Articles In Security

By Nancy Rand, Posted in Security

March 24, Softpedia – (International) Jailbroken iPhones unlocked with software brute-force tool in 14 hours, tops. An iOS jailbreaker published a software library under the GNU General Public License called TransLock, that unlocks iOS devices in 14 hours or less via brute-force by injecting itself into the app that manages the device’s home screen, and setting return values in the “SBFDeviceLockController” class to “No”, allowing unlimited attempts and the ability to try a new PIN every five seconds. The t... read more.

  • March 25, 2015

By Nancy Rand, Posted in Security

March 23, Softpedia – (International) New point-of-sale malware PoSeidon exfiltrates card data to Russian domains. Security researchers from Cisco Systems’ Talos Security Intelligence and Research Group discovered that cybercriminals are using a new point-of-sale (PoS) malware family dubbed PoSeidon that infects systems via a binary file and uses a memory scraping technique to retrieve and clone Discover, American Express, MasterCard, and Visa card information before delivering it to command and control (C&... read more.

  • March 24, 2015

By Nancy Rand, Posted in Security

March 19, Softpedia – (International) Zero-days for Firefox, IE 11, Adobe’s Flash and Reader exploited at Pwn2Own 2015. Security researchers leveraged multiple zero-day vulnerabilities to exploit 13 undisclosed bugs in Adobe’s Flash and Reader, Mozilla’s Firefox, and Microsoft’s Internet Explorer 11 to take control of compromised systems through various methods, which included heap overflow remote code execution, a cross-origin vulnerability, and a use-after-free (UAF) remote code execution, among others at... read more.

  • March 23, 2015

By Nancy Rand, Posted in Security

March 18, Softpedia – (International) Ransomware uses GnuPG encryption program to lock down files. Researchers from Bleeping Computer and Emsisoft discovered that cybercriminals are using open source GNU Privacy Guard (GnuPG) code and Visual Basic Scripting Edition (VBS) to power VaultCrypt ransomware that uses a 1024-bit RSA key pair to encrypt information and Microsoft’s sDelete application to remove data used in the process. The ransomware sends user log-in credentials for Web sites to a command and cont... read more.

  • March 20, 2015

By Nancy Rand, Posted in Security

March 18, Securityweek – (International) Apple fixes WebKit vulnerabilities with release of Safari 8.0.4. Apple released Safari versions 8.0.4, 7.1.4, and 6.2.4, which address a total of 16 memory corruption issues that were identified in WebKit by Apple’s own security team, and Google Chrome Security Team, and included a user interface inconsistency. Source March 18, Securityweek – (International) Johnson Controls, XZERES, Honeywell patch vulnerable products. The Industrial Control Systems Cyber Emergen... read more.

  • March 19, 2015

By Nancy Rand, Posted in Security

March 17, Softpedia – (International) D-Link patches against critical remote command and code execution flaws. D-Link released firmware updates patching two critical vulnerabilities that allowed attackers to intercept network traffic and execute commands on vulnerable devices and exploit cross-site request forgery (CSRF) attacks to create, modify, or delete data and execute code. Source March 16, IDG News Service – (International) OpenSSL mystery patches due for release Thursday. The OpenSSL Project Team... read more.

  • March 18, 2015

By Nancy Rand, Posted in Security

March 16, The Register – (International) Brute force box lets researchers, cops, pop iDevice locks. A security researcher from MDSec discovered that the IP-Box tool exploits a vulnerability in iOS devices running versions 8.1 and older for iPhones or iPads that allows unlimited password guesses of four-digit personal identification numbers (PIN), allowing hackers to bypass rate-limiters and settings to gain personal data after a set of failed attempts. Source March 16, Securityweek – (International) WPML... read more.

  • March 17, 2015

By Nancy Rand, Posted in Security

March 13, Softpedia – (International) Google leaks Whois data for over 282,000 protected domains. Cisco Systems’ Talos researchers reported to Google that private information such as names, physical and email addresses, and phone numbers belonging to 282,867 domains registered through Google Apps’ registrar, eNom, were leaked for nearly two years due to a software defect that did not extend the company’s unlisted registration service, potentially exposing them to spam, spear-phishing attacks, or identity th... read more.

  • March 16, 2015

By Nancy Rand, Posted in Security

March 12, Help Net Security – (International) 2,400 unsafe mobile apps found in average large enterprise. Veracode researchers found that hundreds of thousands of mobile applications installed in corporate environments across multiple industries revealed the average global enterprise contains approximately 2,400 unsafe applications in its mobile environment, including apps that expose sensitive data, perform suspicious security actions, or retrieve or share personal information about users. Source March... read more.

  • March 13, 2015

By Nancy Rand, Posted in Security

March 10, Softpedia – (International) Exploit code published for Elasticsearch remote code execution flaw. Security researchers at Xiphos Research created an exploit for a glitch in Elasticsearch versions earlier than 1.3.8 and 1.4.3 that allows server-side code execution by passing Groovy code in a search query and executing it in the sandbox. The glitch was patched in updates released February 11. Source March 10, Threatpost – (International) Yahoo patches critical eCommerce, small business vulnerabili... read more.

  • March 11, 2015