Articles In Security

By Nancy Rand, Posted in Security

July 19, SecurityWeek – (International) Apple patches tens of vulnerabilities in iOS, OS X. Apple Inc., released security updates for several of its products including OS X El Capitan version 10.11.6, which patched a total of 60 security bugs affecting components such as audio, FaceTime, and CFNetwork, among others after a Zscaler researcher discovered the flaws could allow unprivileged applications to access cookies stored in the Safari browser. Apple also released iOS version 9.3.3., resolving 43 vu... read more.

• July 20, 2016

By Nancy Rand, Posted in Security

July 18, Help Net Security – (International) Ubuntu Forums hacked again, 2 million users exposed. Canonical chief executive officer (CEO) reported that an attacker exploited a Structured Query Language (SQL) injection flaw in its Ubuntu Forums to access and download part of the Forums database, containing usernames, email addresses, and internet protocol addresses (IPs) for 2 million users. Canonical shut down the database, reset all users’ passwords, and installed a Web application firewall aft... read more.

• July 19, 2016

By Nancy Rand, Posted in Security

July 15, SecurityWeek – (International) New trojan helps attackers recruit insiders. Researchers at Gartner Research and Diskin Advanced Technologies found a new trojan dubbed “Delilah” that uses social engineering and extortion to recruit insiders by collecting personal information and capturing video from the targeted user’s webcam while instructing users to use virtual private networks (VPNs) and the Tor network in order to manipulate or blackmail the targeted individual. Source ... read more.

• July 18, 2016

By Nancy Rand, Posted in Security

July 14, IDG News Service – (International) Juniper patches high-risk flaws in Junos OS. Juniper Networks fixed several vulnerabilities in the Junos operating system (OS) used on its networking and security appliances, including an information leak in the J-Web interface, vulnerabilities that could lead to denial of service conditions, a potential kernel crash, a potential memory buffer (mbuf) leak, a crypto vulnerability, and an issue with SRX Series devices. Source July 14, Softpedia – (Inter... read more.

• July 15, 2016

By Nancy Rand, Posted in Security

July 13, SecurityWeek – (International) SAP patches critical Clickjacking vulnerabilities. SAP released 10 Security Patch Day Notes and 26 Support Package Notes addressing several vulnerabilities, including a critical Clickjacking flaw in multiple SAP frameworks and technologies, denial of service flaws, missing authorization checks, code injection, and a cross-site scripting (XSS) issue, among other vulnerabilities. Source July 13, Softpedia – (International) New Stampado ransomware advertised... read more.

• July 14, 2016

By Nancy Rand, Posted in Security

  July 11, Softpedia – (International) MIUI vulnerability affects millions of Xiaomi Android devices. Security researchers from IBM’s Security Intelligence team reported that a remote code execution (RCE) vulnerability exists in MIUI analytics component in versions prior to MIUI Global Stable 7.2 after researchers discovered that the self-update mechanism can be hijacked via a Man-in-the-Middle (MitM) attack and used to deliver malicious update packages. The analytics package uses Hypertex... read more.

• July 13, 2016

By Nancy Rand, Posted in Security

July 12, SecurityWeek – (International) Code execution flaw plagues Intel Graphics Driver. Security researchers from Cisco Talos discovered a local code execution vulnerability in Intel HD Graphics Windows Kernel Mode Driver version 10.18.14.4264 that could allow an attacker to run arbitrary code on a victims’ system or cause denial-of-service (DoS) by sending a specially crafted D3DKMTEscape request to the Intel DH Graphics drivers. Microsoft removed the NTVDM subsystem from its Windows 8 to mi... read more.

• July 13, 2016

By Nancy Rand, Posted in Security

July 1, Softpedia – (International) Google finds 16 bugs, 2 zero-days, in Windows kernel font handling. Microsoft released patches for its Windows kernel that fixed 16 flaws after security researchers from Project Zero discovered that Windows executes all font processing operations in the kernel’s ring-0 with the highest level of permissions, allowing attackers to have direct access to the entire operating system (OS). Source July 1, Softpedia – (International) Free decrypter available fo... read more.

• July 12, 2016

By Nancy Rand, Posted in Security

July 4, Softpedia – (International) Flaws in free SSL tool allowed attackers to get SSL certificates for any domain. StartCom released a new version of its StartEncrypt Linux tool after a security researcher from CompuTest discovered the product had several design and implementation flaws that could allow an attacker to extract signatures from any Web site that enables its users to upload files including GitHub and Dropbox. In addition, an attacker could obtain Secure Sockets Layer (SSL) certificates... read more.

• July 12, 2016

By Nancy Rand, Posted in Security

July 5, SecurityWeek – (International) Information-collecting Android keyboard tops 50 million installs. Security researchers from Pentest Limited discovered a third-party keyboard application for Android dubbed “Flash Keyboard” was allegedly seen conducting malicious activity by communication with servers in several countries and sending personal data including the device manufacturer and model number, International Mobile Station Equipment Identity (IEMI), Android version, user email add... read more.

• July 12, 2016