Articles In Security

By Nancy Rand, Posted in Security

February 12, Securityweek – (International) Google Play, browser flaws expose Android devices to remote code execution. Researchers at Rapid7 reported that vulnerabilities in Google Play due to a lack of appropriate X-Frame-Options (XFO) headers combined with a universal cross-site scripting (UXSS) vulnerability in browsers shipped with Android versions prior to 4.4 (KitKat), or a cross-site scripting (XSS) bug in Google Play, could be leveraged by attackers to remotely install arbitrary Android application... read more.

• February 13, 2015

By Nancy Rand, Posted in Security

February 11, Softpedia – (International) Cyber Caliphate hackers take over Twitter account of Newsweek. The FBI is investigating a February 10 hijack of Newsweek’s Twitter feed in which attackers claiming to be Islamic State (ISIS)-affiliated hacker group Cyber Caliphate posted threats to the U.S. President’s family before the company regained control of the feed within 14 minutes. Newsweek confirmed that the Twitter accounts of International Business Times and Latin Times were also hijacked by the group. S... read more.

• February 12, 2015

By Nancy Rand, Posted in Security

February 10, Softpedia – (International) About 40,000 MongoDB databases found open online. Three Saarland University cyber-security students reported security vulnerabilities in MongoDB’s database configuration, including servers with no access control mechanisms that could potentially allow access outside the backend and expose the information of millions of customers to unauthorized parties. An initial scan found nearly 40,000 databases that were open, prompting the researchers to submit their findings to... read more.

• February 11, 2015

By Nancy Rand, Posted in Security

February 9, Securityweek – (International) DDoS malware for Linux distributed via SSH brute force attacks. FireEye researchers reported February 9 that a campaign utilizing Secure Shell (SSH) brute force attacks to install a distributed denial of service (DDoS) XOR.DDoS malware, first discovered by Malware Must Die in September 2014, has executed nearly 1 million login attempts between November 2014 and the end of January. Source February 9, Securityweek – (National) Tax fraud prompts Intuit to temporari... read more.

• February 10, 2015

By Nancy Rand, Posted in Security

February 5, Softpedia – (International) Flash Player 16.0.0.305 patches zero-day vulnerability. Adobe released an update for its Flash Player affecting version 16.0.0.296 and earlier versions for Windows and Macintosh that fixes a zero-day vulnerability reported by Trend Micro researchers. The vulnerability was leveraged by attackers through the Hanjuan exploit kit in malvertising campaigns on popular Web sites targeting Internet Explorer and Mozilla Firefox users. Source February 5, Softpedia – (Interna... read more.

• February 06, 2015

By Nancy Rand, Posted in Security

February 3, Softpedia – (International) Security flaws in SerVision HVG video gateway grant access to the web interface. Researchers with the Computer Emergency Response Team Coordination Center at Carnegie Mellon University (CERT/CC) reported that two high-severity vulnerabilities in SerVision’s HVG video gateway product series which could allow unauthorized access to the unit’s web interface and enable users to log into the web interface with administrative rights were resolved in the latest revision of t... read more.

• February 04, 2015

By Nancy Rand, Posted in Security

February 2, WTIC 61 Hartford – (International) Beware of phishing scam pretending to be Better Business Bureau questionnaire. The Better Business Bureau (BBB) warned February 2 that scammers sent bogus emails to possibly tens of thousands of businesses across the country, prompting the recipients to open a ZIP file attachment which leads to a Web site that delivers malware onto the user’s computer. The BBB is working with security vendors to mitigate the threat and disable the Web site. Source February 2... read more.

• February 03, 2015

By Nancy Rand, Posted in Security

January 30, Securityweek – (International) New “F0xy” malware uses clever techniques to stay hidden. Websense researchers discovered a new piece of malware that uses legitimate Web sites and services to minimize its detection so it can download a crypto-currency miner onto an infected machine. Earlier versions of the malware worked solely on Windows Vista and later versions of Microsoft’s operating system, while the most recent variants will also run on Windows XP. Source January 30, Softpedia – (Interna... read more.

• February 02, 2015