Articles In Security

By Nancy Rand, Posted in Security

November 17, Securityweek – (International) Poor backend security practices expose sensitive data. Researchers at the Technical University of Darmstadt in Germany discovered more than 18.6 million records of security risks associated with the use of Backend-as-a-Service (BaaS) offerings including extrapolation of an ID and an undisclosed key for authentication from a victims’ mobile application that allows attackers access to the backend with the same privileges as the application. Source November 17, Se... read more.

• November 18, 2015

By Nancy Rand, Posted in Security

November 16, Securityweek – (International) Thousands of sites infected with Linux encryption ransomware. Researchers from Dr. Web reported that approximately 2,000 websites were compromised by the Linux file-encrypting ransomware dubbed Linux.Encoder1, that targets the root and home files, web servers, backups, and source code via a downloaded file containing the public RSA key used to store AES keys that adds .encrypt extension to each file, allowing files to be nearly impossible to recover without paying... read more.

• November 17, 2015

By Nancy Rand, Posted in Security

November 13, Securityweek – (International) Flaw in “Spring Social” puts user accounts at risk. Researchers at SourceClear (SRC:CLR) discovered that a vulnerability in Pivotal Software’s Spring Social authentication feature can be exploited via a specially crafted Uniform Resource Locator (URL) that bypasses the cross-site request forgery (CSRF) protection to link an attacker’s account, on a similar service to GitHub or Facebook, with a victim’s account on a compromised website. Pivotal Software patched the... read more.

• November 16, 2015

By Nancy Rand, Posted in Security

November 12, Securityweek – (International) Microsoft reissues security update due to Outlook crash. Microsoft reissued a security patch updating its KB3097877 software on Windows 7 and some versions of its KB3105213 update on Windows 10 after customer complaints revealed that the software update had an issue with its Outlook 2010 and 2013 versions which caused crashes for consumers viewing HyperText Markup Language (HTML) emails. Source November 11, Securityweek – (International) Attackers abuse securit... read more.

• November 13, 2015

By Nancy Rand, Posted in Security

November 10, Securityweek – (International) Flaw in Linux encryption ransomware exposes decryption key. Researchers at Bitdefender discovered a flaw in the Linux.Encoder1 ransomware in its advanced encryption standard (AES) key generation process that revealed the libc rand() function, seeded with the current system timestamp during encryption, allows the retrieval of the AES key without having to decrypt the malware by paying the attackers for a RSA public key. The security firm released a decryption tool... read more.

• November 13, 2015

By Nancy Rand, Posted in Security

November 9, Securityweek – (International) User data compromised in Touchnote breach. UK-based postcard-sending service, Touchnote revealed that its systems were compromised in an attack that stole customers’ personal information including names, email addresses, postal addresses, and other histories that may be used to trick victims into supplying attackers with more sensitive information. The company has notified impacted customers and an investigation is ongoing to find the attackers. Source November... read more.

• November 10, 2015

By Nancy Rand, Posted in Security

November 5, Help Net Security – (International) Firefox 42 is out, with many privacy and security improvements. Mozilla released Firefox 42 addressing several security patches including a new feature named Tracking Protection that actively blocks contents like ads, analytics trackers, requests from active trackers, and social share buttons that may record users’ activity and send personal information without their knowledge across multiple websites. Source November 5, Threatpost – (International) Updated... read more.

• November 09, 2015

By Nancy Rand, Posted in Security

November 5, Securityweek – (International) Cisco patches serious flaws in security, wireless appliances. Cisco released software updates patching several critical and high severity vulnerabilities including a command injection vulnerability, CVE-2015-6298 that affects the certificate generation process in the interface of the Cisco Web Security Appliance (WSA), denial-of-service (DoS) vulnerabilities that causes affected devices to run out of system memory, and vulnerabilities in the Mobility Service Engine... read more.

• November 06, 2015

By Nancy Rand, Posted in Security

November 3, Softpedia – (International) Spam botnet leverages vulnerable WordPress sites. Researchers from Akamai Security Intelligence Research Team (SIRT) discovered a new spam botnet in the wild dubbed Torte that infects machines via Executable and Linkable Format (ELF) Linux binaries and Hypertext Preprocessor (PHP) scripts placed on the targeted server’s filesystem after the SIRT team received a suspicious PHP script for analysis. The botnet is one of the largest in recent years and accounts for 83,000... read more.

• November 05, 2015

By Nancy Rand, Posted in Security

November 3, Softpedia – (International) 100 million Android users may have a backdoor on their devise thanks to the Baidu SDK. Researchers from Trend Micro reported the Moplus software development kit (SDK) being offered by Chinese search engine, Baidu includes a functionality that can be abused to install backdoors on users’ devices via an Hypertext Transfer Protocol (HTTP) server on the targeted smartphone, allowing attackers to send HTTP requests to port 6259 or 40310 and execute malicious commands. The... read more.

• November 04, 2015