Blog

By Nancy Rand, Posted in Security

November 3, Softpedia – (International) Spam botnet leverages vulnerable WordPress sites. Researchers from Akamai Security Intelligence Research Team (SIRT) discovered a new spam botnet in the wild dubbed Torte that infects machines via Executable and Linkable Format (ELF) Linux binaries and Hypertext Preprocessor (PHP) scripts placed on the targeted server’s filesystem after the SIRT team received a suspicious PHP script for analysis. The botnet is one of the largest in recent years and accounts for 83,000... read more.

• November 05, 2015

By Nancy Rand, Posted in Security

November 3, Softpedia – (International) 100 million Android users may have a backdoor on their devise thanks to the Baidu SDK. Researchers from Trend Micro reported the Moplus software development kit (SDK) being offered by Chinese search engine, Baidu includes a functionality that can be abused to install backdoors on users’ devices via an Hypertext Transfer Protocol (HTTP) server on the targeted smartphone, allowing attackers to send HTTP requests to port 6259 or 40310 and execute malicious commands. The... read more.

• November 04, 2015

By Nancy Rand, Posted in Security

November 1, Softpedia – (International) Latest flash zero-day bug already part of the Angler and Nuclear exploit kits. Researchers from Malwarebytes detected that recent versions of the Angler and Nuclear exploit kits (EK) were actively integrating and using a previously patched Adobe zero-day flaw that affected several Flash versions on Windows and Linux systems which could allow successful exploitation causing a crash and allowing the hacker to take control of the affected system. Experts recommended that... read more.

• November 03, 2015

By Nancy Rand, Posted in Security

October 29, Securityweek – (International) New types of reflection DDoS attacks spotted. Akamai’s Security Intelligence Response Team released a new threat advisory detailing 3 new types of reflection distributed denial-of-service (DDoS) attacks abusing the remote procedure call (RPC) portmap service with attacks exceeding 100 Gbps; Network Basic Input/Output System (NetBIOS) name servers with the largest attack peaking at 15.7 Gbps; and Sentinel license servers with peak bandwidth attacks of 11.7 Gbps. Sou... read more.

• November 03, 2015

By Nancy Rand, Posted in Security

October 29, Securityweek – (International) 13 million passwords leaked from free hosting service. A security expert reported October 28 that 13 million personal user records including names, emails, and plaintext passwords from the free web hosting service, 000webhost.com were compromised after its main server was exploited via a flaw in its old version of PHP. To mitigate future breaches, 000webhost updated its systems, increased its encryption, and changed all passwords. Source October 29, Securityweek... read more.

• October 30, 2015

By Josh Ledford, Posted in Infrastructure

I get asked about GSLB quite often, so I thought I would hammer this out. Let me know what you guys think. And full disclosure, I am a NetScaler kind of guy. You can ask me about other solutions, but in my opinion, nothing does this as well as NetScaler. Again, solely my opinion. So let’s start with the basics - general load balancing is a service that distributes requests evenly across backend resources. This can be done for a variety for reasons: performance, disaster scenarios, high availability, etc.... read more.

• October 29, 2015

By Nancy Rand, Posted in Security

October 28, Securityweek – (International) Adobe patches critical vulnerability in Shockwave Player. Adobe released a patch resolving a memory corruption vulnerability in its Shockwave Player 12.2.0.162 for Windows and Mac user after researchers from Fortinet’s Fortiguard Labs discovered that the vulnerability allowed attackers to compromise remote computers and execute remote code, allowing full control of the operating system without the victim being aware. Source  October 28, Softpedia – (Internationa... read more.

• October 29, 2015

By Ken Phelan, Posted in Infrastructure

Facebook announced a program this week to have their employees live with 2G data access speeds on Tuesdays (2G Tuesdays). This gives their employees perspective on what it’s like to use Facebook in an emerging market like India. I love this. How many times have you complained to a developer about the speed of their product only to hear them tell you how great the product performs for them? Well, good for you and your super-high-end PC with the local data store. A few years ago, I abandoned my noteb... read more.

• October 28, 2015

By Nancy Rand, Posted in Security

October 27, Securityweek – (International) Joomla flaw exploited in the wild within hours of disclosure. Security researchers from Sucuri reported that malicious actors started exploiting critical vulnerabilities, including a Structured Query Language (SQL) injection issue in Joomla, within 4 hours of patches released by developers addressing the issue and subsequent flaw disclosures by researchers at Trustwave. The SQL injection vulnerability could allow a remote attacker to hijack administrator sessions a... read more.

• October 28, 2015

By Nancy Rand, Posted in Security

October 26, Softpedia – (International) 12 new malware strands are discovered every minute. Security researchers at G DATA released report findings revealing that the company discovered 3,045,722 new types of malware in the first half of 2015, a 26.6 percent increase since the second half of 2014, and that most attacks were either adware or potentially unwanted programs (PUPs) hosted on U.S. websites from the healthcare and technology and telecommunications, among others. G DATA also observed an increase in... read more.

• October 28, 2015