Blog

By Nancy Rand, Posted in Security

March 19, Softpedia – (International) Zero-days for Firefox, IE 11, Adobe’s Flash and Reader exploited at Pwn2Own 2015. Security researchers leveraged multiple zero-day vulnerabilities to exploit 13 undisclosed bugs in Adobe’s Flash and Reader, Mozilla’s Firefox, and Microsoft’s Internet Explorer 11 to take control of compromised systems through various methods, which included heap overflow remote code execution, a cross-origin vulnerability, and a use-after-free (UAF) remote code execution, among others at... read more.

• March 23, 2015

By Nancy Rand, Posted in Security

March 18, Softpedia – (International) Ransomware uses GnuPG encryption program to lock down files. Researchers from Bleeping Computer and Emsisoft discovered that cybercriminals are using open source GNU Privacy Guard (GnuPG) code and Visual Basic Scripting Edition (VBS) to power VaultCrypt ransomware that uses a 1024-bit RSA key pair to encrypt information and Microsoft’s sDelete application to remove data used in the process. The ransomware sends user log-in credentials for Web sites to a command and cont... read more.

• March 20, 2015

By Nancy Rand, Posted in Security

March 18, Securityweek – (International) Apple fixes WebKit vulnerabilities with release of Safari 8.0.4. Apple released Safari versions 8.0.4, 7.1.4, and 6.2.4, which address a total of 16 memory corruption issues that were identified in WebKit by Apple’s own security team, and Google Chrome Security Team, and included a user interface inconsistency. Source March 18, Securityweek – (International) Johnson Controls, XZERES, Honeywell patch vulnerable products. The Industrial Control Systems Cyber Emergen... read more.

• March 19, 2015

By Nancy Rand, Posted in Security

March 17, Softpedia – (International) D-Link patches against critical remote command and code execution flaws. D-Link released firmware updates patching two critical vulnerabilities that allowed attackers to intercept network traffic and execute commands on vulnerable devices and exploit cross-site request forgery (CSRF) attacks to create, modify, or delete data and execute code. Source March 16, IDG News Service – (International) OpenSSL mystery patches due for release Thursday. The OpenSSL Project Team... read more.

• March 18, 2015

By Nancy Rand, Posted in Security

March 16, The Register – (International) Brute force box lets researchers, cops, pop iDevice locks. A security researcher from MDSec discovered that the IP-Box tool exploits a vulnerability in iOS devices running versions 8.1 and older for iPhones or iPads that allows unlimited password guesses of four-digit personal identification numbers (PIN), allowing hackers to bypass rate-limiters and settings to gain personal data after a set of failed attempts. Source March 16, Securityweek – (International) WPML... read more.

• March 17, 2015

By Ken Phelan, Posted in Virtualization

Gotham rolled out this self-assessment at an event this week, and I thought I would share it with our Blog followers. First of all, let me clarify my use of the term DaaS. DaaS does not refer specifically to an outsourced or cloud Desktop. DaaS is your internal desktop offering, offered as a service. This can be delivered via traditional internal methods, cloud methods, or some hybrid. The important inflection to DaaS is that you’re offering your users a Desktop Service. It’s a productization issue. Your... read more.

• March 17, 2015

By Stephen Kilcoyne, Posted in Virtualization

At Citrix Summit earlier this year, Citrix announced a change in partnership requirements intended to help customers differentiate among Solution Advisors in a highly competitive market. All Platinum and Gold partners must now hold at least three of the following four specializations:     Virtualization     Networking for Data Center     Networking for Apps & Mobile Security     Mobility Management     Gotham is p... read more.

• March 17, 2015

By Nancy Rand, Posted in Security

March 13, Softpedia – (International) Google leaks Whois data for over 282,000 protected domains. Cisco Systems’ Talos researchers reported to Google that private information such as names, physical and email addresses, and phone numbers belonging to 282,867 domains registered through Google Apps’ registrar, eNom, were leaked for nearly two years due to a software defect that did not extend the company’s unlisted registration service, potentially exposing them to spam, spear-phishing attacks, or identity th... read more.

• March 16, 2015

By Nancy Rand, Posted in Security

March 12, Help Net Security – (International) 2,400 unsafe mobile apps found in average large enterprise. Veracode researchers found that hundreds of thousands of mobile applications installed in corporate environments across multiple industries revealed the average global enterprise contains approximately 2,400 unsafe applications in its mobile environment, including apps that expose sensitive data, perform suspicious security actions, or retrieve or share personal information about users. Source March... read more.

• March 13, 2015

By Nancy Rand, Posted in Security

March 10, Softpedia – (International) Exploit code published for Elasticsearch remote code execution flaw. Security researchers at Xiphos Research created an exploit for a glitch in Elasticsearch versions earlier than 1.3.8 and 1.4.3 that allows server-side code execution by passing Groovy code in a search query and executing it in the sandbox. The glitch was patched in updates released February 11. Source March 10, Threatpost – (International) Yahoo patches critical eCommerce, small business vulnerabili... read more.

• March 11, 2015