March 3, SecurityWeek – (International) Apple reissues security update after blocking Ethernet on Mac OS X. Apple Inc., reissued a security updates for its OS X El Capitan systems, which patched a blacklisting issue after an initial security update blocked Ethernet drivers and blocked Internet access to affected Mac systems when using an Ethernet connection. Apple reported that Wi-Fi connections were not affected. Source
March 3, SecurityWeek – (International) Cisco patches critical, high severity flaws in NX-OS. Cisco Systems, Inc., released software updates for several of its products including the NX-OS network operating system (OS) running on Nexus 3000 series, Nexus 3500 platform switches, which patched a critical vulnerability that could allow a remote, unauthenticated attacker to log into a compromised device with root privileges via an account with default credentials, among other vulnerabilities. Cisco also released patches for several other versions of its Nexus series products, including a high severity denial-of-service (DoS) vulnerability in the Simple Network Management Protocol (SNMP) input packet processor. Source
March 3, SecurityWeek – (International) Hardcoded password exposes RSA Conference badge scanning app. Researchers from Bluebox Security reported that the badge scanning application provided by organizers of the 2016 RSA Conference to vendors was susceptible to a security bypass flaw after researchers analyzed the app’s code and discovered that the security mechanism could be bypassed due to an embedded plain text default password in the application’s code. Source
March 3, Softpedia – (International) Ad Code for many advertising networks vulnerable to basic XSS attacks. An independent security researcher discovered that many advertising networks were unknowingly allowing attackers to launch cross-site scripting (XSS) attacks by not applying the same input sanitization procedures to data following a hash (#) in the code of the Uniform Resource Locator (URL). Attackers could spread links to legitimate, authentic pages that have malicious XSS payloads attached to the end of a URL. Source
March 3, Help Net Security – (International) Dell SecureWorks speeds up endpoint intrusion detection, response. Dell SecureWorks Inc., reported that it is launching its Advanced Endpoint Threat Detection (AETD) Red Cloak solution which is designed to cut down the time required to detect and respond to cyber-attacks, especially for non-malware attacks. The Software as a Service (SaaS) solution will be powered by experts from the Counter Threat Unit (CTU), who will provide updated threat intelligence information. Source
March 2, Softpedia – (International) Windows built-in PDF reader exposes Edge browser to hacking. A security researcher from IBM’s X-Force Advanced Research team discovered that Microsoft Window’s built-in Windows Runtime (WinRT) PDF for its Edge web browser can be leveraged by attackers to execute drive-by attacks in a similar method that the Angler or Neutrino exploit kits (EK) deliver Flash, Java, or Silverlight payloads. Attackers can create a WinRT PDF exploit within their PDF file, which can be secretly opened while using an iframe positioned off screen with Cascading Style Sheets (CSS), and can use the malicious code to execute and exploit the WinRT PDF vulnerability. Source
March 3, Associated Press – (National) Pentagon seeks hackers to test defense department’s cybersecurity. The U.S. Secretary of Defense announced March 2 that the Pentagon is launching a program dubbed “Hack the Pentagon” for white-hat hackers to attempt to breach the U.S. Department of Defense’s networks. Officials stated that the intent of the program is to invite responsible hackers to test the department’s cybersecurity in order to strengthen digital defenses and enhance national security. Source