Blog

By Nancy Rand, Posted in Security

September 22, Securityweek – (International) Adobe patches 23 vulnerabilities in Flash Player. Adobe released updates for Flash Player addressing 23 information disclosure, security bypass, memory leak, type confusion, use-after-free, buffer overflow, stack corruption, and memory corruption vulnerabilities, and includes additional validation checks to ensure rejection of malicious content from vulnerable JSONP callback Application Program Interfaces (APIs), among other improvements. Source September 22,... read more.

• September 23, 2015

By Nancy Rand, Posted in Security

September 20, Softpedia – (International) Three Symantec employees fired for issuing fake Google SSL certificates. Symantec fired three employees for issuing rogue Secure Sockets Layer (SSL) certificates after Google engineers working for the Certificate Transparency project discovered that the company had issued fake Google.com certificates with “extended validation” labels. Source September 20, IDG News Service – (International) Apple removes malware-infected iOS apps from store. Apple officials report... read more.

• September 22, 2015

By Nancy Rand, Posted in Security

September 18, SC Magazine – (International) VMware addresses vulnerability in vCenter server. VMware released an update addressing a certificate validation vulnerability in select versions of its vCenter Server which an attacker could exploit to intercept traffic between the vCenter Server and the Lightweight Directory Access Protocol (LDAP) server to capture sensitive information. Source September 18, Softpedia – (International) D-Link accidentally publishes code signing keys. A Norwegian developer and... read more.

• September 21, 2015

By Nancy Rand, Posted in Uncategorized

September 16, Reuters – (National) Homeland Security websites vulnerable to cyber attack: Audit. The Office of the Inspector General for DHS released a report September 15 citing several deficiencies within DHS’s information systems, including lapses in internal systems used by several agencies that may allow unauthorized individuals to gain access to sensitive data, and the need to establish a cyber-training program for analysts and investigators, among other findings. Source September 16, Threatpost –... read more.

• September 18, 2015

By Nancy Rand, Posted in Security

September 14, Securityweek – (International) Attackers use Google Search Console to hide website hacks. Security researchers from Sucuri discovered that cybercriminals have been using the Google Search Console to improve spam page search engine optimization (SEO) and to hide their presence on hijacked websites by receiving notification when hacks are detected, and by unverifying legitimate website owners. Source September 14, Help Net Security – (International) New malware can make ATMs not give users’ c... read more.

• September 15, 2015

By Nancy Rand, Posted in Security

September 11, Securityweek – (International) Yokogawa patches serious flaws in ICS products. Japan-based Yokogawa Electric released patches addressing three critical flaws related to network communication functions affecting several of the company’s industrial control system (ICS) products. The remotely exploitable vulnerabilities include buffer overflows and a flaw that could allow an attacker to execute arbitrary code. Source September 10, Securityweek – (International) No patches available for flaws i... read more.

• September 14, 2015

By Nancy Rand, Posted in Security

September 10, Securityweek – (International) SAP updates patch twenty vulnerabilities. Germany-based SAP enterprise software maker updated 5 previously released patches and issued a new patch addressing 20 vulnerabilities including 8 that were missing authorization checks, 6 cross-site scripting (XSS) bugs, an information disclosure vulnerability, cross-site forgery (CSRF), remote code execution, SQL injection, in addition to other types of attacks. Source September 10, Help Net Security – (International... read more.

• September 11, 2015

By Nancy Rand, Posted in Security

September 9, Securityweek – (International) Microsoft patches Windows vulnerability exploited in the wild. Microsoft released security bulletins patching over 50 vulnerabilities, including a Win32k memory corruption flaw allowing privilege escalation that has been exploited in the wild, a kernel address space layout randomization (ASLR) bypass, a Windows Media Center remote code execution (RCE) vulnerability, a .NET Framework integer overflow, and a memory corruption flaw in the Edge and Internet Explorer W... read more.

• September 10, 2015

By Nancy Rand, Posted in Security

September 4, Securityweek – (International) Cisco patches flaw in data center management products. Cisco released software updates addressing a remotely exploitable JavaServer Pages (JSP) vulnerability in the company’s UCS Director and Integrated Management Controller (IMC) Supervisor products which could allow an unauthenticated attacker to use specially crafted HyperText Transfer Protocol (HTTP) requests to overwrite arbitrary files, resulting in instability or a denial-of-service (DoS) condition. Source ... read more.

• September 08, 2015

By Ken Phelan, Posted in Uncategorized

It’s a longstanding joke among technologists. The only problem with technology is the people who use it. I think the joke needs an update. The only problem with technology platforms is applications. I was talking to some of my virtual desktop friends the other day. We were talking about their challenges in keeping a stable platform in the face of the corporate chaos. Every day brings new underlying challenges. There are new applications. There are new security requirements on a regular basis. Even the fo... read more.

• September 08, 2015