Blog

By Nancy Rand, Posted in Security

October 18, Softpedia – (International) WordPress sites under attack via security flaw in unmaintained plugin. Security researchers from White Fir Design discovered the WordPress Marketplace plugin was plagued with an arbitrary file upload vulnerability that could allow an attacker to upload arbitrary files on Websites with the plugin installed and potentially take over a site’s underlying server. The researchers discovered the flaw after detecting scans for the plugin’s Cascading Style Sh... read more.

• October 19, 2016

By Nancy Rand, Posted in Security

October 17, SecurityWeek – (International) Siemens patches flaws in SIMATIC, license manager products. Siemens released software updates addressing several vulnerabilities in its SIMATIC and Automation License Manager (ALM) products after Kaspersky Lab researchers discovered ALM was plagued with a critical path traversal issue that could allow a remote attacker to upload files to the disk, create and remove files, or move existing files via specially crafted packets, as well as a denial-of-service (Do... read more.

• October 18, 2016

By Nancy Rand, Posted in Security

October 13, SecurityWeek – (International) Critical vulnerability patched in Cisco conferencing product. Cisco reported that its Cisco Meeting Server (CMS) prior to version 2.0.6 and Acano Server prior to versions 1.8.18 and 1.9.6 were plagued with a critical vulnerability affecting the Extensible Messaging and Presence Protocol (XMPP) service that could allow an unauthenticated attacker to access the system as another user if the XMPP is enabled on the affected devices, as the XMPP service incorrectl... read more.

• October 17, 2016

By Nancy Rand, Posted in Security

October 13, SecurityWeek – (International) Attackers actively exploit recently patched BIND flaw. The Internet Systems Consortium (ISC) reported that it learned a high severity denial-of-service (DoS) vulnerability patched in the Domain Name Server (DNS) software BIND was exploited in the wild to crash servers after Infobyte security researchers published a proof-of-concept (PoC) code and Metasploit module demonstrating the attack. Source October12, SecurityWeek – (International) Cerber 4.0 fue... read more.

• October 14, 2016

By Celeste Collins, Posted in Technology Week in Review

October 10, 2016 Microsoft officials shared more guidance for admins who will be dealing with the new patching model, which was discussed in an October 7 blog post for IT pros. A rollup is simply multiple patches rolled together into a single update. These rollups will replace individual patches for Windows 7, 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. Forcepoint has established deep roots in Canada with the opening of a state-of-the-art data center in Toronto, the count... read more.

• October 14, 2016

By Nancy Rand, Posted in Security

October 12, Softpedia – (International) Microsoft patches four zero-days used in live attacks. Microsoft released a security bulletin addressing 4 zero-day vulnerabilities in several of its products, including an information disclosure bug in Internet Explorer, remote code execution (RCE) flaws in Edge’s scripting engine and Windows graphics device interface (GDI), and a memory corruption vulnerability in Office, among other vulnerabilities. Microsoft reported all four zero-days have been exploi... read more.

• October 13, 2016

By Celeste Collins, Posted in Technology Week in Review

October 3, 2016 eG Innovations announces end-to-end monitoring and user experience management for applications delivered by Windows Server 2016. Scheduled for release in October 2016, eG Enterprise 6.2 will include support for Windows Server 2016, Microsoft Exchange 2016, Microsoft SQL Server 2016, and Microsoft Hyper-V 2016, plus all other components of Microsoft’s 2016 datacenter offerings. Proofpoint, Inc., a leading next-generation cybersecurity company, announced it has been named a leader in d... read more.

• October 12, 2016

By Nancy Rand, Posted in Security

October 11, SecurityWeek – (International) Malware abuses Windows Troubleshooting Platform for distribution. Proofpoint security researchers discovered a malicious backdoor, dubbed “LatentBot” was abusing the Microsoft Windows Troubleshooting Platform (WTP) feature to trick users into executing the malicious payload, which was being distributed via email attachments with a lure document that once opened, launches a digitally signed DIAGCAB file containing PowerShell commands that download... read more.

• October 12, 2016

By Stephen Kilcoyne, Posted in Infrastructure

Gotham Technology Group Elevated to Top Level of the New IGEL Partner Program MONTVALE, NJ and SAN FRANCISCO, Oct. 11, 2016 – Gotham Technology Group, a leading technology solutions provider in the Northeastern United States, and IGEL Technology, a world leader in the delivery of powerful workspace management software, IGEL OS™-powered thin clients, zero clients and all-in-one thin client solutions, today announced that Gotham Technology Group has been named a Platinum member of the new IGEL P... read more.

• October 12, 2016

By Nancy Rand, Posted in Security

October 7, SecurityWeek – (International) VMware patches directory traversal flaw in Horizon View. VMware released versions 7.0.1, 6.2.3, and 5.3.7 of its Horizon View products for Microsoft Windows after a security researcher, dubbed “Bruk0ut” discovered the products were plagued with a flaw that could allow a remote attacker to carry out a directory traversal attack on the Horizon View Connection Server to access sensitive information. Source October 7, SecurityWeek – (Internation... read more.

• October 11, 2016