Blog

By Nancy Rand, Posted in Security

November 10, SecurityWeek – (International) Hackers can abuse iOS WebView to make phone calls. A security researcher reported that Apple mobile operating system (iOS) applications such as LinkedIn, Twitter, and others can be abused by a malicious actor to initiate phone calls to arbitrary phone numbers from a victim’s device by convincing a user to open a specially crafted Webpage via an affected app that redirects the victim to a TEL Uniform Resource Identifier (URI), which triggers the call. T... read more.

• November 14, 2016

By Celeste Collins, Posted in Technology Week in Review

November 7, 2016 The Internet of Things will be at the center of enterprise security and infrastructure readiness for the next several years, a panel of security experts said at Intel Security’s Focus 16 in Las Vegas. Microsoft is adding Microsoft Access to the list of what’s offered in it Office 365 Business and Business Premium plans. Citrix announced that it has been named as a leader in the IDC MarketScape: Worldwide Virtual Client Computing Software 2016 Vendor Assessment. The IDC Market... read more.

• November 11, 2016

By Nancy Rand, Posted in Security

November 9, IDG News Service – (International) Microsoft patches 68 vulnerabilities, two actively exploited ones. Microsoft released 14 security bulletins resolving a total of 68 vulnerabilities in Windows, Office, Edge, Internet Explorer, and SQL Server. Two of the vulnerabilities have been exploited in the wild, including a zero-day that is being leveraged by a group of attackers dubbed Fancy Bear, APT28 or Strontium, and a second flaw that could allow for remote code execution and enable an attacke... read more.

• November 10, 2016

By Nancy Rand, Posted in Security

November 7, SecurityWeek – (International) Critical privilege escalation flaws found in MySQL. Oracle Corporation released updates for its MySQL database management systems after a security researcher discovered an arbitrary code execution flaw and race condition issue in MySQL that a malicious actor could chain together to escalate privileges to root and fully compromise a targeted system. Percona released an update for its Percona Server for MySQL and Percona XtraDB cluster to address the same vulne... read more.

• November 08, 2016

By Nancy Rand, Posted in Security

November 4, Help Net Security – (International) GitLab plugs critical flaw in its code repository manager software. GitLab released security updates for its Community Edition (CE) and Enterprise Edition (EE) of its code repository manager software resolving a critical flaw in the import/export project feature that did not adequately check for symbolic links in user-provided archives, thereby allowing an authenticated user to access the contents of any file accessible to the GitLab service account. Sou... read more.

• November 07, 2016

By Celeste Collins, Posted in Technology Week in Review

October 31, 2016 At Dell EMC World 2016, Dell announced it enabled interoperability of Dell Data Protection Endpoint Security Suite Enterprise (DDP | ESSE), which provides data encryption and threat detection, with Mozy by Dell, which provides cloud-based data backup and recovery. Akamai announced that it has acquired Soha Systems in an all-cash deal. Soha provides enterprise secure access as a service. Illumio announced that Goldman Sachs has recognized Illumio CEO and Co-Founder Andrew Rubin as one of... read more.

• November 07, 2016

By Celeste Collins, Posted in Technology Week in Review

October 24, 2016 As Dell Technologies positions itself to be the one-stop-shop for the entire IT stack, the Asia Pacific and Japan region is jumping on board to modernize IT, with cost saving the driving factor. A coordinated botnet attack effectively choked internet access to a large number of popular sites last week, and the attack itself was made possible in large part due to the spread of connected Internet of Things (IoT) devices. Microsoft is warning Windows users over a fake Microsoft security pro... read more.

• November 04, 2016

By Nancy Rand, Posted in Security

November 2, SecurityWeek – (International) Belkin WeMo devices expose smartphones to attacks. Invincea security researchers discovered two serious vulnerabilities affecting Belkin’s WeMo home automation devices and their associated Android applications, including a flaw that could be exploited to remotely gain root access to a WeMo device, and a cross-site scripting (XSS) flaw in WeMo’s Android app that could be exploited to execute arbitrary JavaScript code in the context of the Android a... read more.

• November 04, 2016

By Nancy Rand, Posted in Security

November 2, The Register – (International) Multiple RCE flaws found in Memcached web speed tool. Web performance tool Memcached received security patches after a security researcher from Cisco Systems, Inc., discovered that Memcached version 1.4.31 and earlier were plagued with three integer overflow vulnerabilities that could be exploited to achieve remote code execution (RCE) on a targeted system, and are manifested in Memcached functions used to insert, append, or modify key-value data pairs. The r... read more.

• November 03, 2016

By Nancy Rand, Posted in Security

November 1, Help Net Security – (International) Google warns of actively exploited Windows zero-day. Google disclosed a Microsoft Windows zero-day local privilege escalation vulnerability in the Windows kernel that could allow attackers to escape the sandbox. Google researchers warned that the flaw is being actively exploited in the wild. Source October 31, SecurityWeek – (International) Nymaim starts using PowerShell to download payload. Verint security researchers discovered the Nymaim malwar... read more.

• November 02, 2016