Blog

By Nancy Rand, Posted in Security

July 15, IDG News Service – (International) Darkode computer hacking forum shuts after investigation spanning 20 countries. U.S. authorities filed hacking charges against 12 suspects affiliated with the Darkode hacker Web forum after the FBI and law enforcement organizations from 20 countries shut down the site and arrested or searched 70 Darkode members worldwide. The Web site allowed hackers to share technology and tradecraft used to infect computers and wireless devices of victims. Source July 15, Sof... read more.

• July 16, 2015

By Nancy Rand, Posted in Security

July 14, Threatpost – (International) Flash Player update patches two Hacking Team zero days. Adobe released patches addressing two critical use-after-free vulnerabilities in ActionScript 3 revealed in data dumped from a recent breach of the Italian surveillance software company Hacking Team. Both flaws allowed an attacker to use a Web site hosting the exploit to completely take over an affected system. Source July 13, Threatpost – (International) Kaseya patches two bugs in VSA IT management platform. Ka... read more.

• July 15, 2015

By Nancy Rand, Posted in Security

July 13, Securityweek – (International) APT group uses Seaduke trojan to steal data from high-value targets. Security researchers from Symantec released an analysis of the highly-configurable Seaduke trojan used by an advanced persistent threat (APT) group known for cyber-espionage attacks against high-value targets including government organizations. The report revealed that the trojan is installed onto select systems through the CozyDuke trojan, and that it shares similarities with other “Duke” malware. S... read more.

• July 14, 2015

By Nancy Rand, Posted in Security

July 10, Securityweek – (International) Chinese APT group uses Hacking Team’s Flash Player exploit. Security researchers from Volexity reported that the Wekby advanced persistent threat group (APT), also known as APT 18, Dynamite Panda, and TG-0416, was leveraging an Adobe Flash Player exploit revealed through the July breach of the software company Hacking Team by sending spear-phishing emails purporting to be from Adobe which directed users to download a compromised Flash Player file containing malware. S... read more.

• July 13, 2015

By Nancy Rand, Posted in Security

July 9, Securityweek – (International) APT-style evasion techniques spotted in “Kofer” ransomware campaign. Security researchers from Cybereason discovered a ransomware campaign primarily targeting European users dubbed “Operation Kofer” that is mimicking advanced persistent threat (APT) operations by continuously generating new variants of the same malware to evade detection, among other anti-detection techniques. Source July 9, CSO Online – (International) Despite warnings, majority of firms still run... read more.

• July 10, 2015

By Timothy Karl, Posted in Uncategorized

Starting with Presentation Server 4.5, Citrix introduced a feature called Proximity Printing. This feature allows an administrator to control the assignment of network printers based on a user’s location using a combination of session printer policies and filters, e.g., mapping a network printer based on a client IP address, or a range of client IP addresses. With XenApp 6 and later versions, the client IP address filter changed, and the option to enter an IP address range was removed. The only option wi... read more.

• July 09, 2015

By Nancy Rand, Posted in Security

July 7, Help Net Security – (International) Flaw allows hijacking of professional surveillance AirLive cameras. Engineers from Core Security discovered vulnerabilities in AirLive’s surveillance cameras in which an attacker could invoke computer-generated imagery (CGI) files without authentication or utilize backdoor accounts to execute arbitrary operating system commands, possibly allowing the attacker to see camera’s transmission stream and compromise network devices. Source July 6, Threatpost – (Intern... read more.

• July 08, 2015

By Nancy Rand, Posted in Security

July 6, Securityweek – (International) KINS malware toolkit leaked online. Security researchers from MalwareMustDie reported that version 2.0 of the KINS banking trojan toolkit was leaked and widely distributed on the Internet, and that the malware’s developers have integrated ZeusVM banking trojan technology in the newest release, including the use of stenography to conceal configuration data. Source July 6, Softpedia – (International) Govt supplier of surveillance software gets hacked, 400GB of data le... read more.

• July 07, 2015

By Nancy Rand, Posted in Security

July 2, Threatpost – (International) Cisco UCDM platform ships with default, static password. Cisco warned customers that its Unified Communications Domain Manager Platform software versions prior to 4.4.5 have a default, static password for an account with root privileges, possibly allowing an unauthenticated remote attacker to take full control of an affected system with root privileges. Source July 2, Softpedia – (International) GhostShell hackers reveal 548 targets, links to dumps. Hackers associated... read more.

• July 06, 2015

By Timothy Karl, Posted in Uncategorized

Maintaining a Citrix environment with the latest Microsoft and Citrix hotfixes is critical to the health of every environment. However, keeping up-to-date with all of the recommended hotfixes can be a time-consuming process for administrators. The good news is Citrix maintains several support articles that provide recommended hotfixes for various Citrix products. Updated articles are posted when new Citrix and Microsoft hotfixes become available. I highly recommend that every Citrix administrator reads t... read more.

• July 02, 2015