Articles In Security

By Nancy Rand, Posted in Security

March 18, Softpedia – (International) Ransomware uses GnuPG encryption program to lock down files. Researchers from Bleeping Computer and Emsisoft discovered that cybercriminals are using open source GNU Privacy Guard (GnuPG) code and Visual Basic Scripting Edition (VBS) to power VaultCrypt ransomware that uses a 1024-bit RSA key pair to encrypt information and Microsoft’s sDelete application to remove data used in the process. The ransomware sends user log-in credentials for Web sites to a command and cont... read more.

• March 20, 2015

By Nancy Rand, Posted in Security

March 18, Securityweek – (International) Apple fixes WebKit vulnerabilities with release of Safari 8.0.4. Apple released Safari versions 8.0.4, 7.1.4, and 6.2.4, which address a total of 16 memory corruption issues that were identified in WebKit by Apple’s own security team, and Google Chrome Security Team, and included a user interface inconsistency. Source March 18, Securityweek – (International) Johnson Controls, XZERES, Honeywell patch vulnerable products. The Industrial Control Systems Cyber Emergen... read more.

• March 19, 2015

By Nancy Rand, Posted in Security

March 17, Softpedia – (International) D-Link patches against critical remote command and code execution flaws. D-Link released firmware updates patching two critical vulnerabilities that allowed attackers to intercept network traffic and execute commands on vulnerable devices and exploit cross-site request forgery (CSRF) attacks to create, modify, or delete data and execute code. Source March 16, IDG News Service – (International) OpenSSL mystery patches due for release Thursday. The OpenSSL Project Team... read more.

• March 18, 2015

By Nancy Rand, Posted in Security

March 16, The Register – (International) Brute force box lets researchers, cops, pop iDevice locks. A security researcher from MDSec discovered that the IP-Box tool exploits a vulnerability in iOS devices running versions 8.1 and older for iPhones or iPads that allows unlimited password guesses of four-digit personal identification numbers (PIN), allowing hackers to bypass rate-limiters and settings to gain personal data after a set of failed attempts. Source March 16, Securityweek – (International) WPML... read more.

• March 17, 2015

By Nancy Rand, Posted in Security

March 13, Softpedia – (International) Google leaks Whois data for over 282,000 protected domains. Cisco Systems’ Talos researchers reported to Google that private information such as names, physical and email addresses, and phone numbers belonging to 282,867 domains registered through Google Apps’ registrar, eNom, were leaked for nearly two years due to a software defect that did not extend the company’s unlisted registration service, potentially exposing them to spam, spear-phishing attacks, or identity th... read more.

• March 16, 2015

By Nancy Rand, Posted in Security

March 12, Help Net Security – (International) 2,400 unsafe mobile apps found in average large enterprise. Veracode researchers found that hundreds of thousands of mobile applications installed in corporate environments across multiple industries revealed the average global enterprise contains approximately 2,400 unsafe applications in its mobile environment, including apps that expose sensitive data, perform suspicious security actions, or retrieve or share personal information about users. Source March... read more.

• March 13, 2015

By Nancy Rand, Posted in Security

March 10, Softpedia – (International) Exploit code published for Elasticsearch remote code execution flaw. Security researchers at Xiphos Research created an exploit for a glitch in Elasticsearch versions earlier than 1.3.8 and 1.4.3 that allows server-side code execution by passing Groovy code in a search query and executing it in the sandbox. The glitch was patched in updates released February 11. Source March 10, Threatpost – (International) Yahoo patches critical eCommerce, small business vulnerabili... read more.

• March 11, 2015

By Nancy Rand, Posted in Security

March 9, Securityweek – (International) Email spoofing flaw found in Google Admin console. Security researchers identified a security flaw in the Google Apps Admin console that could have been exploited to gain temporary ownership of any previously unclaimed domain and used to send malicious emails that would not be flagged as suspicious because they came from trusted servers. Google has addressed the vulnerability. Source March 7, Softpedia – (International) Two arrested in the largest data breach in th... read more.

• March 11, 2015

By Nancy Rand, Posted in Security

March 4, Softpedia – (International) Strong SSL/TLS ciphers downgraded to use weak crypto key in FREAK attack. A security researcher at INRIA and the Microsoft Research Team identified a serious vulnerability in the implementation of secure sockets layer (SSL) and transport layer security (TLS) protocols on Apple and Android devices that can be abused through man-in-the-middle (MitM) attacks that capitalize on abandoned policies to force the use of weak RSA keys, potentially leaving a wide range of governme... read more.

• March 05, 2015

By Nancy Rand, Posted in Security

March 3, Help Net Security – (International) Phishers target victims of iOS device theft. Security researchers at Malwarebytes discovered an elaborate phishing campaign that targets victims of iOS device theft by using spoofed messages and a fake iCloud log-in Web page, which is available in 10 different languages, to steal users’ log-in credentials, enabling the thieves to unlock the stolen devices. Source March 3, Securityweek – (International) Lossy image compression can hide malicious code in PDF fil... read more.

• March 05, 2015