Articles In Security

By Ken Phelan, Posted in Security

One of the things that will pump a little adrenaline into an average Tuesday morning at Gotham is a call from one of our clients in the midst of a genuine cyber crisis. Unfortunately, these calls are more and more common, so I thought I’d spend a few minutes talking about some things you can do get prepared for such a call. I’m glad you’re calling me, but I’d prefer that you also had some type of Cyber Crisis Plan that you prepared for such an occasion. I know it’s customary at this point to spend a para... read more.

• December 16, 2015

By Nancy Rand, Posted in Security

December 15, Help Net Security – (International) 13 million MacKeeper users exposed in data breach. MacKeeper, the utility software for Apple Mac products, reported that its database containing passwords and the personal information of 13 million users were exposed in a data breach after a security researcher submitted a Shodan search and discovered four Internet Protocol (IP) addresses led to a MongoDB database belonging to Kromtech, the company that produces MacKeeper. MacKeeper patched the vulnerability... read more.

• December 16, 2015

By Nancy Rand, Posted in Security

December 14, SecurityWeek – (International) Twitter warns users of state sponsored hacking. Twitter reported December 14 that its customers’ user names, Internet Protocol (IP) addresses, phone numbers, and email addresses may have been compromised after a potential state sponsored attack occurred in its systems. Twitter officials advised users to use Tor Project, a software enabling anonymous communication, to protect affected users on social networks. Source December 12, Softpedia – (International) Malw... read more.

• December 15, 2015

By Nancy Rand, Posted in Security

December 11, SecurityWeek – (International) Stealthy backdoor compromised global organizations since 2013: FireEye. Researchers from FireEye reported that the malicious backdoor malware dubbed, LATENTBOT primarily targets the financial services and insurance sectors to steal passwords, record keystrokes, transfer files, and enable attached microphones or webcams by leveraging malicious emails with contaminated Word documents created with Microsoft Word Intruder (MWI) exploit kit (EK) that when opened, execu... read more.

• December 14, 2015

By Nancy Rand, Posted in Security

December 10, SecurityWeek – (International) Many Cisco products plagued by deserializations flaws. Cisco Systems reported that it is investigating which of its products are affected by the Java deserialization vulnerability that can be exploited for remote code execution (RCE) via the Apache Commons Collections library due to the failure of developers to ensure that untrusted serialized data is not accepted for deserialization. Cisco will release software updates addressing the flaw. Source December 10,... read more.

• December 11, 2015

By Nancy Rand, Posted in Security

December 9, SecurityWeek – (International) Apple issues security updates for OS X, iOS, Safari. Apple released security updates patching multiple vulnerabilities within its OS X, iOS, Safari, Xcode, watchOS, and tvOS systems including flaws affecting Apple’s mobile operating system, Siri, Webkit, and components such as the App Sandbox, Compression, CoreMedia Playback, EFI, and File Bookmark, among others. Source December 9, Softpedia – (International) DNS Root servers hit by DDoS attack. Researchers from... read more.

• December 10, 2015

By Nancy Rand, Posted in Security

December 7, Softpedia – (International) Malware steals iOS and BlackBerry backups via infected PCs. Palo Alto Networks released a report stating that many mobile backup tools lack secure encryption protocols, which can allow attackers to steal local mobile backup data and sensitive information from infected Apple Mac and Microsoft Windows computers, and discover and extract Apple iOS and Microsoft BlackBerry backup files via 6 trojan families that use the BackStab attack technique. Security researchers advi... read more.

• December 09, 2015

By Nancy Rand, Posted in Security

December 7, Softpedia – (International) Trifecta of security bugs affecting Dell, Lenovo, and Toshiba products. Security researchers from LizardHQ reported that three major security vulnerabilities were affecting current and older versions of computer products including Dell System Detect, Lenovo’s Solution Center, and Toshiba Service Station that allows attackers to abuse an application program interface (API) to bypass the Windows User Account Control limitations on Dell products, run malicious code and e... read more.

• December 08, 2015

By Nancy Rand, Posted in Security

December 3, Securityweek – (International) Ponmocup botnet still actively used for financial gain. Researchers from Fox-IT released a report stating that the malware Ponmocup botnet has infected more than 15 million devices since 2009 and that its infrastructure consists of different components used to deliver, install, execute, and control the malware to prevent researchers from reengineering it. The botnet infects a device via encryption and stores its components in different locations to evade detection,... read more.

• December 07, 2015

By Nancy Rand, Posted in Security

December 2, IDG News Service – (International) Cisco patches permission hijacking issue in WebEx Meetings app for Android. Cisco released patches for an authentication flaw found in its WebEx Meetings application, affecting all older versions of the application before version 8.5.1 that allowed attackers to trick users to download a rogue application to their Android devices, which enabled hackers to infiltrate its permissions settings and gain access to the device. Cisco advised customers to download newer... read more.

• December 04, 2015