Articles In Security

By Nancy Rand, Posted in Security

February 20, Softpedia – (International) Commercial spyware found in enterprise environment. Security researchers at Lacoon Mobile Security and Check Point discovered 18 different commercial remote access trojan (mRAT) spying tools that connect to the company’s Wi Fi and communicate with the command and control (C&C) server on 1,000 of 900,000 corporate mobile devices tested. The spyware, generally marketed for monitoring children, allows employers to track the location of users, log activity on the dev... read more.

  • February 23, 2015

By Nancy Rand, Posted in Security

February 19, Softpedia – (International) Over 250,000 home routers found with duplicate SSH keys. A Shodan researcher discovered that mis-configuration of devices likely led over 250,000 home routers from Spain, 200,000 routers from mostly China and Taiwan, and 150,000 routers from the U.S. and Japan to share the same Secure Shell (SSH) keys, which could allow an attacker to gain access to any device with a single key. Researchers recommended disabling SSH connectivity in the router. Source February 19,... read more.

  • February 20, 2015

By Nancy Rand, Posted in Security

February 18, Softpedia – (International) Author of Android Xbot malware includes curse at AV companies. Avast security researchers discovered that the Xbot Android malware infected over 2,570 installations in 350 unique files through third-party marketplaces since the beginning of February. The malware persistently runs on infected devices, has the capability to download content to command and control (C&C) servers, and primarily focuses on capturing, reading, and writing short text messages. Source ... read more.

  • February 19, 2015

By Nancy Rand, Posted in Security

February 17, Softpedia – (International) Firmware of over a dozen hard drive brands altered to lodge malware. Kaspersky researchers discovered that a cyber-espionage group calling itself Equation modified hard drive firmware in over 12 brands to potentially infect tens of thousands of computers worldwide, including those in sectors such as government and military institutions, nuclear research, oil and gas, telecommunications, transportation, and the financial sector, among others. Reprogramming the firmwar... read more.

  • February 18, 2015

By Nancy Rand, Posted in Security

February 12, Securityweek – (International) Google Play, browser flaws expose Android devices to remote code execution. Researchers at Rapid7 reported that vulnerabilities in Google Play due to a lack of appropriate X-Frame-Options (XFO) headers combined with a universal cross-site scripting (UXSS) vulnerability in browsers shipped with Android versions prior to 4.4 (KitKat), or a cross-site scripting (XSS) bug in Google Play, could be leveraged by attackers to remotely install arbitrary Android application... read more.

  • February 13, 2015

By Nancy Rand, Posted in Security

February 11, Softpedia – (International) Cyber Caliphate hackers take over Twitter account of Newsweek. The FBI is investigating a February 10 hijack of Newsweek’s Twitter feed in which attackers claiming to be Islamic State (ISIS)-affiliated hacker group Cyber Caliphate posted threats to the U.S. President’s family before the company regained control of the feed within 14 minutes. Newsweek confirmed that the Twitter accounts of International Business Times and Latin Times were also hijacked by the group. S... read more.

  • February 12, 2015

By Nancy Rand, Posted in Security

February 10, Softpedia – (International) About 40,000 MongoDB databases found open online. Three Saarland University cyber-security students reported security vulnerabilities in MongoDB’s database configuration, including servers with no access control mechanisms that could potentially allow access outside the backend and expose the information of millions of customers to unauthorized parties. An initial scan found nearly 40,000 databases that were open, prompting the researchers to submit their findings to... read more.

  • February 11, 2015

By Nancy Rand, Posted in Security

February 9, Securityweek – (International) DDoS malware for Linux distributed via SSH brute force attacks. FireEye researchers reported February 9 that a campaign utilizing Secure Shell (SSH) brute force attacks to install a distributed denial of service (DDoS) XOR.DDoS malware, first discovered by Malware Must Die in September 2014, has executed nearly 1 million login attempts between November 2014 and the end of January. Source February 9, Securityweek – (National) Tax fraud prompts Intuit to temporari... read more.

  • February 10, 2015

By Nancy Rand, Posted in Security

February 5, Softpedia – (International) Flash Player 16.0.0.305 patches zero-day vulnerability. Adobe released an update for its Flash Player affecting version 16.0.0.296 and earlier versions for Windows and Macintosh that fixes a zero-day vulnerability reported by Trend Micro researchers. The vulnerability was leveraged by attackers through the Hanjuan exploit kit in malvertising campaigns on popular Web sites targeting Internet Explorer and Mozilla Firefox users. Source February 5, Softpedia – (Interna... read more.

  • February 06, 2015

By Nancy Rand, Posted in Security

February 3, Softpedia – (International) Security flaws in SerVision HVG video gateway grant access to the web interface. Researchers with the Computer Emergency Response Team Coordination Center at Carnegie Mellon University (CERT/CC) reported that two high-severity vulnerabilities in SerVision’s HVG video gateway product series which could allow unauthorized access to the unit’s web interface and enable users to log into the web interface with administrative rights were resolved in the latest revision of t... read more.

  • February 04, 2015