Articles In Security

By Nancy Rand, Posted in Security

May 23, SecurityWeek – (International) Exploit for recently patched flash flaw added to Magnitude EK. A French security researcher discovered that attackers were integrating the Magnitude exploit flaw against previously patched Flash Player 21.0.0.213 installations to potentially deliver various pieces of malware, including Locky and Cerber ransomware. The exploit was not fully implemented in Magnitude and researchers advised users to be cautious of the exploit. Source May 21, Softpedia – (International)... read more.

• May 25, 2016

By Nancy Rand, Posted in Security

May 19, Softpedia – (International) A quarter of all hacked WordPress sites can be attributed to three plugins. Sucuri conducted an investigation on over 11,485 compromised Web sites and released its “Website Hacked Report” which revealed that during the first 3 months of 2016, 78 percent of hacked Web sites were using the WordPress Content Management System (CMS) platform and found that attackers were primarily using outdated plugins to hack WordPress sites. Outdated plugins included RevSlider, GravityForm... read more.

• May 20, 2016

By Nancy Rand, Posted in Security

May 18, SC Magazine – (International) Cisco patch blocks DoS vulnerability. Cisco released patches for its Adaptive Security Appliance (ASA) software after security researchers found attackers could alter a memory block, allowing the system to cease transferring traffic and cause a denial-of-service (DoS) situation. The flaw was reportedly linked to an issue in the installation of Internet Control Message Protocol (ICMP) error handling for Internet Protocol Security (IPSec) packets. Source May 18, Securi... read more.

• May 19, 2016

By Nancy Rand, Posted in Security

May 17, SecurityWeek– (International) Critical vulnerability in Symantec AV Engine exploited by just sending an email. Symantec updated its Antivirus Engine (AVE) addressing a critical memory corruption flaw after a security researcher from Google Project Zero discovered the flaw affected most Symantec and Norton-branded antivirus products and reported the issue related to how the antivirus products handle executables compressed in the ASPack file compressor. The vulnerability can be remotely exploited for... read more.

• May 18, 2016

By Nancy Rand, Posted in Security

May 16, SecurityWeek – (International) Data leaked from hacker forum Nulled.io. Risk Based Security reported that the popular forum, Nulled.io was compromised after hackers leaked a 1.3Gb archive containing more than 536,000 user account information including usernames, email addresses, hashed passwords, application program interface (API) credentials for payment gateways, authentication logs, and Internet Protocol (IP) addresses, among other data. Researchers are unsure how the Nulled.io database was compr... read more.

• May 17, 2016

By Nancy Rand, Posted in Security

May 12, SecurityWeek – (International) Adobe patches Flash zero-day exploited in the wild. Adobe updated its Flash Player for Microsoft Windows, Apple Mac, and Linux addressing 25 vulnerabilities including a type confusion, use-after-free, buffer overflow, directory search path, various memory corruption vulnerabilities that can lead to arbitrary code execution, and a zero-day that has been exploited in the wild. Source May 12, Softpedia – (International) 7-Zip 16.0 released to fix gaping security hole.... read more.

• May 16, 2016

By Nancy Rand, Posted in Security

May 12, SecurityWeek – (International) Google patches more high risk vulnerabilities in Chrome 50. Google released a round of security patches for Chrome 50 addressing five vulnerabilities, three of which were deemed high severity, and include a same origin bypass issue in the Document Object Model (DOM), a same bypass bug in Blink V8 bindings, and a buffer overflow flaw in V8. A directory traversal flaw using the file scheme on Android, and a race condition bug in loader were also patched, among other vuln... read more.

• May 13, 2016

By Nancy Rand, Posted in Security

May 11, SecurityWeek – (International) Wi-Fi flaw exposes Android devices to attacks. Google and the developers of Wi-Fi Protected Access (WPA) supplicant patched a high severity privilege escalation flaw that is used in the Android operating system (OS) and several other products after SEARCH-LAB researchers determined that the vulnerability can be exploited to write arbitrary values in the wpa_supplicant configuration file, allowing an attacker to execute arbitrary code with elevated privileges or disrupt... read more.

• May 12, 2016

By Nancy Rand, Posted in Security

May 10, Softpedia – (International) SS7 attack leaves WhatsApp and Telegram encryption useless. Positive Technologies researchers unveiled a new attack that utilizes Signaling System No. 7 (SS7) to carry out attacks on encrypted communications apps such as WhatsApp and Telegram by spoofing a mobile network node and intercepting the initial phase of a chat between two users. The researchers were able to impersonate a second user through SS7 loopholes that were never patched. Source May 10, Softpedia – (In... read more.

• May 11, 2016

By Nancy Rand, Posted in Security

May 9, SecurityWeek – (International) Over two dozen flaws found in Aruba products. Aruba Networks patched some of the 26 security flaws discovered by a Google security engineer, and is working to patch the remaining vulnerabilities which impact all versions of ArubaOS, AirWave Management Platform 8.x versions prior to 8.2, and Aruba Instant access points (IAP) prior to 4.1.3.0 and 4.2.3.1. Some of the vulnerabilities discovered include the transmission of login credentials via Hypertext Transfer Protocol (... read more.

• May 10, 2016