Articles In Security

By Nancy Rand, Posted in Security

March 8, Help Net Security – (International) Google plugs 19 holes in newest Android security update. Google released 19 security issues for its Android Open Source Project (AOSP) after its company’s security researchers found two remote code execution (RCE) vulnerabilities in Mediaserver that can be leveraged via a specially crafted file, as well as discovering a critical vulnerability in the Qualcomm performance component that can be leveraged to allow elevation of privileges flaw, enabling a local malici... read more.

• March 09, 2016

By Nancy Rand, Posted in Security

March 7, CNBC – (National) Scam artists hit Seagate Technology. Cupertino-based Seagate Technology reported that its current and former employees’ personal information including tax information, Social Security numbers, and salaries were compromised after a phishing email disguised as a legitimate internal company request prompted an employee to disclose employee data to an unauthorized third party. The company notified the U.S. Internal Revenue Service and is offering an identify-theft protection service t... read more.

• March 08, 2016

By Nancy Rand, Posted in Security

March 4, Softpedia – (International) XSS on Fortinet’s login page let attackers log passwords in cleartext. A security researcher at Synetis found that Fortinet’s Single-Sign-On (SSO) login system contained a reflected cross-site scripting (RXSS) vulnerability that could allow attackers to insert malicious parameters in cleartext inside the login page’s Uniform Resource Locator (URL). Fortinet released a patch for the vulnerability. Source March 4, SecurityWeek – (International) Adobe to patch flaws in R... read more.

• March 07, 2016

By Nancy Rand, Posted in Security

March 3, SecurityWeek – (International) Apple reissues security update after blocking Ethernet on Mac OS X. Apple Inc., reissued a security updates for its OS X El Capitan systems, which patched a blacklisting issue after an initial security update blocked Ethernet drivers and blocked Internet access to affected Mac systems when using an Ethernet connection. Apple reported that Wi-Fi connections were not affected. Source March 3, SecurityWeek – (International) Cisco patches critical, high severity flaws... read more.

• March 04, 2016

By Nancy Rand, Posted in Security

March 2, Agence France-Presse – (International) NSA chief worries about cyber attack on US infrastructure. The U.S. National Security Agency chief warned March 1 that attackers may try to execute a cyberattack against U.S. infrastructure similar to a 2015 Ukrainian incident in which a computer virus caused the networks of several regional electricity companies to go offline, and caused power grid failures throughout the country. Officials reported that partnerships between the public and private sectors wer... read more.

• March 03, 2016

By Nancy Rand, Posted in Security

February 29, ZDNet – (International) Snapchat falls foul of CEO impersonation, hands over employee pay data. The video messaging application, Snapchat reported that many of its current and former employees’ payroll information was compromised after a cyber-attacker impersonated the firm’s chief executive officer (CEO) via a phishing campaign and collected employee payroll information from staff at the firm. Snapchat stated that the incident was contained and reported the scheme to the FBI. Source Februar... read more.

• March 03, 2016

By Nancy Rand, Posted in Security

February 26, SecurityWeek – (International) Over 60 vulnerabilities patched in Apple TV. Apple released Apple TV version 7.2.1 which patched security holes in over 20 different components of the TV including Webkit, the kernel, the third-party app sandbox, Office Viewer, and Cloudkit, among other libraries, and patched vulnerabilities that can be exploited for information disclosure, execution of unsigned code, arbitrary code execution, application crashes, and modifications to protected parts of the filesy... read more.

• March 01, 2016

By Nancy Rand, Posted in Security

February 25, SecurityWeek – (International) OpenSSL preparing patches for high severity flaws. The OpenSSL Project reported it will release versions 1.0.2g and 1.0.1s for its OpenSSL product early March 2016 to patch several vulnerabilities including a high severity flaw that could allow attackers to obtain the key needed to decrypt traffic if the targeted application uses the Diffie-Hellman (DH) key exchange. Source February 25, SecurityWeek – (International) Critical Drupal updates patch several vulner... read more.

• February 26, 2016

By Nancy Rand, Posted in Security

February 24, SecurityWeek – (International) Exploit for recently patched Silverlight flaw added to Angler. A security researcher discovered that a previously patched Microsoft Silverlight exploit was used by Angler developers to add code in its Angler exploit kit (EK) and deliver a variant of the TeslaCrypt ransomware to infect victims. Researchers stated the attack was not effective if targets installed the patched Silverlight version onto their systems. Source February 23, SecurityWeek – (International... read more.

• February 25, 2016

By Nancy Rand, Posted in Security

February 19, Softpedia – (International) JSF***eBay XSS bug exploited in the wild, despite the company’s fix. Security researchers from Check Point discovered that eBay’s platform was susceptible to a JSF*** cross-site scripting (XSS) attack that was exploited in the wild and allowed attackers to convert the site’s JavaScript syntax into the JSF*** non-standard character set, disguise the code to pass through eBay’s XSS filters, and store the character set in the product’s description, allowing the maliciou... read more.

• February 22, 2016