Articles In Security

By Nancy Rand, Posted in Security

September 14, Securityweek – (International) Attackers use Google Search Console to hide website hacks. Security researchers from Sucuri discovered that cybercriminals have been using the Google Search Console to improve spam page search engine optimization (SEO) and to hide their presence on hijacked websites by receiving notification when hacks are detected, and by unverifying legitimate website owners. Source September 14, Help Net Security – (International) New malware can make ATMs not give users’ c... read more.

• September 15, 2015

By Nancy Rand, Posted in Security

September 11, Securityweek – (International) Yokogawa patches serious flaws in ICS products. Japan-based Yokogawa Electric released patches addressing three critical flaws related to network communication functions affecting several of the company’s industrial control system (ICS) products. The remotely exploitable vulnerabilities include buffer overflows and a flaw that could allow an attacker to execute arbitrary code. Source September 10, Securityweek – (International) No patches available for flaws i... read more.

• September 14, 2015

By Nancy Rand, Posted in Security

September 10, Securityweek – (International) SAP updates patch twenty vulnerabilities. Germany-based SAP enterprise software maker updated 5 previously released patches and issued a new patch addressing 20 vulnerabilities including 8 that were missing authorization checks, 6 cross-site scripting (XSS) bugs, an information disclosure vulnerability, cross-site forgery (CSRF), remote code execution, SQL injection, in addition to other types of attacks. Source September 10, Help Net Security – (International... read more.

• September 11, 2015

By Nancy Rand, Posted in Security

September 9, Securityweek – (International) Microsoft patches Windows vulnerability exploited in the wild. Microsoft released security bulletins patching over 50 vulnerabilities, including a Win32k memory corruption flaw allowing privilege escalation that has been exploited in the wild, a kernel address space layout randomization (ASLR) bypass, a Windows Media Center remote code execution (RCE) vulnerability, a .NET Framework integer overflow, and a memory corruption flaw in the Edge and Internet Explorer W... read more.

• September 10, 2015

By Nancy Rand, Posted in Security

September 4, Securityweek – (International) Cisco patches flaw in data center management products. Cisco released software updates addressing a remotely exploitable JavaServer Pages (JSP) vulnerability in the company’s UCS Director and Integrated Management Controller (IMC) Supervisor products which could allow an unauthenticated attacker to use specially crafted HyperText Transfer Protocol (HTTP) requests to overwrite arbitrary files, resulting in instability or a denial-of-service (DoS) condition. Source ... read more.

• September 08, 2015

By Nancy Rand, Posted in Security

September 1, CSOonline.com – (International) Intel: Criminals getting better at data exfiltration. Security researchers from Intel released findings from a report revealing that cybercriminals are using increasingly sophisticated techniques to exfiltrate pilfered data once systems are accessed, including compressing and disguising the data, leveraging Gmail and encryption, and leveraging graphics processors. Source August 31, Threatpost – (International) CERT warns of slew of bugs in Belkin N600 routers.... read more.

• September 03, 2015

By Nancy Rand, Posted in Security

September 1, CSOonline.com – (International) Intel: Criminals getting better at data exfiltration. Security researchers from Intel released findings from a report revealing that cybercriminals are using increasingly sophisticated techniques to exfiltrate pilfered data once systems are accessed, including compressing and disguising the data, leveraging Gmail and encryption, and leveraging graphics processors. Source August 31, Threatpost – (International) CERT warns of slew of bugs in Belkin N600 routers.... read more.

• September 02, 2015

By Nancy Rand, Posted in Security

August 31, IDG News Service – (International) Russian-speaking hackers breach 97 web sites, many of them dating ones. Security researchers from Hold Security discovered that hackers breached 97 web sites between July - August after analysts found batches of stolen information, including a list of web sites and their vulnerabilities, notes, and large lists of email addresses and unencrypted passwords. Source August 31, IDG News Service – (International) ‘KeyRaider’ iOS malware targets jailbroken devices.... read more.

• September 01, 2015

By Nancy Rand, Posted in Security

August 28, Securityweek – (International) Moxa patches flaws in industrial ethernet switches. Security researchers from Applied Risk discovered serious privilege escalation, denial-of-service (DoS), and cross-site scripting (XSS) vulnerabilities affecting Moxa industrial ethernet switches that could allow an unauthenticated remote attacker to compromise the device and connected industrial assets. Moxa recently released an update addressing nine heap-based buffer overflow and classic buffer overflow vulnerab... read more.

• August 31, 2015

By Nancy Rand, Posted in Security

August 27, The Register – (International) FireEye intern VXer pleads guilty for Darkode droid RAT ruse. A former FireEye intern from Pittsburgh pleaded guilty to creating and selling the Dendroid remote access trojan (RAT) for Android phones on the Darkode hacker forums. Denroid was capable of infecting about 1,500 phones for each buyer, while it is unknown how many copies the suspect sold. Source August 27, Threatpost – (International) Endress+Hauser patches buffer overflow in dozens of ICS products. En... read more.

• August 28, 2015