Articles In Security

By Nancy Rand, Posted in Security

July 20, Help Net Security – (International) Ashley Madison hacked, info of 37 million users stolen. Hackers calling themselves “The Impact Team” reportedly accessed and stole personal information and financial records of 37 million of AvidLife’s Ashley Madison Web site as well as user databases for 2 other sites that thecompany owns. The hack was perpetrated in response to Avid Life’s failure to provideits offered “full delete” feature for user profiles. Source July 17, Securityweek – (International) Ea... read more.

  • July 22, 2015

By Nancy Rand, Posted in Security

July 17, Help Net Security – (International) Nearly all Web sites have serious security vulnerabilities. Acunetix released a report on 15,000 Web site and network scans of 5,500 companies revealing that almost half of Web applications scanned contained high security vulnerabilities, and 4 of 5 were affected by medium security vulnerabilities, plying that most organizations fail to comply with the Payment Card Industry Data Security Standard (PCI DSS), among other findings. Source July 16, Help Net Securi... read more.

  • July 20, 2015

By Nancy Rand, Posted in Security

July 16, Threatpost – (International) Security support ends for remaining Windows XP machines. Microsoft ended security support for Microsoft Security Essentials customers running Windows XP as part of its July Patch Tuesday roll-out, and released security advisories for a patched race condition flaw in the Malicious Software Removal Tool (MSRT) allowing for privilege escalation, as well as an update enhancing use of Data Encryption Standard (DES) encryption keys. Source July 16, Securityweek – (Internat... read more.

  • July 17, 2015

By Ken Phelan, Posted in Security

If you are in a position where you either give or receive IT Security audits, please stop what you’re doing and read this right now (if you haven’t already). It’s the 2014 security audit by OPM’s inspector general office of audits. Katherine Archuleta resigned last Friday as head of the U.S. Office of Personnel Management and I’m guessing she wishes she had read it a little more carefully. My experience indicates that a large of percentage of people reading this line ignored my admonition to read the... read more.

  • July 17, 2015

By Nancy Rand, Posted in Security

July 15, IDG News Service – (International) Darkode computer hacking forum shuts after investigation spanning 20 countries. U.S. authorities filed hacking charges against 12 suspects affiliated with the Darkode hacker Web forum after the FBI and law enforcement organizations from 20 countries shut down the site and arrested or searched 70 Darkode members worldwide. The Web site allowed hackers to share technology and tradecraft used to infect computers and wireless devices of victims. Source July 15, Sof... read more.

  • July 16, 2015

By Nancy Rand, Posted in Security

July 14, Threatpost – (International) Flash Player update patches two Hacking Team zero days. Adobe released patches addressing two critical use-after-free vulnerabilities in ActionScript 3 revealed in data dumped from a recent breach of the Italian surveillance software company Hacking Team. Both flaws allowed an attacker to use a Web site hosting the exploit to completely take over an affected system. Source July 13, Threatpost – (International) Kaseya patches two bugs in VSA IT management platform. Ka... read more.

  • July 15, 2015

By Nancy Rand, Posted in Security

July 13, Securityweek – (International) APT group uses Seaduke trojan to steal data from high-value targets. Security researchers from Symantec released an analysis of the highly-configurable Seaduke trojan used by an advanced persistent threat (APT) group known for cyber-espionage attacks against high-value targets including government organizations. The report revealed that the trojan is installed onto select systems through the CozyDuke trojan, and that it shares similarities with other “Duke” malware. S... read more.

  • July 14, 2015

By Nancy Rand, Posted in Security

July 10, Securityweek – (International) Chinese APT group uses Hacking Team’s Flash Player exploit. Security researchers from Volexity reported that the Wekby advanced persistent threat group (APT), also known as APT 18, Dynamite Panda, and TG-0416, was leveraging an Adobe Flash Player exploit revealed through the July breach of the software company Hacking Team by sending spear-phishing emails purporting to be from Adobe which directed users to download a compromised Flash Player file containing malware. S... read more.

  • July 13, 2015

By Nancy Rand, Posted in Security

July 9, Securityweek – (International) APT-style evasion techniques spotted in “Kofer” ransomware campaign. Security researchers from Cybereason discovered a ransomware campaign primarily targeting European users dubbed “Operation Kofer” that is mimicking advanced persistent threat (APT) operations by continuously generating new variants of the same malware to evade detection, among other anti-detection techniques. Source July 9, CSO Online – (International) Despite warnings, majority of firms still run... read more.

  • July 10, 2015

By Nancy Rand, Posted in Security

July 7, Help Net Security – (International) Flaw allows hijacking of professional surveillance AirLive cameras. Engineers from Core Security discovered vulnerabilities in AirLive’s surveillance cameras in which an attacker could invoke computer-generated imagery (CGI) files without authentication or utilize backdoor accounts to execute arbitrary operating system commands, possibly allowing the attacker to see camera’s transmission stream and compromise network devices. Source July 6, Threatpost – (Intern... read more.

  • July 08, 2015