Articles In Security

By Nancy Rand, Posted in Security

December 2, SecurityWeek – (International) Eight vulnerabilities found in Moxa NPort devices. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) reported that Moxa’s NPort serial device servers are plagued by eight vulnerabilities after security researchers discovered three critical flaws that can be exploited to retrieve an administrator password without authentication, update the device’s firmware without authentication, and use brute force to bypass authentication,... read more.

• December 06, 2016

By Nancy Rand, Posted in Security

December 2, Help Net Security – (International) AirDroid app opens millions of Android users to device compromise. Zimperium security researchers reported that tens of millions of users of Android’s remote management tool, AirDroid are vulnerable to man-in-the-middle (MitM) attacks that could compromise their devices through fraudulent updates and result in data theft. If a user is on the same unsecured network as a malicious actor, the attacker could perform a MitM network attack to access the... read more.

• December 05, 2016

By Nancy Rand, Posted in Security

November 29, Help Net Security – (International) McAfee Labs predicts 14 security developments for 2017. Intel Security released its McAfee Labs 2017 Threats Predictions Report, which identifies 14 security threat trends for 2017 including a predicted increase of undetectable Internet of Things (IoT) attacks on smart homes, an increase in targeted attacks against hardware and firmware, and an increase in the sophisticated and proliferation of social engineering attacks due to machine learning, among o... read more.

• December 01, 2016

By Nancy Rand, Posted in Security

November 17, SecurityWeek – (International) iOS lockscreen bypass gives access to contacts, photos. Security researchers discovered a vulnerability in Apple’s mobile operating system (iOS) that could allow an attacker with physical access to a device that has Siri enabled on the lockscreen to bypass the phone’s lockscreen and access photos and contact information on a victim’s iPhone or iPad. The researchers reported the flaw affects iOS versions 8.0 – 10.2 and can be avoided b... read more.

• November 29, 2016

By Ken Phelan, Posted in Security

77% of internet traffic is now encrypted. That number has been increasing steadily over time and it appears that it will continue to increase. What does it mean to us as security professionals when we’re dealing with an increasingly dark internet? Traditional network products are ineffective at examining encrypted traffic. That means we’ll have to decrypt it for them. We have a limited number of precious places to look at traffic in its unencrypted state. Notably, proxies and end-points. End... read more.

• November 21, 2016

By Nancy Rand, Posted in Security

November 17, SecurityWeek – (International) Several vulnerabilities patched in Drupal 7, 8. Drupal released versions 7.52 and 8.2.3 addressing four vulnerabilities including a flaw in Drupal 8 that can be exploited to cause a denial-of-service (DoS) condition with specially crafted URLs via the transliteration mechanism. The updates also resolved a flaw in Drupal 7 that could allow a malicious actor to build a confirmation form Uniform Resource Locator (URL) that redirects victims to third-party Websi... read more.

• November 18, 2016

By Nancy Rand, Posted in Security

November 16, SecurityWeek – (International) Symantec patches DLL hijacking flaw in enterprise products. Symantec released updates to resolve a dynamic-link library (DLL) flaw affecting its IT Management Suite (ITMS) 8.0, Ghost Solution Suite (GSS) 3.1, and Endpoint Virtualization (SEV) 7.x products, which could cause a rogue DLL file to be loaded by the software before the legitimate file, leading to arbitrary code execution, potentially with elevated privileges, as the affected products do not use an... read more.

• November 17, 2016

By Nancy Rand, Posted in Security

November 15, SecurityWeek – (International) Cryptsetup flaw exposes Linux systems to attacks. Security researchers discovered a vulnerability affecting the disk encryption utility Cryptsetup that could allow attackers with physical access to a targeted Linux system to gain root access to the system, and copy, modify, or destroy data on the hard disk by holding down the “Enter” key for approximately 70 seconds during boot. The flaw occurs when the system partition is encrypted using the Lin... read more.

• November 16, 2016

By Nancy Rand, Posted in Security

November 11, SecurityWeek – (National) U.S. authorities reach settlement with Adobe over 2013 breach. Authorities in 15 States reached a $1 million settlement with Adobe Systems November 10 after the company reportedly failed to employ reasonable measures to protect its customers’ personal information and detect malicious activity within its network, causing a massive data breach in 2013 that compromised over 150 million records. As part of the settlement, Adobe agreed to institute new policies... read more.

• November 15, 2016

By Nancy Rand, Posted in Security

November 10, SecurityWeek – (International) Hackers can abuse iOS WebView to make phone calls. A security researcher reported that Apple mobile operating system (iOS) applications such as LinkedIn, Twitter, and others can be abused by a malicious actor to initiate phone calls to arbitrary phone numbers from a victim’s device by convincing a user to open a specially crafted Webpage via an affected app that redirects the victim to a TEL Uniform Resource Identifier (URI), which triggers the call. T... read more.

• November 14, 2016