Blog

By Nancy Rand, Posted in Security

September 22, SecurityWeek – (International) Yahoo confirms massive data breach of 500 million accounts. Yahoo Inc. confirmed September 22 that a hacker, dubbed “Peace” and “peace_of_mind” accessed the data from at least 500 million user accounts, including names, email address, hashed passwords, and birth dates, among other information, during a 2014 cyberattack. Yahoo stated unencrypted security questions and answers were invalidated and advised potentially affected users to... read more.

• September 26, 2016

By Nancy Rand, Posted in Security

September 22, SecurityWeek – (International) Flaws in Cisco Cloud Services Platform allow command execution. Cisco notified its customers that its Cloud Services Platform (CSP) 2100 version 2.0 was plagued with two vulnerabilities, one of which is a critical vulnerability caused by insufficient sanitization of user input that could allow an unauthenticated attacker to remotely execute arbitrary commands on the operating system with root privileges. Cisco reported the second vulnerability could allow a... read more.

• September 23, 2016

By Nancy Rand, Posted in Security

September 21, SecurityWeek – (International) MacOS 10.12 patches over 60 vulnerabilities. Apple Inc., released the final version of its Mac operating system (OS) Sierra 10.12 resolving at least 65 vulnerabilities, including 16 flaws in the “apache_mod_php” module that could lead to arbitrary code execution or unexpected application termination, as well as denial-of-service issues and arbitrary code execution flaws in Apple’s implementation of Apache, Audio, and Bluetooth, among other... read more.

• September 22, 2016

By Nancy Rand, Posted in Security

September 19, SecurityWeek – (International) Rockwell patches code execution flaw in RSLogix product. Rockwell Automation released patches for several of its RSLogix products used in the food and agriculture, critical manufacturing, water, and chemical sectors to resolve a buffer overflow vulnerability after a researcher discovered the flaw can be exploited by convincing a local user to open a specially crafted rich site summary (RSS) file with a malicious version of RSLogix in order to execute arbitr... read more.

• September 21, 2016

By Nancy Rand, Posted in Security

September 19, SecurityWeek – (International) Cisco finds new zero-day linked to “Shadow Brokers” exploit. Cisco researchers discovered another zero-day vulnerability leaked by Shadow Brokers in August, which affects the Internet Key Exchange (IKE) v1 packet processing code in Cisco IOS XR versions 4.3.x, 5.0.x, 5.1.x, and 5.2.x and could allow a remote, unauthenticated attacker to retrieve memory contents potentially containing sensitive information by sending a specially crafted IKEv1 pac... read more.

• September 20, 2016

By Nancy Rand, Posted in Security

September 15, SecurityWeek – (International) SAP patches serious flaws in database management product. SAP released a security update resolving 19 vulnerabilities, including a denial-of-service (DoS) flaw in Business Objects BI Launchpad, information disclosure bugs, cross-site scripting (XSS) issues, and Structured Query Language (SQL) injection issues that could allow an attacker to create and execute a stored procedure with SQL commands, thereby enabling the attacker to elevate their privileges, mo... read more.

• September 19, 2016

By Ken Phelan, Posted in Security

Computers beating humans in chess isn’t news. What may be news to some people is that the best chess player isn’t a computer or a human. It’s a human using a computer. In chess circles, they call this human-computer team strategy a centaur. We have some man-versus-machine problems in Cyber Security as well. We use computers effectively to record and process large numbers of incidents. There are so many incidents that no human can possibly look at them all, so we ask the computers to find... read more.

• September 19, 2016

By Nancy Rand, Posted in Security

September 15, SecurityWeek – (International) 6.6 million users affected by ClixSense breach. ClixSense confirmed that the details of over 6.6 million users were stolen after hackers gained access to the company’s database server after accessing an old server still connected to the database. ClixSense reported the vulnerable server has been shut down and restored user balances, forum, and account names, and reset user passwords, among other measures. Source September 14, Softpedia – (Inter... read more.

• September 16, 2016

By Nancy Rand, Posted in Security

September 13, SecurityWeek – (International) Adobe patches 29 vulnerabilities in Flash Player. Adobe released updates for Flash Player, Digital Editions, and Adobe Air SDK & Compiler resolving a total of 37 vulnerabilities, including integer overflow, use-after-free, among other memory corruption issues in Flash Player that can be exploited to leverage arbitrary code execution, as well as several memory corruption flaws and a use-after-free issue in Digital Editions 4.5.1 and earlier that can be e... read more.

• September 15, 2016

By Nancy Rand, Posted in Security

  September 12, SecurityWeek – (International) Critical MySQL zero-day exposes servers to attacks. An independent security researcher discovered a critical zero-day vulnerability affecting the MySQL open-source database software that can be exploited by an attacker who can authenticate to the MySQL database via a Web interface or network connection to leverage arbitrary code execution with root privileges, which can compromise the server running MySQL. The researcher reported that all MySQL bran... read more.

• September 14, 2016