Blog

By Nancy Rand, Posted in Security

May 10, Softpedia – (International) SS7 attack leaves WhatsApp and Telegram encryption useless. Positive Technologies researchers unveiled a new attack that utilizes Signaling System No. 7 (SS7) to carry out attacks on encrypted communications apps such as WhatsApp and Telegram by spoofing a mobile network node and intercepting the initial phase of a chat between two users. The researchers were able to impersonate a second user through SS7 loopholes that were never patched. Source May 10, Softpedia – (In... read more.

• May 11, 2016

By Nancy Rand, Posted in Security

May 9, SecurityWeek – (International) Over two dozen flaws found in Aruba products. Aruba Networks patched some of the 26 security flaws discovered by a Google security engineer, and is working to patch the remaining vulnerabilities which impact all versions of ArubaOS, AirWave Management Platform 8.x versions prior to 8.2, and Aruba Instant access points (IAP) prior to 4.1.3.0 and 4.2.3.1. Some of the vulnerabilities discovered include the transmission of login credentials via Hypertext Transfer Protocol (... read more.

• May 10, 2016

By Nancy Rand, Posted in Security

May 6, Help Net Security – (International) Android trojan pesters victims, won’t take no for an answer. Avast researchers determined that an information-stealing Android trojan that is inadvertently downloaded by users, begins its infection after an icon is installed in the launcher in the name of a fake app which launches a dialog box that asks the user to grant it admin rights and blocks further access. Users can remove the trojan by powering down the phone and restoring it to factory settings or uninstal... read more.

• May 10, 2016

By Nancy Rand, Posted in Security

May 5, SecurityWeek – (International) Cisco patches serious flaws in FirePOWER , TelePresence. Cisco released software updates patching several vulnerabilities in its FirePOWER and TelePresence products including a critical vulnerability that allows a remote, unauthenticated attacker to bypass authentication and gain access to a targeted system, as well as several high severity denial-of-service (DoS) vulnerabilities that could allow a remote attacker to cause a system to stop inspecting and processing pack... read more.

• May 06, 2016

By Nancy Rand, Posted in Security

May 4, SecurityWeek – (International) Attackers exploit critical ImageMagick vulnerability. Two security researchers discovered a remote code execution (RCE) vulnerability dubbed, “ImageTragick,” was leveraged in the wild and found in the open-source software, ImageMagick. Attackers could exploit the flaw to gain access to the victim’s server by creating an exploit file and assigning the file an image extension to bypass the security check, which tricks ImageMagick into converting the malicious file and act... read more.

• May 05, 2016

By Nancy Rand, Posted in Security

May 3, SecurityWeek – (International) Google patches 40 vulnerabilities in Android. Google released security updates for its Android operating system (OS) patching 40 vulnerabilities including a remote code execution (RCE) flaw in Mediaserver that could allow an attacker to execute code within the software, and a privilege escalation flaw in the Android debugger that could allow a malicious application to execute arbitrary code in Android debugger or kernel, among other patched flaws. Source May 2, Secur... read more.

• May 04, 2016

By Nancy Rand, Posted in Security

May 2, SecurityWeek – (International) Serious flaw found in “PL/SQL Developer” update system. Allround Automations released a new version of its PL/SQL Developer product after an application security consultant discovered that version 11.0.4, and earlier versions, used Hyper Text Transfer Protocol (HTTP) updates and did not validate the downloaded file’s authenticity, allowing a man-in-the-middle (MitM) attacker to replace the authentic Uniform Resource Locator (URL) with another URL that leads to a malicio... read more.

• May 03, 2016

By Nancy Rand, Posted in Security

April 28, Softpedia – (International) Slack API credentials left in GitHub repos open new door for corporate hacking. Security researchers from Detectify Labs reported that companies in all industries may be at risk after finding that developers were leaving sensitive credentials inside open-sourced code following a scan on GitHub projects which revealed over 1,500 Slack access tokens were available online. The access tokens could allow attackers to access application program interfaces (APIs) and harvest u... read more.

• May 02, 2016

By Nancy Rand, Posted in Security

April 28, SecurityWeek – (International) Critical, high severity flaws patched in Firefox. Mozilla released its web browser, Firefox 46 that patched a total of 14 vulnerabilities including 4 critical vulnerabilities affecting the browser engine, which could cause crashes and potential arbitrary code execution, as well as a high severity vulnerability that could be exploited via specially crafted Web content and cause an exploitable crash, among other flaws. Source April 28, The Register – (International)... read more.

• April 29, 2016

By Nancy Rand, Posted in Security

April 27, Help Net Security – (International) DDoS aggression and the evolution of IoT risks. Neustar released its findings after conducting a survey on over 1,000 information technology (IT) professionals across 6 continents which revealed that 76 percent of companies are investing in distributed denial-of-service (DDoS) protection as DDoS attacks are continuing to evolve from single large attacks to multi-vector attacks. Forty-seven percent of attacked organizations were participating in information shari... read more.

• April 28, 2016