Articles In Security

By Nancy Rand, Posted in Security

March 21, SecurityWeek – (International) Google issues emergency patch for critical Android rooting exploit. Google released an emergency security patch addressing an elevation of privilege vulnerability that affects all Android devices running kernel versions 3.4, 3.10, and 3.14, which could allow local malicious applications to execute arbitrary code in the kernel by rooting applications that were previously installed by customers. Source March 21, Softpedia – (International) “Surprise” ransomware uses... read more.

• March 23, 2016

By Nancy Rand, Posted in Security

March 21, Help Net Security – (International) iOS zero-day breaks Apple’s iMessage encryption. Researchers from Johns Hopkins University discovered a zero-day flaw in Apple’s operating system (iOS) encryption which could allow attackers to decrypt intercepted iMessages in iOS 9 and older iOS versions. Apple Inc., partially patched the vulnerability in iOS 9, but reported that the flaw will be completely patched in iOS 9.3 March 21. Source March 21, SecurityWeek – (International) Symantec patches high ris... read more.

• March 22, 2016

By Nancy Rand, Posted in Security

March 17, IDG News Service – (International) Stagefright exploit puts millions of Android devices at risk. NorthBit released a report addressing a vulnerability dubbed Metaphor, which affects Android versions 2.2. – 4.0, as well as 5.0 and 5.1, after security researchers discovered a new way to exploit a previously patched remote code execution vulnerability found in Stagefright, Android’s mediaserver and multimedia library. Researchers reported attackers tricked victims into clicking a malicious link sent... read more.

• March 21, 2016

By Nancy Rand, Posted in Security

March 16, The Register – (International) Middle-aged US bloke pleads guilty to iCloud celeb nude photo hack. The U.S. Department of Justice reported March 16 that a man from Lancaster pleaded guilty to one count of unauthorized access to a protected computer after he illegally accessed and downloaded images from 50 iCloud accounts and 72 Gmail accounts via phishing attacks from November 2012 – September 2014. Source March 16, Softpedia – (International) AceDeceiver iOS trojan abuses Apple’s Fairplay DRM... read more.

• March 21, 2016

By Nancy Rand, Posted in Security

March 16, SecurityWeek – (International) Radamant C&C server manipulated to spew decryption keys. Security researchers from InfoArmor reported that a flaw in Radamant ransomware’s command and control (C&C) server could potentially allow researchers to decrypt victims’ files without requiring user interaction by registering the infected machine within the malware control center via a Hypertext Transfer Protocol (HTTP) POST request. Researchers reported the request needs to contain public and private... read more.

• March 17, 2016

By Nancy Rand, Posted in Security

March 11, SecurityWeek – (International) DROWN vulnerability still unpatched by most cloud services. A team of researchers released a report stating that the severe vulnerability, Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) affecting many cloud services, was not patched after security researchers found the attack affects Hypertext Transfer Protocol Secure (HTTPS) and other services that rely on Secure Sockets Layer (SSL) and Transport Layer Security (TLS). The vulnerability allows attackers... read more.

• March 16, 2016

By Nancy Rand, Posted in Security

March 15, Softpedia – (International) Recent wave of malware uses macro-enabled Word documents and Windows PowerShell. Security researchers from Palo Alto Networks discovered that attackers were using a new tactic to distribute malicious malware by combining spam campaigns, malicious Word documents, and Window’s PowerShell code. Researchers reported that the macro code, embedded within each malicious Word document, starts a hidden instance of Windows PowerShell to download malicious scripts. Source March... read more.

• March 16, 2016

By Nancy Rand, Posted in Security

March 9, Softpedia – (International) KeRanger ransomware is actually Linux.Encoder ported for Macs. Security researchers from Bitdefender reported that the KeRanger ransomware that targets Mac OS X systems is a rewrite of the Linux.Encoder ransomware after finding that the encryption functions of each ransomware were identical to each other and that both ransomwares share the same names: encrypt_file, recursive_task, currentTimestamp, and creatDaemon. Source March 8, SecurityWeek – (International) Micros... read more.

• March 14, 2016

By Nancy Rand, Posted in Security

March 11, SecurityWeek – (International) Three high severity DoS flaws patched in BIND. The Internet Systems Consortium (ISC) released updates for several of its DNS software BIND product fixing three high severity denial-of-service (DoS) vulnerabilities that could allow remote attackers to crash the BIND name server (named) process by sending a specially crafted query. Source March 11, SecurityWeek – (International)”Libotr” library flaw exposes popular IM apps. A security researcher from X41 D-Sec firm... read more.

• March 14, 2016

By Ken Phelan, Posted in Security

I was at the RSA show a couple of weeks ago and my plane reading included The Black Swan by Nassim Nicholas Taleb. Black Swans are big things that happen unexpectedly, and having happened, change our world significantly. 9/11 was a Black Swan. So was Lehman. In the context of the RSA show, it was hard not to draw some parallels to the new breed of advanced cyber-attacks. Human beings are pattern seeking animals. We’re naturally predisposed to take the noise that everyday life is made of and turn it into... read more.

• March 11, 2016