Articles In Security

By Nancy Rand, Posted in Security

December 7, Softpedia – (International) Malware steals iOS and BlackBerry backups via infected PCs. Palo Alto Networks released a report stating that many mobile backup tools lack secure encryption protocols, which can allow attackers to steal local mobile backup data and sensitive information from infected Apple Mac and Microsoft Windows computers, and discover and extract Apple iOS and Microsoft BlackBerry backup files via 6 trojan families that use the BackStab attack technique. Security researchers advi... read more.

• December 09, 2015

By Nancy Rand, Posted in Security

December 7, Softpedia – (International) Trifecta of security bugs affecting Dell, Lenovo, and Toshiba products. Security researchers from LizardHQ reported that three major security vulnerabilities were affecting current and older versions of computer products including Dell System Detect, Lenovo’s Solution Center, and Toshiba Service Station that allows attackers to abuse an application program interface (API) to bypass the Windows User Account Control limitations on Dell products, run malicious code and e... read more.

• December 08, 2015

By Nancy Rand, Posted in Security

December 3, Securityweek – (International) Ponmocup botnet still actively used for financial gain. Researchers from Fox-IT released a report stating that the malware Ponmocup botnet has infected more than 15 million devices since 2009 and that its infrastructure consists of different components used to deliver, install, execute, and control the malware to prevent researchers from reengineering it. The botnet infects a device via encryption and stores its components in different locations to evade detection,... read more.

• December 07, 2015

By Nancy Rand, Posted in Security

December 2, IDG News Service – (International) Cisco patches permission hijacking issue in WebEx Meetings app for Android. Cisco released patches for an authentication flaw found in its WebEx Meetings application, affecting all older versions of the application before version 8.5.1 that allowed attackers to trick users to download a rogue application to their Android devices, which enabled hackers to infiltrate its permissions settings and gain access to the device. Cisco advised customers to download newer... read more.

• December 04, 2015

By Nancy Rand, Posted in Security

December 2, Securityweek – (International) Google patches over dozen serious flaws in Chrome. Google reported December 1 that its newest version of Chrome 47 includes 41 security patches that address a dozen high severity issues discovered by independent researchers including out-of-bounds access vulnerabilities in V8, Skia, PDFium, use-after-free flaws in Extensions and Document Object Model (DOM), and a type confusion in PDFium, among other patched vulnerabilities. Source   ... read more.

• December 03, 2015

By Nancy Rand, Posted in Security

December 1, Securityweek – (International) Unpatched flaws allow hackers to compromise Belkin routers. A researcher discovered multiple vulnerabilities affecting Belkin’s N150 wireless home routers, including an HTML/script injection that affects the “language” parameter present and causes the device’s web interface to become inoperable; a session hijacking vulnerability that allows an attacker to easily obtain data through a brute force attack due to the fixed state of the session ID as a hexadecimal strin... read more.

• December 02, 2015

By Nancy Rand, Posted in Security

November 30, Securityweek – (International) Microsoft unveils protection against potentially unwanted applications. Microsoft released a new feature for its Systems Center Endpoint Protection (SCEP) and Forefront Endpoint Protection (FEP) systems that includes a new potentially unwanted application (PUA) protection program that automatically identifies unwanted software containing threat names, such as PUA:Win32/Creprote, that targets software bundling technologies, PUA applications, and PUA frameworks and... read more.

• December 01, 2015

By Nancy Rand, Posted in Security

November 19, Securityweek – (International) Microsoft blocks unauthorized code injection in Edge. Microsoft released several improvements to its Edge Software with the introduction of EdgeHTML 13 that adds a security feature to block dynamic-link library (DLL) injections into the browser process and only allow components signed by Microsoft and Windows Hardware Quality Labs (WHQL) signed-device drivers to load. Source November 19, Softpedia – (International) 15-year-old Brit charged with DDoS attacks, bo... read more.

• November 20, 2015

By Nancy Rand, Posted in Security

November 18, The Register – (International) Blackhole’s back: Hated exploit kit returns from the dead. Researchers from Malwarebytes discovered that the previously extinct Blackhole Exploit Kit has resurfaced after finding an active drive-by download campaign via compromised websites with the same Adobe Java platform and PDF exploits as the Blackhole Exploit Kit, which can still compromise vulnerable computers despite its old exploits. Source November 18, Securityweek – (International) Security flaws in... read more.

• November 19, 2015

By Nancy Rand, Posted in Security

November 17, Securityweek – (International) Poor backend security practices expose sensitive data. Researchers at the Technical University of Darmstadt in Germany discovered more than 18.6 million records of security risks associated with the use of Backend-as-a-Service (BaaS) offerings including extrapolation of an ID and an undisclosed key for authentication from a victims’ mobile application that allows attackers access to the backend with the same privileges as the application. Source November 17, Se... read more.

• November 18, 2015