Blog

By Nancy Rand, Posted in Security

September 9, Securityweek – (International) Microsoft patches Windows vulnerability exploited in the wild. Microsoft released security bulletins patching over 50 vulnerabilities, including a Win32k memory corruption flaw allowing privilege escalation that has been exploited in the wild, a kernel address space layout randomization (ASLR) bypass, a Windows Media Center remote code execution (RCE) vulnerability, a .NET Framework integer overflow, and a memory corruption flaw in the Edge and Internet Explorer W... read more.

• September 10, 2015

By Nancy Rand, Posted in Security

September 4, Securityweek – (International) Cisco patches flaw in data center management products. Cisco released software updates addressing a remotely exploitable JavaServer Pages (JSP) vulnerability in the company’s UCS Director and Integrated Management Controller (IMC) Supervisor products which could allow an unauthenticated attacker to use specially crafted HyperText Transfer Protocol (HTTP) requests to overwrite arbitrary files, resulting in instability or a denial-of-service (DoS) condition. Source ... read more.

• September 08, 2015

By Ken Phelan, Posted in Uncategorized

It’s a longstanding joke among technologists. The only problem with technology is the people who use it. I think the joke needs an update. The only problem with technology platforms is applications. I was talking to some of my virtual desktop friends the other day. We were talking about their challenges in keeping a stable platform in the face of the corporate chaos. Every day brings new underlying challenges. There are new applications. There are new security requirements on a regular basis. Even the fo... read more.

• September 08, 2015

By Nancy Rand, Posted in Security

September 1, CSOonline.com – (International) Intel: Criminals getting better at data exfiltration. Security researchers from Intel released findings from a report revealing that cybercriminals are using increasingly sophisticated techniques to exfiltrate pilfered data once systems are accessed, including compressing and disguising the data, leveraging Gmail and encryption, and leveraging graphics processors. Source August 31, Threatpost – (International) CERT warns of slew of bugs in Belkin N600 routers.... read more.

• September 03, 2015

By Nancy Rand, Posted in Security

September 1, CSOonline.com – (International) Intel: Criminals getting better at data exfiltration. Security researchers from Intel released findings from a report revealing that cybercriminals are using increasingly sophisticated techniques to exfiltrate pilfered data once systems are accessed, including compressing and disguising the data, leveraging Gmail and encryption, and leveraging graphics processors. Source August 31, Threatpost – (International) CERT warns of slew of bugs in Belkin N600 routers.... read more.

• September 02, 2015

By Nancy Rand, Posted in Security

August 31, IDG News Service – (International) Russian-speaking hackers breach 97 web sites, many of them dating ones. Security researchers from Hold Security discovered that hackers breached 97 web sites between July - August after analysts found batches of stolen information, including a list of web sites and their vulnerabilities, notes, and large lists of email addresses and unencrypted passwords. Source August 31, IDG News Service – (International) ‘KeyRaider’ iOS malware targets jailbroken devices.... read more.

• September 01, 2015

By Nancy Rand, Posted in Security

August 28, Securityweek – (International) Moxa patches flaws in industrial ethernet switches. Security researchers from Applied Risk discovered serious privilege escalation, denial-of-service (DoS), and cross-site scripting (XSS) vulnerabilities affecting Moxa industrial ethernet switches that could allow an unauthenticated remote attacker to compromise the device and connected industrial assets. Moxa recently released an update addressing nine heap-based buffer overflow and classic buffer overflow vulnerab... read more.

• August 31, 2015

By Nancy Rand, Posted in Security

August 27, The Register – (International) FireEye intern VXer pleads guilty for Darkode droid RAT ruse. A former FireEye intern from Pittsburgh pleaded guilty to creating and selling the Dendroid remote access trojan (RAT) for Android phones on the Darkode hacker forums. Denroid was capable of infecting about 1,500 phones for each buyer, while it is unknown how many copies the suspect sold. Source August 27, Threatpost – (International) Endress+Hauser patches buffer overflow in dozens of ICS products. En... read more.

• August 28, 2015

By Nancy Rand, Posted in Security

August 26, SC Magazine – (International) Zero-day, Angler kit exploits help drive up malvertising by 325%. Security researchers from Cyphort reported study findings revealing that malvertising attacks have increased by 325 percent in 2015, likely due to a combination of frequent zero-day exploits and new technology making the tactic more effective. Source August 26, Securityweek – (International) New Zeus variant “Sphinx” offered for sales. Malware developers released a new Zeus banking trojan variant ca... read more.

• August 27, 2015

By Nancy Rand, Posted in Security

August 25, Securityweek – (International) Tor increasingly used by malicious actors: IBM. IBM Security released findings from its third quarter X-Force Threat Intelligence report revealing that The Onion Router (Tor) network has been used increasingly by cybercriminals for malicious purposes, with about 180,000 malicious events originating from Tor U.S. exit nodes since May. Researchers found that most Tor-based attacks have been Structured Query Language (SQL) injections and primarily targeted the informat... read more.

• August 26, 2015