Blog

By Nancy Rand, Posted in Security

September 25, Securityweek – (International) Vulnerabilities found in several SCADA products. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) published advisories identifying vulnerabilities in supervisory control and data acquisition (SCADA) products, including a privilege escalation bug in Resource Data Management’s Data Manager that could allow an attacker to change the passwords of users, a cross-site request forgery (CSRF) that an attacker could use to perform actions on behalf... read more.

• September 28, 2015

By Nancy Rand, Posted in Security

September 24, IDG News Service – (International) Ransomware pushers up their game against small businesses. TrendMicro researchers released analysis revealing that 67 percent of users who clicked on links in CryptoWall and 40 percent who clicked links in TorrentLocker ransomware-related emails were from small and medium businesses in June and July, attributing the percentage to social engineering and a lack of safeguards compared to larger organizations. Source September 23, Softpedia – (International) S... read more.

• September 25, 2015

By Nancy Rand, Posted in Security

September 23, Securityweek – (International) Firefox 41 patches critical vulnerabilities. Mozilla released updates addressing 30 vulnerabilities in Firefox version 41, including use-after-free bugs with IndexedDB and manipulation of HyperText Markup Language (HTML) content that could lead to an exploitable crash, memory safety bugs that can be exploited to execute arbitrary code, and two flaws involving cross-origin resource sharing (CORS) “preflight” request handling, among others. Source September 23,... read more.

• September 24, 2015

By Nancy Rand, Posted in Security

September 22, Securityweek – (International) Adobe patches 23 vulnerabilities in Flash Player. Adobe released updates for Flash Player addressing 23 information disclosure, security bypass, memory leak, type confusion, use-after-free, buffer overflow, stack corruption, and memory corruption vulnerabilities, and includes additional validation checks to ensure rejection of malicious content from vulnerable JSONP callback Application Program Interfaces (APIs), among other improvements. Source September 22,... read more.

• September 23, 2015

By Nancy Rand, Posted in Security

September 20, Softpedia – (International) Three Symantec employees fired for issuing fake Google SSL certificates. Symantec fired three employees for issuing rogue Secure Sockets Layer (SSL) certificates after Google engineers working for the Certificate Transparency project discovered that the company had issued fake Google.com certificates with “extended validation” labels. Source September 20, IDG News Service – (International) Apple removes malware-infected iOS apps from store. Apple officials report... read more.

• September 22, 2015

By Nancy Rand, Posted in Security

September 18, SC Magazine – (International) VMware addresses vulnerability in vCenter server. VMware released an update addressing a certificate validation vulnerability in select versions of its vCenter Server which an attacker could exploit to intercept traffic between the vCenter Server and the Lightweight Directory Access Protocol (LDAP) server to capture sensitive information. Source September 18, Softpedia – (International) D-Link accidentally publishes code signing keys. A Norwegian developer and... read more.

• September 21, 2015

By Nancy Rand, Posted in Uncategorized

September 16, Reuters – (National) Homeland Security websites vulnerable to cyber attack: Audit. The Office of the Inspector General for DHS released a report September 15 citing several deficiencies within DHS’s information systems, including lapses in internal systems used by several agencies that may allow unauthorized individuals to gain access to sensitive data, and the need to establish a cyber-training program for analysts and investigators, among other findings. Source September 16, Threatpost –... read more.

• September 18, 2015

By Nancy Rand, Posted in Security

September 14, Securityweek – (International) Attackers use Google Search Console to hide website hacks. Security researchers from Sucuri discovered that cybercriminals have been using the Google Search Console to improve spam page search engine optimization (SEO) and to hide their presence on hijacked websites by receiving notification when hacks are detected, and by unverifying legitimate website owners. Source September 14, Help Net Security – (International) New malware can make ATMs not give users’ c... read more.

• September 15, 2015

By Nancy Rand, Posted in Security

September 11, Securityweek – (International) Yokogawa patches serious flaws in ICS products. Japan-based Yokogawa Electric released patches addressing three critical flaws related to network communication functions affecting several of the company’s industrial control system (ICS) products. The remotely exploitable vulnerabilities include buffer overflows and a flaw that could allow an attacker to execute arbitrary code. Source September 10, Securityweek – (International) No patches available for flaws i... read more.

• September 14, 2015

By Nancy Rand, Posted in Security

September 10, Securityweek – (International) SAP updates patch twenty vulnerabilities. Germany-based SAP enterprise software maker updated 5 previously released patches and issued a new patch addressing 20 vulnerabilities including 8 that were missing authorization checks, 6 cross-site scripting (XSS) bugs, an information disclosure vulnerability, cross-site forgery (CSRF), remote code execution, SQL injection, in addition to other types of attacks. Source September 10, Help Net Security – (International... read more.

• September 11, 2015