Articles In Security

By Nancy Rand, Posted in Security

February 29, ZDNet – (International) Snapchat falls foul of CEO impersonation, hands over employee pay data. The video messaging application, Snapchat reported that many of its current and former employees’ payroll information was compromised after a cyber-attacker impersonated the firm’s chief executive officer (CEO) via a phishing campaign and collected employee payroll information from staff at the firm. Snapchat stated that the incident was contained and reported the scheme to the FBI. Source Februar... read more.

  • March 03, 2016

By Nancy Rand, Posted in Security

February 26, SecurityWeek – (International) Over 60 vulnerabilities patched in Apple TV. Apple released Apple TV version 7.2.1 which patched security holes in over 20 different components of the TV including Webkit, the kernel, the third-party app sandbox, Office Viewer, and Cloudkit, among other libraries, and patched vulnerabilities that can be exploited for information disclosure, execution of unsigned code, arbitrary code execution, application crashes, and modifications to protected parts of the filesy... read more.

  • March 01, 2016

By Nancy Rand, Posted in Security

February 25, SecurityWeek – (International) OpenSSL preparing patches for high severity flaws. The OpenSSL Project reported it will release versions 1.0.2g and 1.0.1s for its OpenSSL product early March 2016 to patch several vulnerabilities including a high severity flaw that could allow attackers to obtain the key needed to decrypt traffic if the targeted application uses the Diffie-Hellman (DH) key exchange. Source February 25, SecurityWeek – (International) Critical Drupal updates patch several vulner... read more.

  • February 26, 2016

By Nancy Rand, Posted in Security

February 24, SecurityWeek – (International) Exploit for recently patched Silverlight flaw added to Angler. A security researcher discovered that a previously patched Microsoft Silverlight exploit was used by Angler developers to add code in its Angler exploit kit (EK) and deliver a variant of the TeslaCrypt ransomware to infect victims. Researchers stated the attack was not effective if targets installed the patched Silverlight version onto their systems. Source February 23, SecurityWeek – (International... read more.

  • February 25, 2016

By Nancy Rand, Posted in Security

February 19, Softpedia – (International) JSF***eBay XSS bug exploited in the wild, despite the company’s fix. Security researchers from Check Point discovered that eBay’s platform was susceptible to a JSF*** cross-site scripting (XSS) attack that was exploited in the wild and allowed attackers to convert the site’s JavaScript syntax into the JSF*** non-standard character set, disguise the code to pass through eBay’s XSS filters, and store the character set in the product’s description, allowing the maliciou... read more.

  • February 22, 2016

By Nancy Rand, Posted in Security

February 17, SecurityWeek – (International) Flaw allowed attackers to bypass FireEye detection engine. FireEye released patches fixing an evasion technique vulnerability in its Virtual Execution Engine (VXE), Network Security (NX), Email Security (EX), File Content Security (FX), and Malware Analysis (AX) products after researchers from Blue Frost Security discovered that attackers could bypass the company’s detection engine and temporarily whitelist malware by copying the system engine’s binary into a virt... read more.

  • February 19, 2016

By Nancy Rand, Posted in Security

February 17, SecurityWeek – (International) Fysbis backdoor preferred by Pawn Storm group to target Linux. Security researchers at Palo Alto Networks released a report revealing that the Pawn Storm threat group improved their obfuscation technique for their preferred Linux malware, Fysbis, to ensure that the malware installation information is no longer available in the open and that the malware runs a series of shell commands to establish persistency through newly found command and control (C&C) domain... read more.

  • February 18, 2016

By Nancy Rand, Posted in Security

February 15, SecurityWeek – (International) Misconfigured database exposed Microsoft site to attacks. A researcher from MacKeeper discovered that attackers could have accessed and modified content of a MongoDB database connected to the mobile version of Microsoft’s careers website and maintained by Punchkick Interactive due to misconfigured databases as the MongoDB database was not write-protected. Attackers could insert arbitrary Hyper Text Markup Language (HTML) code to exploit a victim to a phishing page... read more.

  • February 18, 2016

By Nancy Rand, Posted in Security

February 11, Softpedia – (International) Fake Netflix apps deliver banking trojans. Symantec security researchers reported that a new malware campaign was targeting Netflix users in an effort to gain victims’ Netflix credentials and to steal users’ credit card data to make fraudulent purchases by tricking victims into believing the campaign is a company method of accessing online content at a cheaper rate. The malware steals information by using ads to redirect victims to a direct download website embedded... read more.

  • February 16, 2016

By Nancy Rand, Posted in Security

February 11, Softpedia – (International) Severe vulnerability affects Cisco ASA VPN server equipment. Cisco released patches for a buffer overflow vulnerability in its firewall equipment embedded in several versions of its Adaptive Security Appliance (ASA) software for corporate networks and data centers after a researcher found an issue in the InternetKey Exchange (IKE) protocol that could allow attackers to craft malicious User Datagram Protocol (UDP) packets and send it to an ASA device, exploiting the v... read more.

  • February 16, 2016