Blog

By Nancy Rand, Posted in Security

March 28, Softpedia – (International) Flaw in Truecaller Android app leaves data of millions of users exposed. Security researchers from Cheetah Mobile Security Research Lab discovered a remotely exploitable flaw in the Truecaller app that exposed the personal information of millions of users and could allow attackers to modify users’ account settings through the application’s international mobile equipment identity (IMEI) code. Attackers could write scripts through query random IMEI codes to collect a user... read more.

• March 30, 2016

By Nancy Rand, Posted in Security

March 24, Help Net Security – (International) 7 Iranians indicted for cyber attacks on US banks and a dam. The U.S. Department of Justice reported March 24 that 7 Iranian computer specialists, allegedly sponsored by Iran’s Islamic Revolutionary Guard Corps, were charged for conducting several coordinated distributed denial-of-service (DDoS) attacks against 46 major companies which primarily targeted the U.S. financial sector from 2011 – 2013. The attacks disabled victims’ bank web sites, prevented customers... read more.

• March 28, 2016

By Nancy Rand, Posted in Security

March 23, SecurityWeek – (International) Microsoft, Samba preparing patch for severe “Badlock” flaw. Developers from Microsoft Corporation and Samba worked to patch a critical vulnerability dubbed “Badlock” after discovering that the flaw could affect several versions of Windows and Samba software. Researchers will release patches and details for the vulnerability April 12. Source March 23, Agence France-Presse – (International) ‘Syrian Electronic Army’ members face hacking charges. The U.S. Department o... read more.

• March 24, 2016

By Nancy Rand, Posted in Security

March 21, SecurityWeek – (International) Google issues emergency patch for critical Android rooting exploit. Google released an emergency security patch addressing an elevation of privilege vulnerability that affects all Android devices running kernel versions 3.4, 3.10, and 3.14, which could allow local malicious applications to execute arbitrary code in the kernel by rooting applications that were previously installed by customers. Source March 21, Softpedia – (International) “Surprise” ransomware uses... read more.

• March 23, 2016

By Nancy Rand, Posted in Security

March 21, Help Net Security – (International) iOS zero-day breaks Apple’s iMessage encryption. Researchers from Johns Hopkins University discovered a zero-day flaw in Apple’s operating system (iOS) encryption which could allow attackers to decrypt intercepted iMessages in iOS 9 and older iOS versions. Apple Inc., partially patched the vulnerability in iOS 9, but reported that the flaw will be completely patched in iOS 9.3 March 21. Source March 21, SecurityWeek – (International) Symantec patches high ris... read more.

• March 22, 2016

By Nancy Rand, Posted in Security

March 17, IDG News Service – (International) Stagefright exploit puts millions of Android devices at risk. NorthBit released a report addressing a vulnerability dubbed Metaphor, which affects Android versions 2.2. – 4.0, as well as 5.0 and 5.1, after security researchers discovered a new way to exploit a previously patched remote code execution vulnerability found in Stagefright, Android’s mediaserver and multimedia library. Researchers reported attackers tricked victims into clicking a malicious link sent... read more.

• March 21, 2016

By Nancy Rand, Posted in Security

March 16, The Register – (International) Middle-aged US bloke pleads guilty to iCloud celeb nude photo hack. The U.S. Department of Justice reported March 16 that a man from Lancaster pleaded guilty to one count of unauthorized access to a protected computer after he illegally accessed and downloaded images from 50 iCloud accounts and 72 Gmail accounts via phishing attacks from November 2012 – September 2014. Source March 16, Softpedia – (International) AceDeceiver iOS trojan abuses Apple’s Fairplay DRM... read more.

• March 21, 2016

By Nancy Rand, Posted in Security

March 16, SecurityWeek – (International) Radamant C&C server manipulated to spew decryption keys. Security researchers from InfoArmor reported that a flaw in Radamant ransomware’s command and control (C&C) server could potentially allow researchers to decrypt victims’ files without requiring user interaction by registering the infected machine within the malware control center via a Hypertext Transfer Protocol (HTTP) POST request. Researchers reported the request needs to contain public and private... read more.

• March 17, 2016

By Nancy Rand, Posted in Security

March 11, SecurityWeek – (International) DROWN vulnerability still unpatched by most cloud services. A team of researchers released a report stating that the severe vulnerability, Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) affecting many cloud services, was not patched after security researchers found the attack affects Hypertext Transfer Protocol Secure (HTTPS) and other services that rely on Secure Sockets Layer (SSL) and Transport Layer Security (TLS). The vulnerability allows attackers... read more.

• March 16, 2016

By Nancy Rand, Posted in Security

March 15, Softpedia – (International) Recent wave of malware uses macro-enabled Word documents and Windows PowerShell. Security researchers from Palo Alto Networks discovered that attackers were using a new tactic to distribute malicious malware by combining spam campaigns, malicious Word documents, and Window’s PowerShell code. Researchers reported that the macro code, embedded within each malicious Word document, starts a hidden instance of Windows PowerShell to download malicious scripts. Source March... read more.

• March 16, 2016