Blog

By Nancy Rand, Posted in Security

March 4, Softpedia – (International) Strong SSL/TLS ciphers downgraded to use weak crypto key in FREAK attack. A security researcher at INRIA and the Microsoft Research Team identified a serious vulnerability in the implementation of secure sockets layer (SSL) and transport layer security (TLS) protocols on Apple and Android devices that can be abused through man-in-the-middle (MitM) attacks that capitalize on abandoned policies to force the use of weak RSA keys, potentially leaving a wide range of governme... read more.

• March 05, 2015

By Nancy Rand, Posted in Security

March 3, Help Net Security – (International) Phishers target victims of iOS device theft. Security researchers at Malwarebytes discovered an elaborate phishing campaign that targets victims of iOS device theft by using spoofed messages and a fake iCloud log-in Web page, which is available in 10 different languages, to steal users’ log-in credentials, enabling the thieves to unlock the stolen devices. Source March 3, Securityweek – (International) Lossy image compression can hide malicious code in PDF fil... read more.

• March 05, 2015

By Hank Smith, Posted in Infrastructure

Citrix announced the release of XenMobile 10 this past January although it was officially available for download in February. XenMobile 10 brings some new features and some much needed enhancements. New Features and Enhancements I will not go over all the new stuff (you can read that here), however I do want to go over the new features and enhancements that I have heard many customers requesting. XenMobile Server – Citrix combined the AppController and XenMobile Device Manager server into a single... read more.

• March 04, 2015

By Nancy Rand, Posted in Security

March 2, Help Net Security – (International) 0-day flaw in Seagate NAS devices endangers thousands. A security researcher discovered that certain firmware versions of Seagate Business Storage 2-Bay NAS devices are susceptible to an easily-exploitable zero-day remote code execution vulnerability due to outdated Web-enabled application management versions of Hypertext Preprocessor (PHP), CodeIgniter, and Lighttpd technologies that contain known security issues. The company is reportedly working on the issue.... read more.

• March 03, 2015

By Nancy Rand, Posted in Security

February 27, Softpedia – (International) Apps bypass Google Play verification and spew tempest of ads. Bitdefender security researchers discovered 10 apps hosted in Google Play that use social engineering to trick users into installing ad-spewing software and relied on deceptive tactics to ensure persistence on users’ devices. None of the apps linked to Web sites hosting malware, allowing the apps to bypass Google Play quality controls. Source February 27, Securityweek – (International) Critical vulnerab... read more.

• March 02, 2015

By Nancy Rand, Posted in Uncategorized

February 26, Securityweek – (International) Lizard Squad hijacks Lenovo website, emails. Lizard Squad hackers hijacked the Lenovo Web site and email servers by using CloudFlare IP addresses to modify DNS records in Lenovo domain registrar accounts and redirect users to defacement pages, and changed mail server records to allow the group to intercept emails sent to Lenovo email addresses. The hijacking mirrored a similar attack that targeted Google Vietnam during the week of February 23. Source February 2... read more.

• February 27, 2015

By Nancy Rand, Posted in Security

February 25, Securityweek – (International) Mozilla fixes 17 vulnerabilities in Firefox 36. Mozilla released version 36 of its Firefox browser closing 17 vulnerabilities and flaws, including 4 rated as critical. Source February 25, Help Net Security – (International) New DDoS attack and tools use Google Maps plugin as proxy. PLXsert security researchers discovered that attackers are exploiting a known vulnerability in Joomla’s Google Maps plugin by spoofing the sources of requests, causing results to be... read more.

• February 26, 2015

By Nancy Rand, Posted in Security

February 23, SC Magazine – (International) Older vulnerabilities a top enabler of breaches, according to report. Hewlett Packard security researchers reported that 44 percent of known breaches happened as a result of server misconfigurations and vulnerabilities discovered years ago. The report cites 33 percent of identified exploit samples from Microsoft Windows, 11 percent from Adobe Reader and Acrobat, 6 bugs in Oracle Java, and 2 flaws in Microsoft Office flaws. Source February 23, Securityweek – (Int... read more.

• February 25, 2015

By Ken Phelan, Posted in Security

I was out to dinner with my parents the other night and my mother started getting on my case. You know, the way mothers do. “Kenneth.” Yes, I’m a grown man and my mother still calls me Kenneth when she’s angry with me. “I’ve been reading the paper and there are all these security problems all the time. Aren’t you supposed to be fixing this? There must be something you can do to stop it. It seems like quite a problem.” Mothers. How is it that they can bundle up a wonderful compliment (I’m capable... read more.

• February 25, 2015

By Nancy Rand, Posted in Security

February 23, The Register – (International) Cisco IPv6 processing bug can cause DoS attacks. Cisco announced that its NCS 6000 and Carrier Routing System (CRS-X) contain an IPv6 software bug that attackers could repeatedly exploit by sending a malformed IPv6 packet, carrying extension headers, through an affected Cisco IOS XR device line card to cause an extended denial of service (DoS) condition. Source February 23, Securityweek – (International) Superfish SSL interception library found in several appli... read more.

• February 24, 2015