Blog

By Nancy Rand, Posted in Security

July 21, Help Net Security – (International) Vulnerabilities affecting SAP HANA and SAP Trex put 10,000 customers at risk. Onapsis released security advisories reporting on vulnerabilities in SAP High-Performance Analytic Appliance (HANA) and SAP Trex including a critical risk brute force attack affecting SAP HANA that could allow an attacker to gain unrestricted access to business information, and a critical risk remote command execution flaw affecting SAP Trex that could allow an unauthenticated att... read more.

• July 25, 2016

By Nancy Rand, Posted in Security

  July 20, SecurityWeek – (International) Oracle’s critical patch update for July contains record number of fixes. Oracle released its July Critical Patch Update (CPU) that addressed a total of 276 vulnerabilities in several of its products including 19 critical security flaws affecting the Oracle WebLogic Server component, the Hyperion Financial Reporting component, and the Oracle Health Sciences Clinical Development Center component, among other applications. The update also resolves 36... read more.

• July 21, 2016

By Nancy Rand, Posted in Security

July 19, SecurityWeek – (International) Apple patches tens of vulnerabilities in iOS, OS X. Apple Inc., released security updates for several of its products including OS X El Capitan version 10.11.6, which patched a total of 60 security bugs affecting components such as audio, FaceTime, and CFNetwork, among others after a Zscaler researcher discovered the flaws could allow unprivileged applications to access cookies stored in the Safari browser. Apple also released iOS version 9.3.3., resolving 43 vu... read more.

• July 20, 2016

By Nancy Rand, Posted in Security

July 18, Help Net Security – (International) Ubuntu Forums hacked again, 2 million users exposed. Canonical chief executive officer (CEO) reported that an attacker exploited a Structured Query Language (SQL) injection flaw in its Ubuntu Forums to access and download part of the Forums database, containing usernames, email addresses, and internet protocol addresses (IPs) for 2 million users. Canonical shut down the database, reset all users’ passwords, and installed a Web application firewall aft... read more.

• July 19, 2016

By Nancy Rand, Posted in Security

July 15, SecurityWeek – (International) New trojan helps attackers recruit insiders. Researchers at Gartner Research and Diskin Advanced Technologies found a new trojan dubbed “Delilah” that uses social engineering and extortion to recruit insiders by collecting personal information and capturing video from the targeted user’s webcam while instructing users to use virtual private networks (VPNs) and the Tor network in order to manipulate or blackmail the targeted individual. Source ... read more.

• July 18, 2016

By Nancy Rand, Posted in Security

July 14, IDG News Service – (International) Juniper patches high-risk flaws in Junos OS. Juniper Networks fixed several vulnerabilities in the Junos operating system (OS) used on its networking and security appliances, including an information leak in the J-Web interface, vulnerabilities that could lead to denial of service conditions, a potential kernel crash, a potential memory buffer (mbuf) leak, a crypto vulnerability, and an issue with SRX Series devices. Source July 14, Softpedia – (Inter... read more.

• July 15, 2016

By Nancy Rand, Posted in Security

July 13, SecurityWeek – (International) SAP patches critical Clickjacking vulnerabilities. SAP released 10 Security Patch Day Notes and 26 Support Package Notes addressing several vulnerabilities, including a critical Clickjacking flaw in multiple SAP frameworks and technologies, denial of service flaws, missing authorization checks, code injection, and a cross-site scripting (XSS) issue, among other vulnerabilities. Source July 13, Softpedia – (International) New Stampado ransomware advertised... read more.

• July 14, 2016

By Nancy Rand, Posted in Security

  July 11, Softpedia – (International) MIUI vulnerability affects millions of Xiaomi Android devices. Security researchers from IBM’s Security Intelligence team reported that a remote code execution (RCE) vulnerability exists in MIUI analytics component in versions prior to MIUI Global Stable 7.2 after researchers discovered that the self-update mechanism can be hijacked via a Man-in-the-Middle (MitM) attack and used to deliver malicious update packages. The analytics package uses Hypertex... read more.

• July 13, 2016

By Nancy Rand, Posted in Security

July 12, SecurityWeek – (International) Code execution flaw plagues Intel Graphics Driver. Security researchers from Cisco Talos discovered a local code execution vulnerability in Intel HD Graphics Windows Kernel Mode Driver version 10.18.14.4264 that could allow an attacker to run arbitrary code on a victims’ system or cause denial-of-service (DoS) by sending a specially crafted D3DKMTEscape request to the Intel DH Graphics drivers. Microsoft removed the NTVDM subsystem from its Windows 8 to mi... read more.

• July 13, 2016

By Nancy Rand, Posted in Security

July 7, Softpedia – (International) Dangerous GNU wget vulnerability still not patche din all Linux distros. Security researchers from Golunski and SecuriTeam discovered a GNU wget vulnerability that could be exploited to allow an attacker to upload arbitrary files and achieve code execution due to wget’s improper handling of file names when redirecting users from an initial Hypertext Transfer Protocol (HTTP) Uniform Resource Locator (URL) to a File Transfer Protocol (FTP) link. Source July 7,... read more.

• July 12, 2016