Articles In Security

By Nancy Rand, Posted in Security

April 22, Softpedia – (International) WordPress 4.1.2 fixes critical XSS flaw. WordPress developers announced that the newest release of the blogging platform, 4.1.2, addresses critical security vulnerabilities including a cross-site scripting (XSS) glitch affecting the content management system (CMS) that could allow an attacker to compromise a vulnerable Web site, as well as three other flaws. The release also included increased protection for files that could present a security risk. Source April 22,... read more.

• April 24, 2015

By Nancy Rand, Posted in Security

April 21, Softpedia – (International) Highly popular WordPress plugins vulnerable to XSS attacks. A security researcher from Scrutinizer discovered an issue with two coding functions used in many content management system (CMS) plugins created by WordPress developers that could allow attackers to run cross-site scripting (XSS) attacks and access sensitive areas of affected Web sites. The vulnerability was a result of improper documentation regarding external users’ ability to run commands via the functions.... read more.

• April 24, 2015

By Nancy Rand, Posted in Security

April 20, Softpedia – (International) Russian hackers exploit Windows, Flash Player zero-day flaws in targeted attack. Microsoft is working to patch a privilege escalation flaw in its operating system (OS) affecting Windows 7 and earlier products after FireEye researchers reported the zero-day attack, allegedly run by a Russian group dubbed APT28, on Adobe Flash Player that relies on the Flash vulnerability to gain access to the targeted system. Adobe released a patch addressing the flaw with its current ve... read more.

• April 21, 2015

By Nancy Rand, Posted in Security

April 17, Help Net Security – (International) Pawn Storm cyberspies still at work, target NATO and the White House. Security researchers at Trend Micro reported that cybercriminals are concentrating attacks in the Pawn Storm cyber-espionage operation on the North Atlantic Treaty Organization (NATO) and White House personnel in the U.S., in addition to government and military officials and media companies. The attacks seek to compromise targets’ computers and Microsoft Outlook accounts via spear-phishing ema... read more.

• April 21, 2015

By Nancy Rand, Posted in Security

April 16, Softpedia – (International) Current threat prevention systems are not enough protection for enterprises. Findings from a recent study in automated breach detection carried out by security researchers at Seculert revealed that gateway solutions at participating Fortune 2000 enterprises only blocked 87 percent of communications from compromised devices within their networks. The report also found that about 2 percent of devices in organizations were compromised by malware, while nearly 400,000 inter... read more.

• April 17, 2015

By Nancy Rand, Posted in Security

April 14, Softpedia – (International) Misconfigured DNS servers vulnerable to domain info leak. The U.S. Computer Emergency Readiness Team (US-CERT) released a security statement warning that misconfigured, public-facing domain name system (DNS) servers utilizing Asynchronous Transfer Full Range (AXFR) protocols, are vulnerable to system takeovers, redirects to spoofed addresses, and denial-of-service (DoS) attacks from unauthenticated users via DNS zone transfer requests. Research from Alexa revealed that... read more.

• April 15, 2015

By Nancy Rand, Posted in Security

April 13, Securityweek – (International) Law enforcement, security firms team up to disrupt Simda botnet. U.S. and European agencies, along with private security firms, collaborated with Interpol to disrupt the Simda botnet by seizing 14 command and control (C&C) servers throughout the Netherlands, U.S., Poland, Luxembourg, and Russia. The malware is usually delivered via exploit kits (EK), and is often used for the distribution of malware and potentially unwanted applications (PUA), and has infected ov... read more.

• April 14, 2015

By Nancy Rand, Posted in Security

April 10, Softpedia – (International) OS X 10.9.x and older vulnerable to hidden backdoor API. A Swedish security researcher discovered a hidden backdoor application programming interface (API) present in the Admin framework of Apple OS X versions prior to 10.10.2 that could grant attackers root access to users with both admin and regular user accounts. Apple patched the issue in its release of OS X 10.10.3 Source April 10, Softpedia – (International) United States, South Africa most affected by Changeup... read more.

• April 13, 2015

By Nancy Rand, Posted in Security

April 9, Softpedia – (International) Over 100 forum websites foist poorly detected malware. Security researchers at Cyphort discovered a supposed click-fraud campaign that exploits Web forums running outdated versions of vBulletin or IP Board software to use malicious code to direct visitors to a landing page hosting the Fiesta exploit kit (EK) to deliver Gamarue and FleerCivet malware that steals information and injects backdoor trojans. The malware ensures persistence by avoiding virtual environments and... read more.

• April 10, 2015

By Nancy Rand, Posted in Security

April 8, Softpedia – (International) Stored XSS glitch in WP-Super-Cache may affect over 1 million WordPress sites. Security researchers from Sucuri discovered a cross-site-scripting (XSS) vulnerability in WP-Super-Cache plug-in versions prior to 1.4.4 for WordPress sites that could allow attackers to add new administrator accounts to the Web sites or inject backdoors due to improper sanitization of information originating from users. The plugin currently has over 1 million active installations, and develop... read more.

• April 10, 2015