Articles In Security

By Nancy Rand, Posted in Security

October 1, Threatpost – (International) Apple patches 100+ vulnerabilities in OS X, Safari, iOS. Apple released OS X version 10.11 El Capitan addressing over 100 security vulnerabilities, including 20 hypertext preprocessor (PHP) flaws, XARA password stealing vulnerabilities which could allow an attacker to use a malicious application to access a user’s keychain, and 45 issues in the Safari 9 Web browser, among others. Source October 1, IDG News Service – (International) New Android vulnerabilities put o... read more.

• October 02, 2015

By Nancy Rand, Posted in Security

September 30, Help Net Security – (International) Scammers use Google AdWords, fake Windows BSOD to steal money from users. Security researchers from Malwarebytes discovered that cybercriminals are using Google’s AdWords to place malicious links at the top of Google’s search page for common searches, which would lead to a fake “Blue Screen of Death” (BSOD) page prompting users to call a toll-free “helpline” with scammers that would solicit payments for support services and personal and bank account informat... read more.

• October 01, 2015

By Nancy Rand, Posted in Security

September 29, IDG News Service – (International) Newly found TrueCrypt flaw allows full system compromise. A security researcher from Google’s Project Zero team discovered two vulnerabilities in TrueCrypt hard drive encryption software which could allow attackers to obtain elevated system privileges if they have access to a limited user account. VeraCrypt released patches for the vulnerabilities, and users were advised to switch products for these and other security improvements. Source September 28, Sof... read more.

• September 30, 2015

By Ken Phelan, Posted in Security

There are a lot of new products emerging to secure the end point. This makes sense given the nature of the attacks we’re seeing, but it’s also leading to some confusion. I thought I would try help out with some categorization. Category 1: Signature-based defenses. These are traditional anti-virus and malware products. The signature-based solutions have a serious problem – or rather a deadly combination of two problems. There are so many new signatures that it becomes more and more expensive to manage the... read more.

• September 28, 2015

By Nancy Rand, Posted in Security

September 25, Securityweek – (International) Vulnerabilities found in several SCADA products. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) published advisories identifying vulnerabilities in supervisory control and data acquisition (SCADA) products, including a privilege escalation bug in Resource Data Management’s Data Manager that could allow an attacker to change the passwords of users, a cross-site request forgery (CSRF) that an attacker could use to perform actions on behalf... read more.

• September 28, 2015

By Nancy Rand, Posted in Security

September 24, IDG News Service – (International) Ransomware pushers up their game against small businesses. TrendMicro researchers released analysis revealing that 67 percent of users who clicked on links in CryptoWall and 40 percent who clicked links in TorrentLocker ransomware-related emails were from small and medium businesses in June and July, attributing the percentage to social engineering and a lack of safeguards compared to larger organizations. Source September 23, Softpedia – (International) S... read more.

• September 25, 2015

By Nancy Rand, Posted in Security

September 23, Securityweek – (International) Firefox 41 patches critical vulnerabilities. Mozilla released updates addressing 30 vulnerabilities in Firefox version 41, including use-after-free bugs with IndexedDB and manipulation of HyperText Markup Language (HTML) content that could lead to an exploitable crash, memory safety bugs that can be exploited to execute arbitrary code, and two flaws involving cross-origin resource sharing (CORS) “preflight” request handling, among others. Source September 23,... read more.

• September 24, 2015

By Nancy Rand, Posted in Security

September 22, Securityweek – (International) Adobe patches 23 vulnerabilities in Flash Player. Adobe released updates for Flash Player addressing 23 information disclosure, security bypass, memory leak, type confusion, use-after-free, buffer overflow, stack corruption, and memory corruption vulnerabilities, and includes additional validation checks to ensure rejection of malicious content from vulnerable JSONP callback Application Program Interfaces (APIs), among other improvements. Source September 22,... read more.

• September 23, 2015

By Nancy Rand, Posted in Security

September 20, Softpedia – (International) Three Symantec employees fired for issuing fake Google SSL certificates. Symantec fired three employees for issuing rogue Secure Sockets Layer (SSL) certificates after Google engineers working for the Certificate Transparency project discovered that the company had issued fake Google.com certificates with “extended validation” labels. Source September 20, IDG News Service – (International) Apple removes malware-infected iOS apps from store. Apple officials report... read more.

• September 22, 2015

By Nancy Rand, Posted in Security

September 18, SC Magazine – (International) VMware addresses vulnerability in vCenter server. VMware released an update addressing a certificate validation vulnerability in select versions of its vCenter Server which an attacker could exploit to intercept traffic between the vCenter Server and the Lightweight Directory Access Protocol (LDAP) server to capture sensitive information. Source September 18, Softpedia – (International) D-Link accidentally publishes code signing keys. A Norwegian developer and... read more.

• September 21, 2015