Blog

By Nancy Rand, Posted in Security

August 24, Securityweek – (International) Zero-day flaws found in Dolphin, Mercury browsers for Android. A security researcher discovered a vulnerability in the Dolphin web browser for Android in which a man-in-the-middle (MitM) attacker could inject a specially crafted file to arbitrarily write files or execute remotely, as well as unpatched insecure Intent URI scheme implementation and path transversal vulnerabilities in the Mercury web browser that could allow a remote attacker to read and write arbitrar... read more.

• August 26, 2015

By Nancy Rand, Posted in Security

August 21, Securityweek – (International) Thousands of hacked WordPress sites abused in Neutrino EK attacks. Security researchers from Zscaler discovered a malware campaign in which cybercriminals have compromised over 2,600 WordPress 4.2 and prior web sites in August by planting malicious iframes with redirects to Neutrino exploit kit (EK) landing pages. The Neutrino landing page exploits Adobe Flash Player vulnerabilities to inject CryptoWall 3.0 ransomware on victims’ computers. Source August 20, Agen... read more.

• August 25, 2015

By Nancy Rand, Posted in Security

August 20, Securityweek – (International) iOS sandbox flaw exposes companies using MDM solutions. Security experts from Appthority reported that organizations using mobile device management (MDM) solutions and enterprise mobility management (EMM) solutions are vulnerable to third-party app sandbox issue dubbed “Quicksand” in Apple’s iOS, in which an attacker could develop a malicious application that reads the configuration settings of managed applications. Source August 20, Securityweek – (International... read more.

• August 21, 2015

By Nancy Rand, Posted in Security

August 19, Securityweek – (International) Hackers leak Ashley Madison user data. Security experts reported that hackers released a 10 gigabyte (GB) file containing the personal information and payment records of over 30 million Ashley Madison discrete dating web sites users following a July breach and threats that information would be released if Avid Life Media Inc., continued its practices regarding user profile retention and confidentiality. Source August 19, Securityweek – (International) Adobe patch... read more.

• August 20, 2015

By Nancy Rand, Posted in Security

August 18, Securityweek – (International) High severity flaw in Android allows arbitrary code execution. Security researchers from Trend Micro discovered a heap overflow vulnerability in the Android operating system’s (OS) mediaserver Audio Policy Service, AudioEffect component, in which an app requiring no permissions could be used to execute arbitrary code. The vulnerability was patched in August security updates. Source August 18, Securityweek – (International) Darkode member admits selling access to... read more.

• August 20, 2015

By Ken Phelan, Posted in Uncategorized

I was out at Black Hat last week and I thought I’d sum up some of the things I learned for those of you who couldn’t make it - Top 10 things I learned at Black Hat: Hackers don’t look like they do in the movies. Well, some do, but not the majority of them. Hacking is less emo than you think. It’s also more boring than it looks on the movies. It’s really a long process of finding vulnerabilities in an environment and matching them to exploits. It’s more like data analysis than playing some kind of vid... read more.

• August 19, 2015

By Nancy Rand, Posted in Security

August 17, Securityweek – (International) Alerts issued for zero-day flaws in SCADA systems. The Industrial Control Systems Computer Emergency Response Team (ICS-CERT) published six advisories after security researchers from Elastica discovered several remote and local file inclusion, weak password hashing, insecure authentication, hardcoded credentials, weak cryptography, and cross-site request forgery (CSRF) vulnerabilities, among others, affecting Web-based Supervisory Control and Data Acquisition (SCADA... read more.

• August 18, 2015

By Nancy Rand, Posted in Security

August 14, IDG News Service – (International) Google has another try at patching Stagefright flaw. Google released a second update for a vulnerability affecting hundreds of millions of Android devices dubbed “Stagefright,” after security researchers from Exodus Intelligence discovered that a maliciously crafted MP4 file could be used to bypass a previous fix for the issue. Source August 14, Securityweek – (International) Apple releases patch for OS X vulnerability exploited in the wild. Apple released se... read more.

• August 17, 2015

By Nancy Rand, Posted in Security

August 13, Securityweek – (International) SAP Security updates patch 22 vulnerabilities. SAP released patches for 22 vulnerabilities and updated four previously release patches, including a remote code execution flaw in SAP ST-P that an attacker could leverage to compromise SAP servers and access information stored on them, and a Reflected File Download (RFD) in SAP’s NetWeaver AFP Servlet that could be exploited to push malware onto victims’ devices using a specially crafted link, among other flaws. Source... read more.

• August 14, 2015

By Nancy Rand, Posted in Security

August 12, Securityweek – (International) Firefox 40 patches vulnerabilities, expands malware protection. Mozilla released version 40 of its Firefox web browser patching about 20 issues and listing four critical advisories including, buffer overflow, integer overflow, use-after-free, and memory safety vulnerabilities which can result in exploitable crashes, among others. Source August 12, The Register – (International) Blacklists miss 90% of malware blogged IP love. RecordedFuture released findings from... read more.

• August 13, 2015