Blog

By Nancy Rand, Posted in Security

March 31, SecurityWeek – (International) Malware detection bypass vulnerability found in Cisco firepower. Cisco released software updates fixing a high severity vulnerability after a researcher found that the flaw was caused by improper input validation of fields in Hypertext Transfer Protocol (HTTP) that could allow a remote, unauthenticated attacker to bypass malicious file detection and block security features by crafting an HTTP request and sending it to the victims’ system. Source March 31, The Regi... read more.

• April 01, 2016

By Nancy Rand, Posted in Security

March 29, SecurityWeek – (International) “Vaccine” available for CTB-Locker, Locky, TeslaCrypt. French cybersecurity company, Lexsi released a “vaccine” that can improve users’ computer defenses against ransomware including CTB-Locker, Locky, and TeslaCrypt and stated that users can create a specific mutex or registry key, or change the simple system parameter as long as the modification does not pose an inconvenience to other users. Source March 29, SecurityWeek – (International) Thousands of printers “... read more.

• April 01, 2016

By Nancy Rand, Posted in Security

March 28, SecurityWeek – (International) PowerWare ransomware abuses PowerShell, Office macros. Security researchers from Carbon Black reported a new fileless ransomware, PowerWare can allow attackers to disguise malicious commands as legitimate computer activities and execute malicious actions by abusing PowerShell, a core utility for Microsoft Windows systems. The malware was distributed via malicious Word documents that uses embedded macros to send “cmd.exe” to a target’s computer. Source March 28, So... read more.

• March 30, 2016

By Nancy Rand, Posted in Security

March 28, Softpedia – (International) Flaw in Truecaller Android app leaves data of millions of users exposed. Security researchers from Cheetah Mobile Security Research Lab discovered a remotely exploitable flaw in the Truecaller app that exposed the personal information of millions of users and could allow attackers to modify users’ account settings through the application’s international mobile equipment identity (IMEI) code. Attackers could write scripts through query random IMEI codes to collect a user... read more.

• March 30, 2016

By Nancy Rand, Posted in Security

March 24, Help Net Security – (International) 7 Iranians indicted for cyber attacks on US banks and a dam. The U.S. Department of Justice reported March 24 that 7 Iranian computer specialists, allegedly sponsored by Iran’s Islamic Revolutionary Guard Corps, were charged for conducting several coordinated distributed denial-of-service (DDoS) attacks against 46 major companies which primarily targeted the U.S. financial sector from 2011 – 2013. The attacks disabled victims’ bank web sites, prevented customers... read more.

• March 28, 2016

By Nancy Rand, Posted in Security

March 23, SecurityWeek – (International) Microsoft, Samba preparing patch for severe “Badlock” flaw. Developers from Microsoft Corporation and Samba worked to patch a critical vulnerability dubbed “Badlock” after discovering that the flaw could affect several versions of Windows and Samba software. Researchers will release patches and details for the vulnerability April 12. Source March 23, Agence France-Presse – (International) ‘Syrian Electronic Army’ members face hacking charges. The U.S. Department o... read more.

• March 24, 2016

By Nancy Rand, Posted in Security

March 21, SecurityWeek – (International) Google issues emergency patch for critical Android rooting exploit. Google released an emergency security patch addressing an elevation of privilege vulnerability that affects all Android devices running kernel versions 3.4, 3.10, and 3.14, which could allow local malicious applications to execute arbitrary code in the kernel by rooting applications that were previously installed by customers. Source March 21, Softpedia – (International) “Surprise” ransomware uses... read more.

• March 23, 2016

By Nancy Rand, Posted in Security

March 21, Help Net Security – (International) iOS zero-day breaks Apple’s iMessage encryption. Researchers from Johns Hopkins University discovered a zero-day flaw in Apple’s operating system (iOS) encryption which could allow attackers to decrypt intercepted iMessages in iOS 9 and older iOS versions. Apple Inc., partially patched the vulnerability in iOS 9, but reported that the flaw will be completely patched in iOS 9.3 March 21. Source March 21, SecurityWeek – (International) Symantec patches high ris... read more.

• March 22, 2016

By Nancy Rand, Posted in Security

March 17, IDG News Service – (International) Stagefright exploit puts millions of Android devices at risk. NorthBit released a report addressing a vulnerability dubbed Metaphor, which affects Android versions 2.2. – 4.0, as well as 5.0 and 5.1, after security researchers discovered a new way to exploit a previously patched remote code execution vulnerability found in Stagefright, Android’s mediaserver and multimedia library. Researchers reported attackers tricked victims into clicking a malicious link sent... read more.

• March 21, 2016

By Nancy Rand, Posted in Security

March 16, The Register – (International) Middle-aged US bloke pleads guilty to iCloud celeb nude photo hack. The U.S. Department of Justice reported March 16 that a man from Lancaster pleaded guilty to one count of unauthorized access to a protected computer after he illegally accessed and downloaded images from 50 iCloud accounts and 72 Gmail accounts via phishing attacks from November 2012 – September 2014. Source March 16, Softpedia – (International) AceDeceiver iOS trojan abuses Apple’s Fairplay DRM... read more.

• March 21, 2016