01, 2016

By Nancy Rand, Posted in Security

August 30, Softpedia – (International) New and mysterious FairWare ransomware targets Linux server. A Bleeping Computer analyst reported that at least 3 Linux server administrators discovered that a ransomware variant, dubbed FairWare hacked their servers, removed their Website root folders, and left a ransom note in the /root folder demanding a 2 Bitcoin, or roughly $1,150, payment in order to retrieve the files. The researcher stated there is no evidence that the ransomware encrypts the user’s... read more.

• August 31, 2016

By Nancy Rand, Posted in Security

August 29, Help Net Security – (International) XSS flaw in D-Link NAS devices allows attackers to mess with your data. A security researcher discovered seven D-Link network-attached storage (NAS) devices were plagued with a cross-site scripting (XSS) flaw in the device’s administrative Web interface that can be exploited through an authenticated Server Message Block (SMB) login attempt and could allow attackers to access a targeted device and change the stored contents after detecting the flaw i... read more.

• August 30, 2016

By Nancy Rand, Posted in Security

August 26, Softpedia – (International) New Locky ransomware version delivered as DLL file. Cyren security researchers discovered that a variant of the Locky ransomware, Zepto received updates and is now installed on infected devices as dynamic-link library (DLL) files, instead of executable (EXE) files. Researchers also found that the DLL file uses a custom packer in order to prevent detection from anti-malware scanners. Source August 26, SecurityWeek – (International) Apple issues emergency fi... read more.

• August 29, 2016

By Nancy Rand, Posted in Security

August 25, SecurityWeek – (International) Cisco updates ASA software to address NSA-linked exploit. Cisco began releasing updates for its Adaptive Security Appliance (ASA) software resolving a remote code execution flaw leveraged by a zero-day exploit, dubbed EXTRABACON which affects the Simple Network Management Protocol (SNMP) code of the ASA software and can be exploited by a remote hacker to cause a system crash or execute arbitrary code. Cisco advised users to update their installations to versio... read more.

• August 26, 2016

By Nancy Rand, Posted in Security

August 24, Help Net Security – (International) Leaked EXTRABACON exploit can work on newer Cisco ASA firewalls. Researchers from SilentSignal discovered the EXTRABACON exploit of the zero-day buffer overflow vulnerability affecting the Simple Network Management Protocol (SNMP) code of the Cisco Adaptive Security Appliance (ASA), Private Internet eXchange (PIX), and Firewall Services Module versions 8.4. (4) and earlier leaked by ShadowBrokers, can also be modified to compromise ASA version 9.2.(4). Ci... read more.

• August 25, 2016

By Nancy Rand, Posted in Security

August 23, Softpedia – (International) Intruders use virtual machines on infected PCs to hide their actions. SecureWorks discovered malicious actors were attempting to install and launch a new virtual machine (VM) on an infected host in order to connect to the compromised device’s VM and withdraw sensitive data or execute other malicious actions without being detected by security software after finding that the attacker was using the Microsoft Management Console (MMC) to launch the Hyper-V Manag... read more.

• August 24, 2016

By Nancy Rand, Posted in Security

August 18, SecurityWeek – (International) Cisco patches critical flaws in Firepower Management Center. Cisco released patches for its Firepower Management Center to address several flaws in the appliance’s Web-based graphical user interface (GUI) including a medium-severity cross-site scripting (XSS) flaw, a critical vulnerability that could allow an authenticated attacker to remotely execute arbitrary commands on a device with root-level privileges, and a flaw that could allow an authenticated... read more.

• August 22, 2016

By Nancy Rand, Posted in Security

August 18, SecurityWeek – (International) Flaws in smart sockets expose networks to remote attacks. Bitdefender researchers reported a popular brand of smart electrical sockets is plagued with serious vulnerabilities that could be exploited by a remote attacker who knows the media access control (MAC) and default password to take control of the device, make configuration changes, and obtain user information after finding that the socket’s hotspot is protected by default credentials and users are... read more.

• August 22, 2016