Articles In Security

By Nancy Rand, Posted in Security

February 9, SecurityWeek – (International) Cross-platform backdoor adwind hits 443,000 users: Kaspersky. Security researchers from Kaspersky Lab reported that a remote access trojan (RAT) dubbed Adwind RAT had infected approximately 443,000 victims by 2015 and targets Windows, Linux, Mac OS X, and other platforms that run Java, to log keystrokes and steal virtual private network (VPN) certificates, cryptocurrency wallet keys, passwords and other data from web forms, among other malicious actions via spear-p... read more.

  • February 11, 2016

By Nancy Rand, Posted in Security

February 8, Help Net Security – (International) Twitter suspended 125,000 terrorism-related accounts. Twitter reported that they have suspended over 125,000 accounts since 2015 for threatening or promoting terrorist acts related to the Islamic State and have started using spam-fighting tools to discover potentially offending accounts to counter extremist content online. The company is working with law enforcement agencies around the world to stop terrorist organizations from using Twitter as a platform for... read more.

  • February 10, 2016

By Nancy Rand, Posted in Security

February 5, SecurityWeek – (International) Avast patches vulnerability in SafeZone Tool. A researcher from Google discovered a vulnerability in Avast’s SafeZone tool, also known as Avastium, that allowed attackers to gain additional privileges and conduct various actions on the system by convincing a victim to visit a malicious Uniform Resource Locator (URL). The vulnerability was exploited due to Avast’s low security check which allowed any URL to pass through without any restrictions. Source February 4... read more.

  • February 09, 2016

By Nancy Rand, Posted in Security

February 4, SecurityWeek – (International) Cisco patches high severity flaws in several products. Cisco released software updates for its Application Policy Infrastructure Controller (APIC) and several other products that patched high severity vulnerabilities including a denial-of-service (DoS) flaw in Nexus 900 switches, a remote authentication flaw in ASA-CX and Prime Security Manager (PRSM), and a logic issue in the role-based access control (RBAC) processing code that allowed unauthenticated attackers t... read more.

  • February 05, 2016

By Nancy Rand, Posted in Security

February 3, Softpedia – (International) Dual-Mode DMA ransomware cracked, users can recover files for free. Security researchers from Malwarebytes discovered a flaw in the DMA ransomware that could allow victims to decrypt their encrypted files without paying the ransomware after discovering that the ransomware’s encryption key was hard-coded in its binary, allowing victims to re-download the malicious file and input the encryption key inside the ransom note to unlock their files. Source February 3, Secu... read more.

  • February 05, 2016

By Nancy Rand, Posted in Security

February 2, Softpedia – (International) Compromised WordPress sites hijacked over and over again to push malware. Security researchers from Sucuri discovered a new campaign that targets WordPress websites after finding that all of the sites’ JavaScript files were infected with malicious codes to load an iframe, show advertisements, and leave an unknown backdoor on each web page with the intention to reinfect websites once the pages were cleaned. Researchers reported that if victims hosted several domains on... read more.

  • February 04, 2016

By Nancy Rand, Posted in Security

February 1, SecurityWeek – (International) New Cross-Platform backdoors target Linux, Windows. Security researchers from Kaspersky Lab reported that the Linux backdoor dubbed OLMyJuxM.exe was recently found infecting Window-based systems with new capabilities similar to the 32-bit Windows variant of the DropboxCache and uses the same filename templates to steal screenshots, audiocaptures, keylogs, and other arbitrary data by using the SetWindowsHook API for keylogger functionality to contact the command and... read more.

  • February 02, 2016

By Ken Phelan, Posted in Security

A couple of weeks ago I had the pleasure of introducing Bruce Schneier and Larry Ponemon at an event focused on Cyber Resilience. If you’re interested in the material, there’s a recorded version available here. Bruce and Larry are both rock stars, so the content was terrific. I thought I would share some of the things I learned. Cyber resilience is an up and coming term in the cyber security world. It represents the ability to manage, mitigate, and move on from a cyberattack. It kind of reminds me of the... read more.

  • February 01, 2016

By Nancy Rand, Posted in Security

January 29, Help Net Security – (International) 60+ trojanized Android games lurking on Google Play. Researchers from Dr. Web found over 60 game apps offered on the Google Play store were embedded with the malicious Xiny trojan that can download additional malicious apps and collect device information such as the device’s International Mobile Station Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI), and send the data to a command and control (C&C) server via 30 different gam... read more.

  • February 01, 2016

By Nancy Rand, Posted in Security

January 28, SecurityWeek – (International) Samsung patches critical vulnerabilities in Android devices. Samsung released a maintenance update for its major Android flagship Galaxy models that patched 16 vulnerabilities including a flaw in Skia which allowed attackers to conduct denial-of-service attacks via a crafted media file, and a remote code execution (RCE) flaw in Android Mediaserver, which allowed attackers to cause memory corruption, among other vulnerabilities. Source January 28, Softpedia – (In... read more.

  • January 29, 2016