Articles In Security

By Nancy Rand, Posted in Security

October 29, Securityweek – (International) New types of reflection DDoS attacks spotted. Akamai’s Security Intelligence Response Team released a new threat advisory detailing 3 new types of reflection distributed denial-of-service (DDoS) attacks abusing the remote procedure call (RPC) portmap service with attacks exceeding 100 Gbps; Network Basic Input/Output System (NetBIOS) name servers with the largest attack peaking at 15.7 Gbps; and Sentinel license servers with peak bandwidth attacks of 11.7 Gbps. Sou... read more.

• November 03, 2015

By Nancy Rand, Posted in Security

October 29, Securityweek – (International) 13 million passwords leaked from free hosting service. A security expert reported October 28 that 13 million personal user records including names, emails, and plaintext passwords from the free web hosting service, 000webhost.com were compromised after its main server was exploited via a flaw in its old version of PHP. To mitigate future breaches, 000webhost updated its systems, increased its encryption, and changed all passwords. Source October 29, Securityweek... read more.

• October 30, 2015

By Nancy Rand, Posted in Security

October 28, Securityweek – (International) Adobe patches critical vulnerability in Shockwave Player. Adobe released a patch resolving a memory corruption vulnerability in its Shockwave Player 12.2.0.162 for Windows and Mac user after researchers from Fortinet’s Fortiguard Labs discovered that the vulnerability allowed attackers to compromise remote computers and execute remote code, allowing full control of the operating system without the victim being aware. Source  October 28, Softpedia – (Internationa... read more.

• October 29, 2015

By Nancy Rand, Posted in Security

October 27, Securityweek – (International) Joomla flaw exploited in the wild within hours of disclosure. Security researchers from Sucuri reported that malicious actors started exploiting critical vulnerabilities, including a Structured Query Language (SQL) injection issue in Joomla, within 4 hours of patches released by developers addressing the issue and subsequent flaw disclosures by researchers at Trustwave. The SQL injection vulnerability could allow a remote attacker to hijack administrator sessions a... read more.

• October 28, 2015

By Nancy Rand, Posted in Security

October 26, Softpedia – (International) 12 new malware strands are discovered every minute. Security researchers at G DATA released report findings revealing that the company discovered 3,045,722 new types of malware in the first half of 2015, a 26.6 percent increase since the second half of 2014, and that most attacks were either adware or potentially unwanted programs (PUPs) hosted on U.S. websites from the healthcare and technology and telecommunications, among others. G DATA also observed an increase in... read more.

• October 28, 2015

By Nancy Rand, Posted in Security

October 23, Softpedia – (International) CCTV cameras hijacked to form worldwide DDoS botnet. Security researchers from Incapsula discovered that hackers had used brute-force attacks to compromise over 900 closed circuit television (CCTV) cameras running the BusyBox operating system (OS) and install malware derived from ELF_BASHLITE to launch distributed denial-of-service (DDoS) attacks using Hypertext Transfer Protocol (HTTP) GET request floods. One device was recorded sending over 20,000 HTTP requests per... read more.

• October 26, 2015

By Nancy Rand, Posted in Security

October 22, Securityweek – (International) New NTP vulnerabilities put networks at risk. The Network Time Foundation’s NTP Project released an update addressing 13 denial-of-service (DoS), directory traversal, memory corruption, authentication bypass, and file overwrite vulnerabilities in the Network Time Protocol (NTP), as well as a “crypto-NAK” issue that could allow an unauthenticated off-path attacker to force Network Time Protocol daemon (ntpd) processes to peer with malicious time sources, eventually... read more.

• October 23, 2015

By Nancy Rand, Posted in Security

October 21, Securityweek – (International) Flaws in Apple productivity apps expose users to attacks. Apple recently released updates addressing input validation vulnerabilities related to how malicious documents are parsed in Keynote, Pages, Numbers, and iWork for iOS 2.6 which could have allowed an Extensible Markup Language (XML) External Entity (XXE) attack potentially leading to disclosure of data, denial-of-service (DoS), or other impacts, as well as memory corruption issues that could lead to unexpect... read more.

• October 22, 2015

By Nancy Rand, Posted in Security

October 20, Securityweek – (International) Vulnerabilities found in HP ArcSight products. HP began releasing security updates addressing vulnerabilities in HP’s ArcSight products, including an authentication bypass flaw in the ArcSight Logger interface in which a remote authenticated user without permissions could conduct searches through the Simple Object Access Protocol (SOAP) interface, improper restriction of excessive authentication attempts which could allow brute force attacks on the SOAP interface,... read more.

• October 21, 2015

By Nancy Rand, Posted in Security

October 19, Securityweek – (International) Adobe patches Flash zero-day exploited by Pawn Storm. Adobe released Flash Player updates addressing a zero-day type confusion vulnerability discovered by security researchers from Trend Micro, which the Pawn Storm threat group was exploiting in attacks targeting Foreign Affairs Ministries worldwide via spear-phishing emails leading to a variant of the Sednit malware. Source October 16, CNN – (National) ISIS is attacking the U.S. energy grid (and failing). U.S.... read more.

• October 20, 2015