Articles In Security

By Nancy Rand, Posted in Security

December 19, SecurityWeek – (International) Spear phishing attacks target industrial firms. Kaspersky Lab researchers warned that a spear phishing campaign has targeted roughly 500 organizations in the smelting, power generation and transmission, construction, and engineering industries across 50 countries since August 2016 in order to spy on users and steal sensitive data. The phishing emails contain a subject line with text used in a company’s correspondence in order to trick the victim into o... read more.

• December 21, 2016

By Nancy Rand, Posted in Security

December 16, SecurityWeek – (International) Joomla patches dangerous security flaws. Joomla released version 3.6.5 to resolve three security issues, including a high severity flaw plaguing all Joomla iterations from 1.6.0 – 3.6.4 which could be exploited to allow an attacker to modify existing user accounts including altering usernames, user group assignments, and passwords. In addition to the patches, the update included additional security hardening mechanisms. Source December 15, Securi... read more.

• December 19, 2016

By Nancy Rand, Posted in Security

December 13, SecurityWeek – (International) Flaw in PwC security tool exposes SAP systems to attacks. Security researchers at ESNC discovered PricewaterhouseCoopers’ Automated Controls Evaluator (ACE) tool was plagued with a remote code execution flaw that could be exploited to remotely inject and execute malicious Advanced Business Application Programming (ABAP) code on a targeted Systems, Applications and Products (SAP) system. The flaw could allow a malicious actor to manipulate accounting do... read more.

• December 15, 2016

By Nancy Rand, Posted in Security

December 14, SecurityWeek – (International) Apple patches 72 vulnerabilities in macOS Sierra. Apple released version 10.12.2 of its Sierra operating system (OS) patching a total of 72 vulnerabilities in Apache, Audio, Bluetooth, security, the kernel, and Disk Images, among other components, after security researchers discovered that the flaws could be exploited to cause an application to enter a denial-of-service (DoS) condition, execute arbitrary code with elevated privileges, leak memory data, and o... read more.

• December 15, 2016

By Nancy Rand, Posted in Security

December 12, Help Net Security – (International) New AirDroid releases fix major security issues. The AirDroid team released mobile version 4.0.0.3 and Microsoft Windows and Apple Mac version 3.3.5.3 of its remote management tool for Android after Zimperium security researchers found the app does not verify if a served update is legitimate, and sends and receives information over insecure channels, thereby exposing users on unsecured networks to man-in-the-middle (MitM) attacks. In addition to the sec... read more.

• December 14, 2016

By Ken Phelan, Posted in Security

As a consultant, I give a lot of advice. There’s one piece of advice that I never give. I’ll never tell you to quit your job, not to your face anyway. There are a few reasons for this. First of all, your company is paying for the advice, not you, so professionally I need to act in their best interests. Secondly, it’s generally precluded by the contracts I have with my customers. Thirdly, it’s just kind of a jerk move. But frankly, it’s one of the things I’m often thinkin... read more.

• December 13, 2016

By Nancy Rand, Posted in Security

December 9, SecurityWeek – (International) Yahoo pays out $10,000 bounty for critical mail flaw. A security researcher from Finland-based software company Klikki Oy discovered a critical flaw in Yahoo! Mail that could allow attackers to steal a user’s emails and create a worm that spreads by attaching itself to outgoing emails. The researcher found the flaw is related to code inserted into an email when a victim uses the “Share files from cloud providers” attachment option to attach... read more.

• December 12, 2016

By Nancy Rand, Posted in Security

December 8, SecurityWeek – (International) August stealer uses PowerShell for fileless infection. Proofpoint security researchers warned that a new information stealing malware, dubbed August leverages Microsoft Word documents containing malicious macros, which once enabled, launch a PowerShell command to download and install the August stealer on a machine for a fileless infection. The malicious payload is downloaded from a remote site as a PowerShell byte array, and targets customer service and mana... read more.

• December 09, 2016

By Nancy Rand, Posted in Security

December 7, SecurityWeek – (International) Windows 10 Creators Update brings new security capabilities. Microsoft reported that the Windows 10 Creators Update, which is scheduled to be released in the spring of 2017, will include several security enhancements including improved detection, intelligence, and remediation capabilities in Windows Defender Advanced Threat Protection (ATP), a feature that will link the Windows Security Center to Office 365 ATP to allow administrators to track a threat across... read more.

• December 08, 2016

By Nancy Rand, Posted in Security

December 5, SecurityWeek – (International) Chrome 55 patches 36 flaws, blocks Flash by default. Google released Chrome 55 patching a total of 36 security flaws including 12 high risk flaws in PDFium, Blink, DevTools, and V8, as well as 9 medium severity issues, and 5 low risk flaws, among other patched vulnerabilities. In addition to resolving the security flaws, Chrome 55 enhances user security by blocking Websites that contain Adobe Flash content out-of-the-box. Source December 5, U.S. Department o... read more.

• December 07, 2016