February 23, SC Magazine – (International) Older vulnerabilities a top enabler of breaches, according to report. Hewlett Packard security researchers reported that 44 percent of known breaches happened as a result of server misconfigurations and vulnerabilities discovered years ago. The report cites 33 percent of identified exploit samples from Microsoft Windows, 11 percent from Adobe Reader and Acrobat, 6 bugs in Oracle Java, and 2 flaws in Microsoft Office flaws. Source
February 23, Securityweek – (International) Norton update caused Internet Explorer to crash. Symantec released a new version of the Intrusion Prevention System (IPS) definition package after a corrupt file in the previous release caused the 32-bit version of Microsoft’s Internet Explorer web browser to crash on computers running Norton Security, Norton Security with Backup, Norton 360, and Norton Internet Security. Source
February 23, Softpedia – (International) Comodo’s PrivDog breaks HTTPS security possibly worse than Superfish. A security researcher discovered that Comodo’s PrivDog browsing privacy protection tool compromised browsing security by acting as a man-in-the-middle (MitM), intercepting and replacing all certificates with its own, causing browsers to accept every HTTPS certificate regardless of authority. The issue could affect nearly 64,000 users worldwide, and PrivDog released an update with a fix for the issue. Source
February 23, Softpedia – (International) CSIS security group warns of fake emails using its name. CSIS security experts discovered an email campaign that spoofed the company’s email address and used an employee’s name to distribute a malicious attachment and deploy malware on the recipients’ machines. The Danish-based company provides security services for some of the largest global banks and acts as a consultant to governments, media, and businesses. Source