Blog

By Nancy Rand, Posted in Security

October 21, SecurityWeek – (International) Weebly breach affects over 43 million users. Weebly, a San Francisco-based Web hosting service, confirmed that hackers stole the account information of over 43 million users, including usernames, Internet Protocol (IP) addresses, and password hashes after breaching the company’s systems in February 2016. The company advised its user to reset their passwords and the cause of the breach remains under investigation. Source October 20, Softpedia – (I... read more.

  • October 25, 2016

By Nancy Rand, Posted in Security

October 20, SecurityWeek – (International) Lexmark patches critical flaw in printer management tool. Lexmark International, Inc. released an update for its Markvision Enterprise printer management software after security researchers from Digital Defense Inc. (DDI) found the software was plagued with a vulnerability in the Apache Flex BlazeDS that can be exploited to read arbitrary files via specially crafted Action Message Format (AMF) messages and retrieve the file storing the admin credentials, as w... read more.

  • October 21, 2016

By Nancy Rand, Posted in Security

October 19, SecurityWeek – (International) Oracle Critical Patch Update for October 2016 fixes 253 vulnerabilities. Oracle Corporation released its Critical Patch Update (CPU) for October 2016 to resolve a total of 253 new security flaws in several of its products, including 36 flaws in its Oracle Communications Applications, 14 flaws in the Oracle E-Business Suite that can be remotely exploited without authentication, 24 flaws in its Financial Services Applications, and issues affecting its Retail Ap... read more.

  • October 20, 2016

By Nancy Rand, Posted in Security

October 18, Softpedia – (International) WordPress sites under attack via security flaw in unmaintained plugin. Security researchers from White Fir Design discovered the WordPress Marketplace plugin was plagued with an arbitrary file upload vulnerability that could allow an attacker to upload arbitrary files on Websites with the plugin installed and potentially take over a site’s underlying server. The researchers discovered the flaw after detecting scans for the plugin’s Cascading Style Sh... read more.

  • October 19, 2016

By Nancy Rand, Posted in Security

October 17, SecurityWeek – (International) Siemens patches flaws in SIMATIC, license manager products. Siemens released software updates addressing several vulnerabilities in its SIMATIC and Automation License Manager (ALM) products after Kaspersky Lab researchers discovered ALM was plagued with a critical path traversal issue that could allow a remote attacker to upload files to the disk, create and remove files, or move existing files via specially crafted packets, as well as a denial-of-service (Do... read more.

  • October 18, 2016

By Nancy Rand, Posted in Security

October 13, SecurityWeek – (International) Critical vulnerability patched in Cisco conferencing product. Cisco reported that its Cisco Meeting Server (CMS) prior to version 2.0.6 and Acano Server prior to versions 1.8.18 and 1.9.6 were plagued with a critical vulnerability affecting the Extensible Messaging and Presence Protocol (XMPP) service that could allow an unauthenticated attacker to access the system as another user if the XMPP is enabled on the affected devices, as the XMPP service incorrectl... read more.

  • October 17, 2016

By Nancy Rand, Posted in Security

October 13, SecurityWeek – (International) Attackers actively exploit recently patched BIND flaw. The Internet Systems Consortium (ISC) reported that it learned a high severity denial-of-service (DoS) vulnerability patched in the Domain Name Server (DNS) software BIND was exploited in the wild to crash servers after Infobyte security researchers published a proof-of-concept (PoC) code and Metasploit module demonstrating the attack. Source October12, SecurityWeek – (International) Cerber 4.0 fue... read more.

  • October 14, 2016

By Celeste Collins, Posted in Technology Week in Review

October 10, 2016 Microsoft officials shared more guidance for admins who will be dealing with the new patching model, which was discussed in an October 7 blog post for IT pros. A rollup is simply multiple patches rolled together into a single update. These rollups will replace individual patches for Windows 7, 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. Forcepoint has established deep roots in Canada with the opening of a state-of-the-art data center in Toronto, the count... read more.

  • October 14, 2016

By Nancy Rand, Posted in Security

October 12, Softpedia – (International) Microsoft patches four zero-days used in live attacks. Microsoft released a security bulletin addressing 4 zero-day vulnerabilities in several of its products, including an information disclosure bug in Internet Explorer, remote code execution (RCE) flaws in Edge’s scripting engine and Windows graphics device interface (GDI), and a memory corruption vulnerability in Office, among other vulnerabilities. Microsoft reported all four zero-days have been exploi... read more.

  • October 13, 2016

By Celeste Collins, Posted in Technology Week in Review

October 3, 2016 eG Innovations announces end-to-end monitoring and user experience management for applications delivered by Windows Server 2016. Scheduled for release in October 2016, eG Enterprise 6.2 will include support for Windows Server 2016, Microsoft Exchange 2016, Microsoft SQL Server 2016, and Microsoft Hyper-V 2016, plus all other components of Microsoft’s 2016 datacenter offerings. Proofpoint, Inc., a leading next-generation cybersecurity company, announced it has been named a leader in d... read more.

  • October 12, 2016