Articles In Security

By Nancy Rand, Posted in Security

September 20, Softpedia – (International) Three Symantec employees fired for issuing fake Google SSL certificates. Symantec fired three employees for issuing rogue Secure Sockets Layer (SSL) certificates after Google engineers working for the Certificate Transparency project discovered that the company had issued fake Google.com certificates with “extended validation” labels. Source September 20, IDG News Service – (International) Apple removes malware-infected iOS apps from store. Apple officials report... read more.

  • September 22, 2015

By Nancy Rand, Posted in Security

September 18, SC Magazine – (International) VMware addresses vulnerability in vCenter server. VMware released an update addressing a certificate validation vulnerability in select versions of its vCenter Server which an attacker could exploit to intercept traffic between the vCenter Server and the Lightweight Directory Access Protocol (LDAP) server to capture sensitive information. Source September 18, Softpedia – (International) D-Link accidentally publishes code signing keys. A Norwegian developer and... read more.

  • September 21, 2015

By Nancy Rand, Posted in Security

September 14, Securityweek – (International) Attackers use Google Search Console to hide website hacks. Security researchers from Sucuri discovered that cybercriminals have been using the Google Search Console to improve spam page search engine optimization (SEO) and to hide their presence on hijacked websites by receiving notification when hacks are detected, and by unverifying legitimate website owners. Source September 14, Help Net Security – (International) New malware can make ATMs not give users’ c... read more.

  • September 15, 2015

By Nancy Rand, Posted in Security

September 11, Securityweek – (International) Yokogawa patches serious flaws in ICS products. Japan-based Yokogawa Electric released patches addressing three critical flaws related to network communication functions affecting several of the company’s industrial control system (ICS) products. The remotely exploitable vulnerabilities include buffer overflows and a flaw that could allow an attacker to execute arbitrary code. Source September 10, Securityweek – (International) No patches available for flaws i... read more.

  • September 14, 2015

By Nancy Rand, Posted in Security

September 10, Securityweek – (International) SAP updates patch twenty vulnerabilities. Germany-based SAP enterprise software maker updated 5 previously released patches and issued a new patch addressing 20 vulnerabilities including 8 that were missing authorization checks, 6 cross-site scripting (XSS) bugs, an information disclosure vulnerability, cross-site forgery (CSRF), remote code execution, SQL injection, in addition to other types of attacks. Source September 10, Help Net Security – (International... read more.

  • September 11, 2015

By Nancy Rand, Posted in Security

September 9, Securityweek – (International) Microsoft patches Windows vulnerability exploited in the wild. Microsoft released security bulletins patching over 50 vulnerabilities, including a Win32k memory corruption flaw allowing privilege escalation that has been exploited in the wild, a kernel address space layout randomization (ASLR) bypass, a Windows Media Center remote code execution (RCE) vulnerability, a .NET Framework integer overflow, and a memory corruption flaw in the Edge and Internet Explorer W... read more.

  • September 10, 2015

By Nancy Rand, Posted in Security

September 4, Securityweek – (International) Cisco patches flaw in data center management products. Cisco released software updates addressing a remotely exploitable JavaServer Pages (JSP) vulnerability in the company’s UCS Director and Integrated Management Controller (IMC) Supervisor products which could allow an unauthenticated attacker to use specially crafted HyperText Transfer Protocol (HTTP) requests to overwrite arbitrary files, resulting in instability or a denial-of-service (DoS) condition. Source ... read more.

  • September 08, 2015

By Nancy Rand, Posted in Security

September 1, CSOonline.com – (International) Intel: Criminals getting better at data exfiltration. Security researchers from Intel released findings from a report revealing that cybercriminals are using increasingly sophisticated techniques to exfiltrate pilfered data once systems are accessed, including compressing and disguising the data, leveraging Gmail and encryption, and leveraging graphics processors. Source August 31, Threatpost – (International) CERT warns of slew of bugs in Belkin N600 routers.... read more.

  • September 03, 2015

By Nancy Rand, Posted in Security

September 1, CSOonline.com – (International) Intel: Criminals getting better at data exfiltration. Security researchers from Intel released findings from a report revealing that cybercriminals are using increasingly sophisticated techniques to exfiltrate pilfered data once systems are accessed, including compressing and disguising the data, leveraging Gmail and encryption, and leveraging graphics processors. Source August 31, Threatpost – (International) CERT warns of slew of bugs in Belkin N600 routers.... read more.

  • September 02, 2015

By Nancy Rand, Posted in Security

August 31, IDG News Service – (International) Russian-speaking hackers breach 97 web sites, many of them dating ones. Security researchers from Hold Security discovered that hackers breached 97 web sites between July - August after analysts found batches of stolen information, including a list of web sites and their vulnerabilities, notes, and large lists of email addresses and unencrypted passwords. Source August 31, IDG News Service – (International) ‘KeyRaider’ iOS malware targets jailbroken devices.... read more.

  • September 01, 2015