Articles In Security

By Nancy Rand, Posted in Security

August 2, Help Net Security – (International) 36,000 SAP systems exposed online, most open to attacks. ERPScan released a comprehensive SAP Cybersecurity Threat Report which revealed the average number of security patches for SAP products per year has decreased, while the amount of vulnerable platforms has increased and now includes modern cloud and mobile technologies such as HANA. The report also found that SAP’s Customer Relationship Management (CRM), Enterprise Portal (EP), and Supplier Rela... read more.

• August 04, 2016

By Nancy Rand, Posted in Security

August 2, Softpedia – (International) Windows flaw reveals Microsoft account passwords, VPN credentials. Researchers discovered an exploit affecting the way Microsoft Windows handles old authentication procedures for shared network resources where an attacker could embed a disguised link to a server message block (SMB) resource inside a Webpage or an email viewed via Outlook that sends the victim’s login credentials to authenticate on the malicious actor’s domain once the user accesses the... read more.

• August 03, 2016

By Nancy Rand, Posted in Security

July 30, Softpedia – (International) Major cyber-crime campaign switches from CryptXXX to Locky ransomware. Researchers from Palo Alto Networks reported that Afraidgate, the largest source of ransomware infections via exploit kits (EK), stopped delivering the CryptXXX ransomware and began distributing the Locky Zepto variant after switching from Angler to the Neutrino EK. Researchers stated that Afraidgate relies on malicious actors hacking Websites and adding malicious code to the site to redirect us... read more.

• August 02, 2016

By Nancy Rand, Posted in Security

July 29, Help Net Security – (International) SpyNote Android RAT builder has been leaked. Palo Alto Networks’ researchers warned that a builder for the SpyNote Android remote access trojan (RAT) is being distributed freely on several underground hacker forums and configures the RAT to contact a specific command and control (C&C) server over a specific port, removing its icon once it is installed. The malware is capable of viewing messages on infected devices, collecting device information, a... read more.

• August 01, 2016

By Nancy Rand, Posted in Security

July 28, SecurityWeek – (International) Many web attacks come from United States: Sucuri. Researchers at Sucuri analyzed metadata from 30 days of Web traffic and blocked requests from its firewall product and found that the Structured Query Language (SQL) injection, brute force, and other exploit attempts had various browser user agents, more than one-third of the attacks came from the U.S. followed by Indonesia and China, and that when it came to operating systems (OS) 45 percent of attacks came from... read more.

• July 29, 2016

By Nancy Rand, Posted in Security

July 27, Softpedia – (International) Two vulnerabilities affect LastPass, both allow full password compromise. Researchers with Google Project Zero and Detectify discovered a vulnerability affecting LastPass through its JavaScript code that parsed the Uniform Resource Locator (URL) of the page LastPass was working on, potentially allowing an attacker to gain a user’s credentials by tricking the user into accessing a URL in the form of “attacker-site.com/@twitter.com/@script.php.” The... read more.

• July 28, 2016

By Nancy Rand, Posted in Security

July 25, Help Net Security – (International) Critical holes in Micro Focus Filr found, plugged. Micro Focus released patches addressing a cross-site request forgery (CSRF) flaw, an Operating System (OS) Command Injection vulnerability, a persistent cross-site scripting (XSS) flaw, a path traversal, and an authentication bypass vulnerability in its Filr enterprise file management and collaborative file sharing solution after a SEC Consult researcher discovered the flaws during a quick security check. S... read more.

• July 28, 2016

By Nancy Rand, Posted in Security

July 22, Softpedia – (International) Decrypter available for ODCODC ransomware. Security researchers from BloodyDolly released a decrypter for the ODCODC ransomware that circumvents ODCODC’s RSA-2048 encryption to recover the victim’s files without paying the ransom. Source July 21, SecurityWeek – (International) Persistent XSS patched in WooCommerce WordPress plugin. WooCommerce released version 2.6.3 of its ecommerce plugin for WordPress addressing a persistent cross-site scriptin... read more.

• July 25, 2016

By Nancy Rand, Posted in Security

July 21, Help Net Security – (International) Vulnerabilities affecting SAP HANA and SAP Trex put 10,000 customers at risk. Onapsis released security advisories reporting on vulnerabilities in SAP High-Performance Analytic Appliance (HANA) and SAP Trex including a critical risk brute force attack affecting SAP HANA that could allow an attacker to gain unrestricted access to business information, and a critical risk remote command execution flaw affecting SAP Trex that could allow an unauthenticated att... read more.

• July 25, 2016

By Nancy Rand, Posted in Security

  July 20, SecurityWeek – (International) Oracle’s critical patch update for July contains record number of fixes. Oracle released its July Critical Patch Update (CPU) that addressed a total of 276 vulnerabilities in several of its products including 19 critical security flaws affecting the Oracle WebLogic Server component, the Hyperion Financial Reporting component, and the Oracle Health Sciences Clinical Development Center component, among other applications. The update also resolves 36... read more.

• July 21, 2016