Articles In Security

By Nancy Rand, Posted in Security

April 3, Help Net Security – (International) Mozilla revokes trust for CNNIC certificates. A spokesperson at Mozilla announced that the company will no longer allow its products to recognize digital certificates issued by the China Internet Network Information Center (CNNIC), following an incident during the week of March 23 in which an intermediate certificate authority (CA) operating under CNNIC issued a number of unauthorized digital certificates for Google domains. The company will ask CNNIC to provide... read more.

• April 06, 2015

By Nancy Rand, Posted in Security

April 1, Help Net Security – (International) WordPress sites compromised to redirect to Pirate Bay clone, exploit kit. Security researchers at Malwarebytes identified a malware campaign that uses an unknown number of compromised WordPress Web sites containing iframes that direct users to a site hosting the Nuclear exploit kit, which leverages an Adobe Flash Player vulnerability in versions before 16.0.0.287 to download a banking trojan. Source April 1, Softpedia – (International) Firefox 37 fixes critica... read more.

• April 06, 2015

By Nancy Rand, Posted in Security

March 30, nj.com – (International) FBI investigates cyber attack that crippled Rutgers internet service. Federal law enforcement is helping to find the source of the weekend cyber attack that crippled Rutgers University internet service, a university spokesman confirmed Monday. "Rutgers is working with the FBI to investigate the incident," spokesman E.J. Miranda said in an email to NJ Advance Media. Miranda added that the university's Office of Information Technology continues to work to fully restore inter... read more.

• April 01, 2015

By Nancy Rand, Posted in Security

March 31, Softpedia – (International) Anonymous proxies used for “Shotgun DDoS” attacks. Security researchers at Incapsula released findings from a one-month study revealing that 20 percent of all application layer (Layer 7) distributed denial-of-service (DDoS) attacks from January – February were “Shotgun DDoS” attacks carried out through anonymous proxies to bypass mitigation systems by spreading across multiple internet protocols (IPs) and multiple geo-locations. Approximately 45 percent of the incidents... read more.

• April 01, 2015

By Nancy Rand, Posted in Security

March 30, Help Net Security – (International) Massive DDoS against GitHub continues. Systems engineers at GitHub reported that complex, large-scale distributed denial-of-service (DDoS) attacks against the company’s servers that started March 26 are ongoing but that all of the Web site’s services are available to users. Security researchers from Insight Labs traced the start of the attack to advertising and visitor tracking provided by the Chinese search engine Baidu. Source   ... read more.

• March 31, 2015

By Nancy Rand, Posted in Security

March 26, Softpedia – (International) Microsoft revokes rogue digital certificate for Google and other web domains. Microsoft updated its Certificate Trust List (CTL) for Windows operating systems, and pushed automatic updates to revoke a certificate fraudulently issued by Egypt-based MCS Holdings. The fraudulent certificates affected several Google domains, as well as other domains, and left Windows users vulnerable to Web content spoofing, phishing, and man-in-the-middle (MitM) attacks. Source March 26... read more.

• March 27, 2015

By Nancy Rand, Posted in Security

March 25, Securityweek – (International) Over 15,000 vulnerabilities detected in 2014: Secunia. Secunia released its annual vulnerability review and found that 15,435 vulnerabilities across 3,870 applications from 500 vendors were discovered in 2014, 11 percent of which were considered highly critical, while .3 percent were rated extremely critical. The report also states that over 60 percent of attacks occurred through remote networks, making it the most common attack vector, among other trends. Source ... read more.

• March 26, 2015

By Nancy Rand, Posted in Security

March 24, Softpedia – (International) Jailbroken iPhones unlocked with software brute-force tool in 14 hours, tops. An iOS jailbreaker published a software library under the GNU General Public License called TransLock, that unlocks iOS devices in 14 hours or less via brute-force by injecting itself into the app that manages the device’s home screen, and setting return values in the “SBFDeviceLockController” class to “No”, allowing unlimited attempts and the ability to try a new PIN every five seconds. The t... read more.

• March 25, 2015

By Nancy Rand, Posted in Security

March 23, Softpedia – (International) New point-of-sale malware PoSeidon exfiltrates card data to Russian domains. Security researchers from Cisco Systems’ Talos Security Intelligence and Research Group discovered that cybercriminals are using a new point-of-sale (PoS) malware family dubbed PoSeidon that infects systems via a binary file and uses a memory scraping technique to retrieve and clone Discover, American Express, MasterCard, and Visa card information before delivering it to command and control (C&... read more.

• March 24, 2015

By Nancy Rand, Posted in Security

March 19, Softpedia – (International) Zero-days for Firefox, IE 11, Adobe’s Flash and Reader exploited at Pwn2Own 2015. Security researchers leveraged multiple zero-day vulnerabilities to exploit 13 undisclosed bugs in Adobe’s Flash and Reader, Mozilla’s Firefox, and Microsoft’s Internet Explorer 11 to take control of compromised systems through various methods, which included heap overflow remote code execution, a cross-origin vulnerability, and a use-after-free (UAF) remote code execution, among others at... read more.

• March 23, 2015