Articles In Security

By Nancy Rand, Posted in Security

December 2, IDG News Service – (International) Cisco patches permission hijacking issue in WebEx Meetings app for Android. Cisco released patches for an authentication flaw found in its WebEx Meetings application, affecting all older versions of the application before version 8.5.1 that allowed attackers to trick users to download a rogue application to their Android devices, which enabled hackers to infiltrate its permissions settings and gain access to the device. Cisco advised customers to download newer... read more.

• December 04, 2015

By Nancy Rand, Posted in Security

December 2, Securityweek – (International) Google patches over dozen serious flaws in Chrome. Google reported December 1 that its newest version of Chrome 47 includes 41 security patches that address a dozen high severity issues discovered by independent researchers including out-of-bounds access vulnerabilities in V8, Skia, PDFium, use-after-free flaws in Extensions and Document Object Model (DOM), and a type confusion in PDFium, among other patched vulnerabilities. Source   ... read more.

• December 03, 2015

By Nancy Rand, Posted in Security

December 1, Securityweek – (International) Unpatched flaws allow hackers to compromise Belkin routers. A researcher discovered multiple vulnerabilities affecting Belkin’s N150 wireless home routers, including an HTML/script injection that affects the “language” parameter present and causes the device’s web interface to become inoperable; a session hijacking vulnerability that allows an attacker to easily obtain data through a brute force attack due to the fixed state of the session ID as a hexadecimal strin... read more.

• December 02, 2015

By Nancy Rand, Posted in Security

November 30, Securityweek – (International) Microsoft unveils protection against potentially unwanted applications. Microsoft released a new feature for its Systems Center Endpoint Protection (SCEP) and Forefront Endpoint Protection (FEP) systems that includes a new potentially unwanted application (PUA) protection program that automatically identifies unwanted software containing threat names, such as PUA:Win32/Creprote, that targets software bundling technologies, PUA applications, and PUA frameworks and... read more.

• December 01, 2015

By Nancy Rand, Posted in Security

November 19, Securityweek – (International) Microsoft blocks unauthorized code injection in Edge. Microsoft released several improvements to its Edge Software with the introduction of EdgeHTML 13 that adds a security feature to block dynamic-link library (DLL) injections into the browser process and only allow components signed by Microsoft and Windows Hardware Quality Labs (WHQL) signed-device drivers to load. Source November 19, Softpedia – (International) 15-year-old Brit charged with DDoS attacks, bo... read more.

• November 20, 2015

By Nancy Rand, Posted in Security

November 18, The Register – (International) Blackhole’s back: Hated exploit kit returns from the dead. Researchers from Malwarebytes discovered that the previously extinct Blackhole Exploit Kit has resurfaced after finding an active drive-by download campaign via compromised websites with the same Adobe Java platform and PDF exploits as the Blackhole Exploit Kit, which can still compromise vulnerable computers despite its old exploits. Source November 18, Securityweek – (International) Security flaws in... read more.

• November 19, 2015

By Nancy Rand, Posted in Security

November 17, Securityweek – (International) Poor backend security practices expose sensitive data. Researchers at the Technical University of Darmstadt in Germany discovered more than 18.6 million records of security risks associated with the use of Backend-as-a-Service (BaaS) offerings including extrapolation of an ID and an undisclosed key for authentication from a victims’ mobile application that allows attackers access to the backend with the same privileges as the application. Source November 17, Se... read more.

• November 18, 2015

By Nancy Rand, Posted in Security

November 16, Securityweek – (International) Thousands of sites infected with Linux encryption ransomware. Researchers from Dr. Web reported that approximately 2,000 websites were compromised by the Linux file-encrypting ransomware dubbed Linux.Encoder1, that targets the root and home files, web servers, backups, and source code via a downloaded file containing the public RSA key used to store AES keys that adds .encrypt extension to each file, allowing files to be nearly impossible to recover without paying... read more.

• November 17, 2015

By Nancy Rand, Posted in Security

November 13, Securityweek – (International) Flaw in “Spring Social” puts user accounts at risk. Researchers at SourceClear (SRC:CLR) discovered that a vulnerability in Pivotal Software’s Spring Social authentication feature can be exploited via a specially crafted Uniform Resource Locator (URL) that bypasses the cross-site request forgery (CSRF) protection to link an attacker’s account, on a similar service to GitHub or Facebook, with a victim’s account on a compromised website. Pivotal Software patched the... read more.

• November 16, 2015

By Nancy Rand, Posted in Security

November 12, Securityweek – (International) Microsoft reissues security update due to Outlook crash. Microsoft reissued a security patch updating its KB3097877 software on Windows 7 and some versions of its KB3105213 update on Windows 10 after customer complaints revealed that the software update had an issue with its Outlook 2010 and 2013 versions which caused crashes for consumers viewing HyperText Markup Language (HTML) emails. Source November 11, Securityweek – (International) Attackers abuse securit... read more.

• November 13, 2015