Articles In Security

By Nancy Rand, Posted in Security

February 27, Softpedia – (International) Apps bypass Google Play verification and spew tempest of ads. Bitdefender security researchers discovered 10 apps hosted in Google Play that use social engineering to trick users into installing ad-spewing software and relied on deceptive tactics to ensure persistence on users’ devices. None of the apps linked to Web sites hosting malware, allowing the apps to bypass Google Play quality controls. Source February 27, Securityweek – (International) Critical vulnerab... read more.

• March 02, 2015

By Nancy Rand, Posted in Security

February 25, Securityweek – (International) Mozilla fixes 17 vulnerabilities in Firefox 36. Mozilla released version 36 of its Firefox browser closing 17 vulnerabilities and flaws, including 4 rated as critical. Source February 25, Help Net Security – (International) New DDoS attack and tools use Google Maps plugin as proxy. PLXsert security researchers discovered that attackers are exploiting a known vulnerability in Joomla’s Google Maps plugin by spoofing the sources of requests, causing results to be... read more.

• February 26, 2015

By Nancy Rand, Posted in Security

February 23, SC Magazine – (International) Older vulnerabilities a top enabler of breaches, according to report. Hewlett Packard security researchers reported that 44 percent of known breaches happened as a result of server misconfigurations and vulnerabilities discovered years ago. The report cites 33 percent of identified exploit samples from Microsoft Windows, 11 percent from Adobe Reader and Acrobat, 6 bugs in Oracle Java, and 2 flaws in Microsoft Office flaws. Source February 23, Securityweek – (Int... read more.

• February 25, 2015

By Ken Phelan, Posted in Security

I was out to dinner with my parents the other night and my mother started getting on my case. You know, the way mothers do. “Kenneth.” Yes, I’m a grown man and my mother still calls me Kenneth when she’s angry with me. “I’ve been reading the paper and there are all these security problems all the time. Aren’t you supposed to be fixing this? There must be something you can do to stop it. It seems like quite a problem.” Mothers. How is it that they can bundle up a wonderful compliment (I’m capable... read more.

• February 25, 2015

By Nancy Rand, Posted in Security

February 23, The Register – (International) Cisco IPv6 processing bug can cause DoS attacks. Cisco announced that its NCS 6000 and Carrier Routing System (CRS-X) contain an IPv6 software bug that attackers could repeatedly exploit by sending a malformed IPv6 packet, carrying extension headers, through an affected Cisco IOS XR device line card to cause an extended denial of service (DoS) condition. Source February 23, Securityweek – (International) Superfish SSL interception library found in several appli... read more.

• February 24, 2015

By Nancy Rand, Posted in Security

February 20, Softpedia – (International) Commercial spyware found in enterprise environment. Security researchers at Lacoon Mobile Security and Check Point discovered 18 different commercial remote access trojan (mRAT) spying tools that connect to the company’s Wi Fi and communicate with the command and control (C&C) server on 1,000 of 900,000 corporate mobile devices tested. The spyware, generally marketed for monitoring children, allows employers to track the location of users, log activity on the dev... read more.

• February 23, 2015

By Nancy Rand, Posted in Security

February 19, Softpedia – (International) Over 250,000 home routers found with duplicate SSH keys. A Shodan researcher discovered that mis-configuration of devices likely led over 250,000 home routers from Spain, 200,000 routers from mostly China and Taiwan, and 150,000 routers from the U.S. and Japan to share the same Secure Shell (SSH) keys, which could allow an attacker to gain access to any device with a single key. Researchers recommended disabling SSH connectivity in the router. Source February 19,... read more.

• February 20, 2015

By Nancy Rand, Posted in Security

February 18, Softpedia – (International) Author of Android Xbot malware includes curse at AV companies. Avast security researchers discovered that the Xbot Android malware infected over 2,570 installations in 350 unique files through third-party marketplaces since the beginning of February. The malware persistently runs on infected devices, has the capability to download content to command and control (C&C) servers, and primarily focuses on capturing, reading, and writing short text messages. Source ... read more.

• February 19, 2015

By Nancy Rand, Posted in Security

February 17, Softpedia – (International) Firmware of over a dozen hard drive brands altered to lodge malware. Kaspersky researchers discovered that a cyber-espionage group calling itself Equation modified hard drive firmware in over 12 brands to potentially infect tens of thousands of computers worldwide, including those in sectors such as government and military institutions, nuclear research, oil and gas, telecommunications, transportation, and the financial sector, among others. Reprogramming the firmwar... read more.

• February 18, 2015

By Nancy Rand, Posted in Security

February 12, Securityweek – (International) Google Play, browser flaws expose Android devices to remote code execution. Researchers at Rapid7 reported that vulnerabilities in Google Play due to a lack of appropriate X-Frame-Options (XFO) headers combined with a universal cross-site scripting (UXSS) vulnerability in browsers shipped with Android versions prior to 4.4 (KitKat), or a cross-site scripting (XSS) bug in Google Play, could be leveraged by attackers to remotely install arbitrary Android application... read more.

• February 13, 2015