Articles In Security

By Nancy Rand, Posted in Security

May 2, SecurityWeek – (International) Serious flaw found in “PL/SQL Developer” update system. Allround Automations released a new version of its PL/SQL Developer product after an application security consultant discovered that version 11.0.4, and earlier versions, used Hyper Text Transfer Protocol (HTTP) updates and did not validate the downloaded file’s authenticity, allowing a man-in-the-middle (MitM) attacker to replace the authentic Uniform Resource Locator (URL) with another URL that leads to a malicio... read more.

• May 03, 2016

By Nancy Rand, Posted in Security

April 28, Softpedia – (International) Slack API credentials left in GitHub repos open new door for corporate hacking. Security researchers from Detectify Labs reported that companies in all industries may be at risk after finding that developers were leaving sensitive credentials inside open-sourced code following a scan on GitHub projects which revealed over 1,500 Slack access tokens were available online. The access tokens could allow attackers to access application program interfaces (APIs) and harvest u... read more.

• May 02, 2016

By Nancy Rand, Posted in Security

April 28, SecurityWeek – (International) Critical, high severity flaws patched in Firefox. Mozilla released its web browser, Firefox 46 that patched a total of 14 vulnerabilities including 4 critical vulnerabilities affecting the browser engine, which could cause crashes and potential arbitrary code execution, as well as a high severity vulnerability that could be exploited via specially crafted Web content and cause an exploitable crash, among other flaws. Source April 28, The Register – (International)... read more.

• April 29, 2016

By Nancy Rand, Posted in Security

April 27, Help Net Security – (International) DDoS aggression and the evolution of IoT risks. Neustar released its findings after conducting a survey on over 1,000 information technology (IT) professionals across 6 continents which revealed that 76 percent of companies are investing in distributed denial-of-service (DDoS) protection as DDoS attacks are continuing to evolve from single large attacks to multi-vector attacks. Forty-seven percent of attacked organizations were participating in information shari... read more.

• April 28, 2016

By Nancy Rand, Posted in Security

April 26, Softpedia – (International) Facebook bug allowed attackers to take over accounts on other sites. Facebook patched a flaw in its account registration process after security researchers from Bitdefender discovered the flaw could allow attackers to take over users’ profiles on Web sites where the Facebook Social Login feature was available by adding an attacker’s email address as a secondary address, enabling the attacker to verify the profile and make modifications to the account information. Source... read more.

• April 27, 2016

By Nancy Rand, Posted in Security

April 25, Help Net Security – (International) Compromised credentials still to blame for many data breaches. A Cloud Security Alliance survey found that a lack of scalable identity access management systems, a lack of ongoing automated rotation of cryptographic keys, passwords, and certificates, as well as failure to use multifactor authentication were the major causes of data breaches. The findings also indicated that 22 percent of companies who suffered a data breach, attributed the breach to compromised... read more.

• April 27, 2016

By Nancy Rand, Posted in Security

April 22, SecurityWeek – (International) Adobe patches flaw in analytics AppMeasurement for Flash Library. Adobe release its Analytics AppMeasurement for Flash library version 4.0.1 which patched a Document Object Model (DOM)-based cross-site scripting (XSS) vulnerability after a security researcher discovered the vulnerability when the debugTracking feature was enabled. The flaw affects version 4.0 and earlier platforms. Source April 21, Softpedia – (International) Law enforcement, government agencies s... read more.

• April 25, 2016

By Nancy Rand, Posted in Security

April 21, SecurityWeek – (International) Cisco patches severe flaws in Wireless LAN controller. Cisco released software updates for its Wireless LAN Controller (WLC) products which patch several critical flaws and high severity denial-of-service (DoS) vulnerabilities including an issue related to the Hypertext Transfer Protocol (HTTP) Universal Resource Language (URL) redirection feature of WLC software that can allow an unauthenticated attacker to remotely trigger a buffer overflow and cause affected devic... read more.

• April 22, 2016

By Ed Bratter, Posted in Security

As a consultant in the Active Directory (AD) space, I see a lot of AD environments up close. One theme that has become painfully clear to me is that we, as the gatekeepers of Active Directory, are not doing a good enough job of securing our kingdom. Even the organizations that put a strong emphasis on security come up short in one way or another. This is often because the security professionals are focused on other areas of the network such as firewalls or intrusion detection. Those security professionals... read more.

• April 21, 2016

By Nancy Rand, Posted in Security

April 20, Softpedia – (International) New PWOBot Python malware can log keystrokes, mine for bitcoin. Security researchers from Palo Alto Networks discovered a new malware family dubbed PWOBot was encoded in Python and PWOBot modules can execute other binaries, launch an Hypertext Transfer Protocol (HTTP) server, log keystrokes, execute custom Python code, query remote Universal Resource Languages (URLs), as well as mine for bitcoins by using the victim’s central processing unit (CPU) or graphics processing... read more.

• April 21, 2016