Articles In Uncategorized

By Nancy Rand, Posted in Uncategorized

June 3, Help Net Security – (International) Weak SSH keys opened many GitHub repositories to compromise. A security researcher discovered that large numbers of GitHub repositories are vulnerable to compromise and the delivery of malicious code due to a flaw that generated weak cryptographic secure shell (SSH) keys until 2008. Source June 3, Help Net Security – (International) IoT devices entering enterprises, opening company networks to attacks. A recently released OpenDNS report on Internet of Things (I... read more.

• June 04, 2015

By Ed Bratter, Posted in Uncategorized

Background If your organization has deployed a Microsoft Certificate Authority (CA) for its PKI solution, your users probably started inquiring recently what the yellow triangle in the address bar of Google Chrome is all about (if they haven’t, either you are ahead of the curve or your users are… Well, I won’t go down that slippery slope). When clicking on the padlock, additional information shows that the website is encrypted with obsolete cryptography. Additionally, there is a reference that SHA1... read more.

• May 20, 2015

By Nancy Rand, Posted in Uncategorized

May 15, Softpedia – (International) Apache fixes vulnerability affecting security manager protections. The security team responsible for Apache Tomcat discovered a vulnerability in multiple versions of the software’s open-source web server and servlet container that could allow an attacker to bypass protections for the Security Manager component and run malicious web applications. Source May 14, CNN – (International) Washington Post mobile site temporarily shut down in apparent hack. The Washington Post... read more.

• May 19, 2015

By Nancy Rand, Posted in Uncategorized

May 14, Softpedia – (International) Cisco TelePresence vulnerable to unauthorized root access, denial of service. Cisco reported two vulnerabilities in versions of its TelePresence TC and TE video conference products in which an attacker could exploit improper authentication protocols for internal services to bypass authentication and obtain root access on the system, and a flaw in the network drivers in which an attacker could use specially crafted internet protocol (IP) packets sent at a high rate to caus... read more.

• May 18, 2015

By Nancy Rand, Posted in Uncategorized

May 5, Help Net Security – (International) New AlphaCrypt ransomware delivered via Angler EK. Security researchers at Webroot and Rackspace discovered and determined that a new form of ransomware resembling TeslaCrypt and CryptoWall, dubbed AlphaCrypt, is being delivered via the Angler exploit kit (EK). Researchers stated that it differs from other ransomware variants by deleting volume snapshot services (VSS) and executing quietly in background processes to avoid detection. Source May 5, Help Net Securi... read more.

• May 06, 2015

By Nancy Rand, Posted in Uncategorized

May 4, Securityweek – (International) PayPal fixes remote code execution flaw in Partner Program website. PayPal fixed a vulnerability discovered by Vulnerability Lab researchers in its Partner Program Web site which would allow an attacker to leverage a bug in the site’s Java Debug Wire Protocol (JDWP) service to remotely execute server-side commands with root privileges. Source May 1, Threatpost – (International) Mozilla moving toward full HTTPS enforcement in Firefox. The Mozilla Foundation reported t... read more.

• May 06, 2015

By Nancy Rand, Posted in Uncategorized

April 30, Help Net Security – (International) Barracuda fixes critical MITM flaws in its Web filter. Barracuda Networks issued a security update patching two critical flaws in the firmware of its Web Filter appliances in which an attacker could perform man-in-the-middle (MitM) attacks due to vulnerabilities in certificate verification when performing secure socket layer (SSL) inspection and the use of default certificates for multiple machines. Source April 29, Securityweek – (International) Bartalex mal... read more.

• May 01, 2015

By Nancy Rand, Posted in Uncategorized

February 26, Securityweek – (International) Lizard Squad hijacks Lenovo website, emails. Lizard Squad hackers hijacked the Lenovo Web site and email servers by using CloudFlare IP addresses to modify DNS records in Lenovo domain registrar accounts and redirect users to defacement pages, and changed mail server records to allow the group to intercept emails sent to Lenovo email addresses. The hijacking mirrored a similar attack that targeted Google Vietnam during the week of February 23. Source February 2... read more.

• February 27, 2015

By Brian Wagner, Posted in Uncategorized

NetScaler 10.5 has been out for a while now, and we have been standardizing on the new version with success. But, what's new in 10.5? Is it worth upgrading my NetScalers? There are over 100 new features in version 10.5, but here are a few notables: 1) NO JAVA - OK, so there is still some Java. But, it is very much out of the way of day-to-day activities. This is a welcome treat for sure which makes administration much easier from any machine without going through hoops. That being said, I am sure the... read more.

• January 02, 2015

By Ken Phelan, Posted in Uncategorized

As I get older I find myself using the phrase “Remember When?” more and more often. Remember when candy bars cost a nickel? Remember when kids would just go out and play after school? Remember when you could get hired by a company, work your whole life there, and retire with a pension? As the cyber-attacks mount, I think we’re seeing the emergence of a new “remember when”. Remember when we used to go on the Internet and download code from vaguely anonymous servers that we would run on our per... read more.

• December 09, 2014