Blog

By Nancy Rand, Posted in Security

December 8, SecurityWeek – (International) August stealer uses PowerShell for fileless infection. Proofpoint security researchers warned that a new information stealing malware, dubbed August leverages Microsoft Word documents containing malicious macros, which once enabled, launch a PowerShell command to download and install the August stealer on a machine for a fileless infection. The malicious payload is downloaded from a remote site as a PowerShell byte array, and targets customer service and mana... read more.

  • December 09, 2016

By Nancy Rand, Posted in Security

December 7, SecurityWeek – (International) Windows 10 Creators Update brings new security capabilities. Microsoft reported that the Windows 10 Creators Update, which is scheduled to be released in the spring of 2017, will include several security enhancements including improved detection, intelligence, and remediation capabilities in Windows Defender Advanced Threat Protection (ATP), a feature that will link the Windows Security Center to Office 365 ATP to allow administrators to track a threat across... read more.

  • December 08, 2016

By Celeste Collins, Posted in Technology Week in Review

November 21, 2016 NetApp CEO George Kurian discusses the cloud, hyper-converged infrastructure, and a very successful fiscal quarter. Symantec will acquire U.S. identity theft protection services company, LifeLock, for $2.3 billion, in a deal that it hopes will prop up sales at its Norton cybersecurity unit. Dell EMC announced availability of a new Dell EMC NetWorker with CloudBoost solution for added protection of enterprise applications running on Amazon Web Services (AWS) as well as the extension of t... read more.

  • December 08, 2016

By Celeste Collins, Posted in Technology Week in Review

November 28, 2016 A mystery bug prevented Outlook.com users from accessing or syncing their accounts from apps and smartphones, but Microsoft says it’s found a fix. AppSense has been selected as Citrix Ready Partner of the Month from more than 1,000 Citrix Ready Independent Software Vendors. IGEL Technology, a world leader in the delivery of powerful workspace management software, IGEL Linux-powered thin clients, zero clients, and all-in-one thin client solutions, announced that CRN has recognized... read more.

  • December 08, 2016

By Nancy Rand, Posted in Security

December 5, SecurityWeek – (International) Chrome 55 patches 36 flaws, blocks Flash by default. Google released Chrome 55 patching a total of 36 security flaws including 12 high risk flaws in PDFium, Blink, DevTools, and V8, as well as 9 medium severity issues, and 5 low risk flaws, among other patched vulnerabilities. In addition to resolving the security flaws, Chrome 55 enhances user security by blocking Websites that contain Adobe Flash content out-of-the-box. Source December 5, U.S. Department o... read more.

  • December 07, 2016

By Nancy Rand, Posted in Security

December 2, SecurityWeek – (International) Eight vulnerabilities found in Moxa NPort devices. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) reported that Moxa’s NPort serial device servers are plagued by eight vulnerabilities after security researchers discovered three critical flaws that can be exploited to retrieve an administrator password without authentication, update the device’s firmware without authentication, and use brute force to bypass authentication,... read more.

  • December 06, 2016

By Nancy Rand, Posted in Security

December 2, Help Net Security – (International) AirDroid app opens millions of Android users to device compromise. Zimperium security researchers reported that tens of millions of users of Android’s remote management tool, AirDroid are vulnerable to man-in-the-middle (MitM) attacks that could compromise their devices through fraudulent updates and result in data theft. If a user is on the same unsecured network as a malicious actor, the attacker could perform a MitM network attack to access the... read more.

  • December 05, 2016

By Nancy Rand, Posted in Security

November 29, Help Net Security – (International) McAfee Labs predicts 14 security developments for 2017. Intel Security released its McAfee Labs 2017 Threats Predictions Report, which identifies 14 security threat trends for 2017 including a predicted increase of undetectable Internet of Things (IoT) attacks on smart homes, an increase in targeted attacks against hardware and firmware, and an increase in the sophisticated and proliferation of social engineering attacks due to machine learning, among o... read more.

  • December 01, 2016

By Nancy Rand, Posted in Security

November 17, SecurityWeek – (International) iOS lockscreen bypass gives access to contacts, photos. Security researchers discovered a vulnerability in Apple’s mobile operating system (iOS) that could allow an attacker with physical access to a device that has Siri enabled on the lockscreen to bypass the phone’s lockscreen and access photos and contact information on a victim’s iPhone or iPad. The researchers reported the flaw affects iOS versions 8.0 – 10.2 and can be avoided b... read more.

  • November 29, 2016

By Ken Phelan, Posted in Security

77% of internet traffic is now encrypted. That number has been increasing steadily over time and it appears that it will continue to increase. What does it mean to us as security professionals when we’re dealing with an increasingly dark internet? Traditional network products are ineffective at examining encrypted traffic. That means we’ll have to decrypt it for them. We have a limited number of precious places to look at traffic in its unencrypted state. Notably, proxies and end-points. End... read more.

  • November 21, 2016