Articles In Security

By Nancy Rand, Posted in Security

May 13, Softpedia – (International) Flash Player 17.0.0.188 addresses security holes. Adobe released updates for Flash Player that fixed 18 vulnerabilities, including 10 memory corruption, heap overflow, integer overflow, type confusion, and use-after-free bugs that could allow an attacker to run arbitrary code on an affected system. Source May 13, Softpedia – (International) Mozilla Firefox 38 fixes 13 vulnerabilities, 5 are critical. Mozilla released fixes for 13 vulnerabilities in Firefox version 38,... read more.

  • May 14, 2015

By Nancy Rand, Posted in Security

May 7, Threatpost – (International) Apple fixes webkit vulnerabilities in Safari browser. Apple released an update for its Safari Web browser fixing multiple vulnerabilities in Webkit, including memory corruption and anchor element issues that could be exploited by an attacker to send users to malicious Web sites, leading to arbitrary code execution or unexpected application termination, as well as a state management problem in which unprivileged origins could access file system contents via a specially cra... read more.

  • May 11, 2015

By Nancy Rand, Posted in Security

May 6, Softpedia – (International) Tinba banking trojan checks for sandbox before launching. Security researchers from F-Secure discovered a new variant of the Tiny Banker (Tinba) trojan, which checks for mouse movement and the active window a user is working on to ensure that it is executed on a real machine and not a sandbox before running its malicious routines. The trojan also queries the number of cylinders available to the system’s storage device to determine if it is a virtual machine. Source May... read more.

  • May 08, 2015

By Nancy Rand, Posted in Security

May 1, Securityweek – (International) Security bug in ICANN portals exploited to access user data. The Internet Corporation for Assigned Names and Numbers (ICANN) released April 30 initial findings from an investigation revealing that a vulnerability in two of the organizations generic top-level domain (gTLD) portals had resulted in the exposure of 330 advanced search result records pertaining to 96 applicants and 21 registry operators since April 2013. The organization plans to contact both the affected us... read more.

  • May 04, 2015

By Nancy Rand, Posted in Security

April 29, Securityweek – (International) InFocus projectors plagued by authentication flaws: Core Security. Security researchers at Core Security identified an authentication bypass vulnerability in InFocus network-connected projectors in which an unauthenticated user could bypass the login page and access the projector’s Web interface as an administrator by navigating to the “main.html” page. Once logged in, the unauthenticated user would have the ability to access and modify private network and WiFi confi... read more.

  • April 30, 2015

By Ken Phelan, Posted in Security

I was at the RSA Conference in San Francisco last week and I’d like to report that the Information Security economy is booming. With record numbers of attendees and exhibitors, the buzz around security has never been stronger. All of the news regarding attacks has created a lot of momentum. Most of Gotham’s large customers deal with significant incidents on a near daily basis, and even smaller clients have seen serious incidents over the last year. This increased pressure on cyber security now has boa... read more.

  • April 30, 2015

By Nancy Rand, Posted in Security

April 28, Softpedia – (International) Cyber gang stealing $15 million from banks dismantled by Romanian authorities. Romanian authorities raided 42 locations in 6 countries and detained 25 individuals April 26 in connection to their roles in a group of over 52 suspects who allegedly cloned cards with information from banks’ computer systems to steal over $15 million from financial institutions in the U.S. and worldwide. The thieves supposedly made 34,000 cash withdrawals from ATMs in 24 countries from Febru... read more.

  • April 29, 2015

By Nancy Rand, Posted in Security

April 27, Softpedia – (International) Wordpress 4.2 affected by zero-day stored XSS, PoC available. A security researcher from Klikki Oy discovered a stored cross-site scripting (XSS) vulnerability in WordPress 4.2 and earlier versions in which unauthenticated parties can exploit a flaw in comment text truncation to run arbitrary code on affected servers. Source April 25, Softpedia – (International) Over 25,000 iOS apps affected by bug breaking HTTPS. Security researchers at SourceDNA discovered a vulner... read more.

  • April 28, 2015

By Nancy Rand, Posted in Security

April 24, Securityweek – (International) Login vulnerability exposes SAP ASE databases. The German business software company SAP patched a login vulnerability in its SAP Adaptive Server Enterprise (ASE) in which attackers could use a flawed “probe” two-phase commit login to gain unauthorized access and potentially exploit a privilege escalation flaw to take complete control of the affected server. Source ... read more.

  • April 27, 2015

By Nancy Rand, Posted in Security

April 23, Softpedia – (International) Improper parsing of SSID info exposes Wi-Fi client’s memory contents. Security researchers at Alibaba and Google discovered a vulnerability in the cross-platform “wpa_supplicant” Wi-Fi software that affects versions 1.0 – 2.4 with the Config_P2P option turned on and could allow an attacker to create a service set identifier (SSID) buffer overflow condition, potentially exposing sensitive information in the memory of the device and allowing for arbitrary code execution.... read more.

  • April 24, 2015