Articles In Security

By Nancy Rand, Posted in Security

January 27, SecurityWeek – (International) Hackers can abuse HP enterprise printers for storage. A researcher from MacKeeper reported that misconfigured enterprise devices can be susceptible to hosting malicious code and evading detection by security products, in addition to allowing attackers to use free, open-source tools to upload files to HP printers and interact with the devices over port 9100 through access via a web browser at “http://<Printer_IP_Address>/ hp/device /<File_Name>.” HP advi... read more.

• January 28, 2016

By Nancy Rand, Posted in Security

January 26, SecurityWeek – (International) US government agencies asked about Juniper backdoor patching. The U.S. House Oversight and Government Reform Committee sent out letters to dozens of government agencies asking that each department provide documents and information on whether they used affected Juniper products, how each entity discovered the vulnerability, and if measures were taken before the Juniper patch was released following a December 2015 incident where an unauthorized code was found in Juni... read more.

• January 27, 2016

By Nancy Rand, Posted in Security

January 25, SecurityWeek – (International) Backdoor found in several Fortinet products. Fortinet released an advisory stating that several of its products including versions of FortiSwitch switches, FortiAnalyzer centralized log and reporting appliances, and FortiCache web cashing appliances were susceptible to a management authentication flaw after company researchers discovered the flaw affected various products following previous reports that the bug only affected its FortiOS system. The flaw can be expl... read more.

• January 26, 2016

By Nancy Rand, Posted in Security

January 22, ZDNet – (International) TeslaCrypt flaw opens the door to free file decryption. A security researcher discovered that the TeslaCrypt ransomware and variants of TeslaCrypt 2.0 contained a design flaw in how the ransomware’s encryption keys were stored in a victim’s computer following the discovery that a new Advanced Encryption Standard (AES) key was generated during each encryption session, revealing that researchers could use specialized programs to retrieve prime numbers of the stored keys to... read more.

• January 25, 2016

By Nancy Rand, Posted in Security

January 21, Softpedia – (International) Threat group uses dating sites to build a botnet of vulnerable home routers. Damballa security researchers reported that a Linux ELF binary, a variant of TheMoon worm, was targeting Home Network Administration Protocol (HNAP) by using adult dating websites to infect home routers and prevents consumers from using their routers’ inbound ports via a malicious iframe embedded on the malicious web pages. Researchers reported the worm is spread by opening outbound ports on... read more.

• January 22, 2016

By Nancy Rand, Posted in Security

January 20, Softpedia – (International) Apple releases 28 security fixes for iOS, OS X and Safari. Apple released 28 security patches for its iOS and Mac OS X operating systems (OS) and its Safari web browser through updated versions of OS X El Capitan 10.11.13, Safari 9.0.3, and OS X kernel that addressed critical vulnerabilities and allowed attackers to execute arbitrary code in the operating system’s kernel and execute arbitrary code on the underlying operating system to trick a victim into accessing a m... read more.

• January 21, 2016

By Nancy Rand, Posted in Security

January 19, Softpedia – (International) Yahoo fixes bug that could compromise email accounts when opening an email. Yahoo! patched a cross-site scripting (XSS) vulnerability that affected its mail’s Web Interface after a researcher from Finish found that the flaw allowed attackers to fully compromise email accounts by crafting an email with a malicious code in the message’s body and sending the malicious email to a target. The vulnerability can be executed each time a user opens an email. Source January... read more.

• January 20, 2016

By Nancy Rand, Posted in Security

January 15, Help Net Security – (International) Flaw allows malicious OpenSSH servers to steal users’ private SSH keys. Researchers from Qualys reported that two vulnerabilities including an Information Disclosure flaw were found in the OpenSSH implementation of the secure shell (SSH) protocol that can allow an attacker to pose as an owner of the SSH keys and extract users’ private cryptographic keys through the default client code that can be tricked into leaking client memory to the server. Source Janu... read more.

• January 19, 2016

By Nancy Rand, Posted in Security

January 14, SecurityWeek – (International) Cisco patches serious flaw in networking, security products. Cisco released software updates that addressed multiple critical vulnerabilities in several of its networking and security products including an unauthorized access issue that affects Cisco standalone and modular controllers running Wireless LAN Controller (LAN) software that allowed attackers to modify the device’s configuration and compromise the device. Source January 13, Softpedia – (International)... read more.

• January 15, 2016

By Nancy Rand, Posted in Security

January 13, Softpedia – (International) Three XSS bugs found on Mozilla’s add-ons and support portals. Mozilla released one patch for its Add-ons portal addressing a cross-site scripting (XSS) flaw that was exploited via the “Create new collection” feature, allowing attackers to add malicious code to the collection’s name field. The company reported they are also working to release patches for two other XSS flaws in its Add-ons portal and in its Support Center. Source January 13, Help Net Security – (Int... read more.

• January 14, 2016