Articles In Security

By Nancy Rand, Posted in Security

October 18, Softpedia – (International) WordPress sites under attack via security flaw in unmaintained plugin. Security researchers from White Fir Design discovered the WordPress Marketplace plugin was plagued with an arbitrary file upload vulnerability that could allow an attacker to upload arbitrary files on Websites with the plugin installed and potentially take over a site’s underlying server. The researchers discovered the flaw after detecting scans for the plugin’s Cascading Style Sh... read more.

• October 19, 2016

By Nancy Rand, Posted in Security

October 17, SecurityWeek – (International) Siemens patches flaws in SIMATIC, license manager products. Siemens released software updates addressing several vulnerabilities in its SIMATIC and Automation License Manager (ALM) products after Kaspersky Lab researchers discovered ALM was plagued with a critical path traversal issue that could allow a remote attacker to upload files to the disk, create and remove files, or move existing files via specially crafted packets, as well as a denial-of-service (Do... read more.

• October 18, 2016

By Nancy Rand, Posted in Security

October 13, SecurityWeek – (International) Critical vulnerability patched in Cisco conferencing product. Cisco reported that its Cisco Meeting Server (CMS) prior to version 2.0.6 and Acano Server prior to versions 1.8.18 and 1.9.6 were plagued with a critical vulnerability affecting the Extensible Messaging and Presence Protocol (XMPP) service that could allow an unauthenticated attacker to access the system as another user if the XMPP is enabled on the affected devices, as the XMPP service incorrectl... read more.

• October 17, 2016

By Nancy Rand, Posted in Security

October 13, SecurityWeek – (International) Attackers actively exploit recently patched BIND flaw. The Internet Systems Consortium (ISC) reported that it learned a high severity denial-of-service (DoS) vulnerability patched in the Domain Name Server (DNS) software BIND was exploited in the wild to crash servers after Infobyte security researchers published a proof-of-concept (PoC) code and Metasploit module demonstrating the attack. Source October12, SecurityWeek – (International) Cerber 4.0 fue... read more.

• October 14, 2016

By Nancy Rand, Posted in Security

October 12, Softpedia – (International) Microsoft patches four zero-days used in live attacks. Microsoft released a security bulletin addressing 4 zero-day vulnerabilities in several of its products, including an information disclosure bug in Internet Explorer, remote code execution (RCE) flaws in Edge’s scripting engine and Windows graphics device interface (GDI), and a memory corruption vulnerability in Office, among other vulnerabilities. Microsoft reported all four zero-days have been exploi... read more.

• October 13, 2016

By Nancy Rand, Posted in Security

October 11, SecurityWeek – (International) Malware abuses Windows Troubleshooting Platform for distribution. Proofpoint security researchers discovered a malicious backdoor, dubbed “LatentBot” was abusing the Microsoft Windows Troubleshooting Platform (WTP) feature to trick users into executing the malicious payload, which was being distributed via email attachments with a lure document that once opened, launches a digitally signed DIAGCAB file containing PowerShell commands that download... read more.

• October 12, 2016

By Nancy Rand, Posted in Security

October 7, SecurityWeek – (International) VMware patches directory traversal flaw in Horizon View. VMware released versions 7.0.1, 6.2.3, and 5.3.7 of its Horizon View products for Microsoft Windows after a security researcher, dubbed “Bruk0ut” discovered the products were plagued with a flaw that could allow a remote attacker to carry out a directory traversal attack on the Horizon View Connection Server to access sensitive information. Source October 7, SecurityWeek – (Internation... read more.

• October 11, 2016

By Nancy Rand, Posted in Security

October 6, SecurityWeek – (International) Mac malware can abuse legitimate apps to spy on users. A security researcher from Synack discovered that Apple Mac operating system (OS) X malware can monitor an infected system for legitimate user-initiated video sessions on applications such as FaceTime, Skype, and Google Hangouts, and piggyback on those legitimate sessions to record video and spy on users without their knowledge or authorization. Source October 5, Softpedia – (International) New back... read more.

• October 07, 2016

By Nancy Rand, Posted in Security

October 4, SecurityWeek – (International) EMC patches critical flaws in VMAX storage products. Dell EMC released patches resolving six vulnerabilities in versions 8.0.x – 8.2.x of its VMAX Unisphere Web-based management console and vApp Manager configuration and support tool for VMware deployments after researchers from Digital Defense, Inc. (DDI) discovered a critical vulnerability that can be exploited to add new admin users and compromise the virtual appliance, as well as a flaw that can be e... read more.

• October 05, 2016

By Nancy Rand, Posted in Security

October 3, SecurityWeek – (International) Over 400 vulnerabilities reported to ICS-CERT in 2015. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) released its vulnerability coordination report for the fiscal year 2015, which revealed ICS-CERT published 197 advisories covering a total of 427 vulnerabilities during 2015, while only 245 issues were covered in 2014. The report also revealed that 43 percent of the vulnerabilities were rated as high severity, and the energy sector was... read more.

• October 05, 2016