Articles In Security

By Nancy Rand, Posted in Security

April 20, Softpedia – (International) Russian hackers exploit Windows, Flash Player zero-day flaws in targeted attack. Microsoft is working to patch a privilege escalation flaw in its operating system (OS) affecting Windows 7 and earlier products after FireEye researchers reported the zero-day attack, allegedly run by a Russian group dubbed APT28, on Adobe Flash Player that relies on the Flash vulnerability to gain access to the targeted system. Adobe released a patch addressing the flaw with its current ve... read more.

• April 21, 2015

By Nancy Rand, Posted in Security

April 17, Help Net Security – (International) Pawn Storm cyberspies still at work, target NATO and the White House. Security researchers at Trend Micro reported that cybercriminals are concentrating attacks in the Pawn Storm cyber-espionage operation on the North Atlantic Treaty Organization (NATO) and White House personnel in the U.S., in addition to government and military officials and media companies. The attacks seek to compromise targets’ computers and Microsoft Outlook accounts via spear-phishing ema... read more.

• April 21, 2015

By Nancy Rand, Posted in Security

April 16, Softpedia – (International) Current threat prevention systems are not enough protection for enterprises. Findings from a recent study in automated breach detection carried out by security researchers at Seculert revealed that gateway solutions at participating Fortune 2000 enterprises only blocked 87 percent of communications from compromised devices within their networks. The report also found that about 2 percent of devices in organizations were compromised by malware, while nearly 400,000 inter... read more.

• April 17, 2015

By Nancy Rand, Posted in Security

April 14, Softpedia – (International) Misconfigured DNS servers vulnerable to domain info leak. The U.S. Computer Emergency Readiness Team (US-CERT) released a security statement warning that misconfigured, public-facing domain name system (DNS) servers utilizing Asynchronous Transfer Full Range (AXFR) protocols, are vulnerable to system takeovers, redirects to spoofed addresses, and denial-of-service (DoS) attacks from unauthenticated users via DNS zone transfer requests. Research from Alexa revealed that... read more.

• April 15, 2015

By Nancy Rand, Posted in Security

April 13, Securityweek – (International) Law enforcement, security firms team up to disrupt Simda botnet. U.S. and European agencies, along with private security firms, collaborated with Interpol to disrupt the Simda botnet by seizing 14 command and control (C&C) servers throughout the Netherlands, U.S., Poland, Luxembourg, and Russia. The malware is usually delivered via exploit kits (EK), and is often used for the distribution of malware and potentially unwanted applications (PUA), and has infected ov... read more.

• April 14, 2015

By Nancy Rand, Posted in Security

April 10, Softpedia – (International) OS X 10.9.x and older vulnerable to hidden backdoor API. A Swedish security researcher discovered a hidden backdoor application programming interface (API) present in the Admin framework of Apple OS X versions prior to 10.10.2 that could grant attackers root access to users with both admin and regular user accounts. Apple patched the issue in its release of OS X 10.10.3 Source April 10, Softpedia – (International) United States, South Africa most affected by Changeup... read more.

• April 13, 2015

By Nancy Rand, Posted in Security

April 9, Softpedia – (International) Over 100 forum websites foist poorly detected malware. Security researchers at Cyphort discovered a supposed click-fraud campaign that exploits Web forums running outdated versions of vBulletin or IP Board software to use malicious code to direct visitors to a landing page hosting the Fiesta exploit kit (EK) to deliver Gamarue and FleerCivet malware that steals information and injects backdoor trojans. The malware ensures persistence by avoiding virtual environments and... read more.

• April 10, 2015

By Nancy Rand, Posted in Security

April 8, Softpedia – (International) Stored XSS glitch in WP-Super-Cache may affect over 1 million WordPress sites. Security researchers from Sucuri discovered a cross-site-scripting (XSS) vulnerability in WP-Super-Cache plug-in versions prior to 1.4.4 for WordPress sites that could allow attackers to add new administrator accounts to the Web sites or inject backdoors due to improper sanitization of information originating from users. The plugin currently has over 1 million active installations, and develop... read more.

• April 10, 2015

By Nancy Rand, Posted in Security

April 7, Help Net Security – (International) New crypto-ransomware “quarantines” files, downloads info-stealer. Security researchers at Trend Micro discovered a new piece of crypto-ransomware dubbed CryptVault that uses open-source GnuPG to create RSA-1024 public and private key pairs that encrypt files to make them resemble files quarantined by an anti-virus solution, before asking for ransom and downloading and executing Browser Password Dump to extract passwords stored by Web browsers. Attackers spread t... read more.

• April 08, 2015

By Nancy Rand, Posted in Security

April 6, Softpedia – (International) Google certificate expires, email clients return security warnings. An expired intermediate certificate signed by Google Internet Authority G2 for simple mail transport protocol (SMTP) in Google’s Gmail resulted in users receiving error messages on outgoing email activity for over 2 hours April 4. The company renewed the certificate through December 2015. Source April 6, Securityweek – (International) Flaw in Schneider Electric vamp software allows arbitrary code exec... read more.

• April 07, 2015