Articles In Security

By Nancy Rand, Posted in Security

December 10, SecurityWeek – (International) Many Cisco products plagued by deserializations flaws. Cisco Systems reported that it is investigating which of its products are affected by the Java deserialization vulnerability that can be exploited for remote code execution (RCE) via the Apache Commons Collections library due to the failure of developers to ensure that untrusted serialized data is not accepted for deserialization. Cisco will release software updates addressing the flaw. Source December 10,... read more.

• December 11, 2015

By Nancy Rand, Posted in Security

December 9, SecurityWeek – (International) Apple issues security updates for OS X, iOS, Safari. Apple released security updates patching multiple vulnerabilities within its OS X, iOS, Safari, Xcode, watchOS, and tvOS systems including flaws affecting Apple’s mobile operating system, Siri, Webkit, and components such as the App Sandbox, Compression, CoreMedia Playback, EFI, and File Bookmark, among others. Source December 9, Softpedia – (International) DNS Root servers hit by DDoS attack. Researchers from... read more.

• December 10, 2015

By Nancy Rand, Posted in Security

December 7, Softpedia – (International) Malware steals iOS and BlackBerry backups via infected PCs. Palo Alto Networks released a report stating that many mobile backup tools lack secure encryption protocols, which can allow attackers to steal local mobile backup data and sensitive information from infected Apple Mac and Microsoft Windows computers, and discover and extract Apple iOS and Microsoft BlackBerry backup files via 6 trojan families that use the BackStab attack technique. Security researchers advi... read more.

• December 09, 2015

By Nancy Rand, Posted in Security

December 7, Softpedia – (International) Trifecta of security bugs affecting Dell, Lenovo, and Toshiba products. Security researchers from LizardHQ reported that three major security vulnerabilities were affecting current and older versions of computer products including Dell System Detect, Lenovo’s Solution Center, and Toshiba Service Station that allows attackers to abuse an application program interface (API) to bypass the Windows User Account Control limitations on Dell products, run malicious code and e... read more.

• December 08, 2015

By Nancy Rand, Posted in Security

December 3, Securityweek – (International) Ponmocup botnet still actively used for financial gain. Researchers from Fox-IT released a report stating that the malware Ponmocup botnet has infected more than 15 million devices since 2009 and that its infrastructure consists of different components used to deliver, install, execute, and control the malware to prevent researchers from reengineering it. The botnet infects a device via encryption and stores its components in different locations to evade detection,... read more.

• December 07, 2015

By Nancy Rand, Posted in Security

December 2, IDG News Service – (International) Cisco patches permission hijacking issue in WebEx Meetings app for Android. Cisco released patches for an authentication flaw found in its WebEx Meetings application, affecting all older versions of the application before version 8.5.1 that allowed attackers to trick users to download a rogue application to their Android devices, which enabled hackers to infiltrate its permissions settings and gain access to the device. Cisco advised customers to download newer... read more.

• December 04, 2015

By Nancy Rand, Posted in Security

December 2, Securityweek – (International) Google patches over dozen serious flaws in Chrome. Google reported December 1 that its newest version of Chrome 47 includes 41 security patches that address a dozen high severity issues discovered by independent researchers including out-of-bounds access vulnerabilities in V8, Skia, PDFium, use-after-free flaws in Extensions and Document Object Model (DOM), and a type confusion in PDFium, among other patched vulnerabilities. Source   ... read more.

• December 03, 2015

By Nancy Rand, Posted in Security

December 1, Securityweek – (International) Unpatched flaws allow hackers to compromise Belkin routers. A researcher discovered multiple vulnerabilities affecting Belkin’s N150 wireless home routers, including an HTML/script injection that affects the “language” parameter present and causes the device’s web interface to become inoperable; a session hijacking vulnerability that allows an attacker to easily obtain data through a brute force attack due to the fixed state of the session ID as a hexadecimal strin... read more.

• December 02, 2015

By Nancy Rand, Posted in Security

November 30, Securityweek – (International) Microsoft unveils protection against potentially unwanted applications. Microsoft released a new feature for its Systems Center Endpoint Protection (SCEP) and Forefront Endpoint Protection (FEP) systems that includes a new potentially unwanted application (PUA) protection program that automatically identifies unwanted software containing threat names, such as PUA:Win32/Creprote, that targets software bundling technologies, PUA applications, and PUA frameworks and... read more.

• December 01, 2015

By Nancy Rand, Posted in Security

November 19, Securityweek – (International) Microsoft blocks unauthorized code injection in Edge. Microsoft released several improvements to its Edge Software with the introduction of EdgeHTML 13 that adds a security feature to block dynamic-link library (DLL) injections into the browser process and only allow components signed by Microsoft and Windows Hardware Quality Labs (WHQL) signed-device drivers to load. Source November 19, Softpedia – (International) 15-year-old Brit charged with DDoS attacks, bo... read more.

• November 20, 2015