Articles In Security

By Nancy Rand, Posted in Security

January 12, IDG News Service – (International) Mozilla Persona login system to shut down in November. Mozilla reported that its login system, Persona (persona.org) and related domains will be shut down November 30 due to limited resources and low customer usage within the last two years. The company will continue to maintain the system including providing security fixes and support, but will not introduce new features or produce major enhancements. Source January 12, SecurityWeek – (International) Google... read more.

• January 13, 2016

By Nancy Rand, Posted in Security

January 11, Softpedia – (International) CSRF bug in Verizon’s API left My FiOS accounts open to attacks. Verizon released patches for a cross-site request forgery flaw and a proof-of-concept (PoC) vulnerability in its My FiOS application program interface (API) after an independent security researcher discovered that attackers can access users’ accounts via malicious web pages distributed through email campaigns. Once users open the malicious pages, a password reset command can be triggered. Source Janua... read more.

• January 12, 2016

By Nancy Rand, Posted in Security

January 7, SecurityWeek – (International) Unpatched Drupal flaws expose sites to attacks. A researcher from IOActive reported that there were several vulnerabilities in the update process for the Drupal content management system (CMS) versions 6 and 7 series including a cross-site request forgery (CSRF) vulnerability that can be exploited to force website administrators to check for updates, which can enable hackers to deliver server-side request forgery (SSRF) attacks against drupal.org. Additional issues... read more.

• January 08, 2016

By Nancy Rand, Posted in Security

January 6, SecurityWeek – (International) Linode resets user passwords after breach. Linode reported that it reset customers’ Linode Manager passwords after the company discovered that a massive distributed denial-of-service (DDoS) attack was launched on its website, data centers, and Domain Name System (DNS) infrastructure, in addition to multiple volumetric attacks that targeted its authoritative nameservers and public websites, which may have compromised user credentials from the company’s database. The... read more.

• January 07, 2016

By Nancy Rand, Posted in Security

January 5, Softpedia – (International) Google patches Android for yet another RCE flaw in its Mediaserver component. Google released patches for 12 vulnerabilities, five of which were categorized as critical, for its Android operating system (OS) including a remote code execution (RCE) flaw in its Mediaserver component, which allowed attackers to craft malicious media files and send them via a multimedia messaging service (MMS) or stream them through a user’s browser. Other issues included an elevation of p... read more.

• January 06, 2016

By Nancy Rand, Posted in Security

January 4, SecurityWeek – (International) BlackEnergy malware used in Ukraine power grid attacks. Researchers from ESET reported that the BlackEnergy malware, which previously targeted Ukrainian government entities and U.S. critical infrastructure companies, and a Secure Shell (SSH) backdoor have been targeting news media and electrical power companies in the Ukraine after researchers found that the malware was planted on the networks of several regional power companies and news companies via a destructive... read more.

• January 05, 2016

By Nancy Rand, Posted in Security

December 31, SecurityWeek – (International) Details of 34,000 Steam users exposed during DDoS attack. Valve Corporation reported that its Internet-based platform, Steam deployed catching configurations, one that incorrectly cached traffic for unauthenticated users, which resulted in users’ personal information to be displayed to other users after the company tried to resolve distributed denial-of-service (DDoS) attacks against the Steam Store that affected 34,000 users. The company was working to identify a... read more.

• January 04, 2016

By Nancy Rand, Posted in Security

December 30, SecurityWeek – (International) Linode hit by DDoS attacks. The Cloud hosting company, Linode, reported that its website, Manager mobile application, Doman Name System (DNS) infrastructure, and data centers in Atlanta, Newark, and London were compromised after the company discovered hackers had conducted distributed denial-of-service (DDoS) attacks for several hours. Security researchers from the company were able to patch the vulnerabilities. Source December 29, SecurityWeek – (International... read more.

• January 04, 2016

By Nancy Rand, Posted in Security

December 16, Softpedia – (International) XRTN ransomware discovered, currently undecryptable. A researcher from Bleeping Computer’s released a report on the XRTN ransomware detailing how the malware infects a computer system by sending email attachments, such as malicious Word documents and batch files that are encoded with JavaScript commands, to a victim’s corporate or personal email, that if opened and downloaded, attackers can execute the JavaScript commands to run batch files that will encrypt personal... read more.

• December 18, 2015

By Nancy Rand, Posted in Security

December 16, Softpedia – (International) FireEye security devices provide attackers with backdoor into corporate networks. Two security researchers discovered several FireEye security products had two zero-day flaws, such as the RCE and privilege escalation bug that can execute malicious code disguised as the highly privileged Malware Input Processor (mip) user and gain administrative privileges on the infected device. FireEye released patches addressing the vulnerabilities. Source December 16, SecurityW... read more.

• December 17, 2015