Articles In Security

By Nancy Rand, Posted in Security

October 19, Securityweek – (International) Adobe patches Flash zero-day exploited by Pawn Storm. Adobe released Flash Player updates addressing a zero-day type confusion vulnerability discovered by security researchers from Trend Micro, which the Pawn Storm threat group was exploiting in attacks targeting Foreign Affairs Ministries worldwide via spear-phishing emails leading to a variant of the Sednit malware. Source October 16, CNN – (National) ISIS is attacking the U.S. energy grid (and failing). U.S.... read more.

• October 20, 2015

By Nancy Rand, Posted in Security

October 16, Securityweek – (International) Critical flaw patched in Akismet plugin for WordPress. Automattic released an update for the Akismet WordPress plugin versions 3.1.4 and earlier after security researchers from Sucuri discovered a cross-site scripting (XSS) vulnerability in the plugin that could allow an unauthenticated attacker to insert malicious code into the WordPress administration panel’s comments area by using emoticons. Source October 16, Securityweek – (International) Nuclear EK generat... read more.

• October 19, 2015

By Nancy Rand, Posted in Security

October 15, Help Net Security – (International) Attackers can use Siri, Google Now to secretly take over smartphones. Security researchers from the French Network and Information Security Agency discovered that attackers could use a laptop running GNU Radio, an amplifier, a universal software radio peripheral (USRP) software-defined radio, and antenna to take over smartphones with headphones plugged in via the Google Now and Siri personal assistants. The attack utilizes the device’s headphone cord as an ant... read more.

• October 16, 2015

By Nancy Rand, Posted in Security

October 14, Securityweek – (International) Authorities seize servers to disrupt Dridex botnet. U.S. and European authorities worked with private cybersecurity organizations to disrupt the activities of the Dridex information-stealing botnet by poisoning the peer-to-peer (P2P) network of each sub-botnet, redirecting infected systems’ communications from the botnet to a sinkhole. The botnet resulted in estimated losses of $10 million in the U.S., and authorities are seeking to extradite one of its administrat... read more.

• October 15, 2015

By Nancy Rand, Posted in Security

October 13, Securityweek – (International) Cisco IOS rootkits can be created with limited resources: Researchers. Security researchers from Grid32 released research revealing that cybercriminals could easily create a basic Cisco IOS rootkit within a month or less which could rival the effectiveness of the SYNful Knock malware designed to replace router firmware. Cisco has implemented several new security technologies in current devices to help mitigate threats. Source October 12, Securityweek – (Internat... read more.

• October 14, 2015

By Nancy Rand, Posted in Security

October 9, Help Net Security – (International) Attackers compromise Cisco Web VPNs to steal login credentials, backdoor target networks. Security researchers from Volexity discovered that attackers are continuing to leverage unpatched vulnerabilities or finding ways to gain administrator access to networks via Cisco Clientless secure sockets layer (SSL) virtual private network (VPN) portals in order to harvest employee credentials by injecting malicious JavaScript code on login pages to the VPN. The attacke... read more.

• October 13, 2015

By Nancy Rand, Posted in Security

October 8, Securityweek – (International) New collision attack lowers cost of breaking SHA1. A team of experts from Centrum Wiskunde & Informatica in Europe, Inria in France, and Singapore’s Nanyang Technological University discovered that hackers could execute a “freestart collision” attack to break the full secure hash algorithm 1 (SHA1) cryptographic hash function within 10 days for a cost of $75,000 - $120,000 using graphics cards and computing power from Amazon’s EC2 cloud. Previous research estima... read more.

• October 09, 2015

By Nancy Rand, Posted in Security

October 7, Securityweek – (International) Malicious Android adware infects devices in 20 countries. Security researchers from FireEye were monitoring a new malicious adware campaign dubbed Kemoge that has affected Android devices in 20 countries, in which the malware serves ads to an infected device, extracts exploits to root phones, and employs multiple persistence mechanisms. The malware is packaged with popular Android apps uploaded to third-party stores. Source October 7, Softpedia – (International)... read more.

• October 08, 2015

By Nancy Rand, Posted in Security

October 6, Securityweek – (International) Google patches Stagefright 2.0 flaws on Nexus devices. Google released a security update for Nexus devices resolving 20 recently discovered critical security vulnerabilities in the libstagefright and libutils Android media playback engine, dubbed Stagefright 2.0, in which an attacker could push a specially crafted file to cause memory corruption and remote code execution. Source October 6, Softpedia – (International) Hackers breach Microsoft OWA server, steal 11,... read more.

• October 07, 2015

By Nancy Rand, Posted in Security

October 5, SC Magazine – (International) Zero day vulnerability found in VMware product. Researchers from 7 Elements discovered a VMware vCentre zero day vulnerability involving the deployment of the JMX/RMI service used in the management interface in which an attacker could gain unauthorized remote system access to the hosting server, leading to full enterprise environment compromise. VMware reported that it is working on releasing a patch to address the vulnerability. Source October 3, Softpedia – (Int... read more.

• October 06, 2015