Blog

By Nancy Rand, Posted in Security

June 16, Infosecurity Magazine – (International) Stegoloader malware hides in images on legit sites. Security researchers from Dell SecureWorks released findings from a report warning of potential new trend in which malware uses digital stenography to evade detection and steal information from affected users via various configurable modules. Source June 16, Softpedia – (International) LastPass has been hacked, change your master password now. Officials from LastPass advised that users change their master... read more.

• June 17, 2015

By Nancy Rand, Posted in Security

June 15, CNN.com – Irony alert: Password-storing company is hacked. On Monday, LastPass announced that hackers broke into its computer system and got access to user email addresses, password reminders, and encrypted versions of people's master passwords. Source June 15, Threatpost – (International) Popular WordPress SEO plugin fixes XSS bug. Security researchers discovered a cross-site scripting (XSS) vulnerability in the Yoast WordPress SEO plugin in which an attacker could leverage “snippet preview” fu... read more.

• June 16, 2015

By Nancy Rand, Posted in Security

June 12, Softpedia – (International) 44.5 million new malware variants recorded in 1 month. Symantec released findings from a report revealing that new malware variants increased by over 50 percent in May to 44.5 million, that the most commonly seen threat on the Apple OS X operating system (OS) was a trojan virus that changes the domain name system settings of affected computers, and that medium-sized companies were the most frequently targeted by spear-phishing attacks. Source June 12, Softpedia – (Int... read more.

• June 15, 2015

By Nancy Rand, Posted in Security

June 11, Securityweek – (International) Serious flaw in iOS mail app exposes users to phishing attacks. A Czech security researcher discovered a vulnerability in Apple’s iOS mobile operating system (OS) in which an attacker can create emails that load remote Hypertext Markup Language (HTML) content when opened, prompting users to input credentials that are sent back to the attacker. Source June 11, Softpedia – (International) Malvertising campaign hits Bejeweled Blitz game on Facebook, CNN Indonesia. Sec... read more.

• June 12, 2015

By Nancy Rand, Posted in Security

June 10, Softpedia – (International) Microsoft patches zero-day used in targeted attacks. Microsoft released eight security bulletins, including vulnerability in Windows’ kernel-mode driver Win32k.sys that was leveraged by threat actors to elevate privileges and execute arbitrary code on affected machines. The bulletins also included two critical security patches for Internet Explorer and Windows Media Player that could have allowed the possibility of remote code execution. Source June 10, Help Net Secur... read more.

• June 11, 2015

By Nancy Rand, Posted in Security

June 10, SearchSecurity – (International) June 2015 Patch Tuesday brings critical IE security fix, Flash update. Microsoft today released its June 2015 Patch Tuesday updates, delivering a total of eight bulletins that address 45 unique vulnerabilities. The two updates marked "critical" -- one each for Internet Explorer and Windows Media Player vulnerabilities that could result in remote code execution -- are paired with six "important" updates affecting Microsoft Office, Windows and Exchange Server. MS15-05... read more.

• June 10, 2015

By Nancy Rand, Posted in Security

June 8, Securityweek – (International) MalumPOS malware targets Oracle Micros PoS systems. Security researchers at Trend Micro discovered a new point-of-sale (PoS) malware dubbed MalumPOS that is targeting Oracle’s Micros and other PoS platforms via files disguised as display drivers before targeting up to 100 running processes to scrape payment card information. Source June 8, Securityweek – (International) NIST updates ICS cyber security guide. The National Institute of Standards and Technology (NIST)... read more.

• June 09, 2015

By Nancy Rand, Posted in Security

June 5, Softpedia – (International) Zeus banking trojan variant goes completely undetected. A security researcher from PricewaterhouseCoopers discovered that a new variant of the Zeus banking trojan delivered via the Neutrino exploit kit (EK) is completely undetectable by most antivirus products, and that encoded data in the EK indicates that the trojan is part of a new malicious campaign. Source June 4, Threatpost – (International) Adware-laden Skype botnet disrupted. Security researchers from PhishMe a... read more.

• June 08, 2015

By Nancy Rand, Posted in Security

June 5, CNN – U.S. government hacked; feds think China is the culprit. Four million current and former federal employees, from nearly every government agency, might have had their personal information stolen by Chinese hackers, U.S. investigators said. U.S. officials believe this could be the biggest breach ever of the government's computer networks. China called the allegation irresponsible. Source June 4, Softpedia – (International) Hoard of vulnerabilities found in SysAid Help Desk. A security researc... read more.

• June 05, 2015

By Nancy Rand, Posted in Uncategorized

June 3, Help Net Security – (International) Weak SSH keys opened many GitHub repositories to compromise. A security researcher discovered that large numbers of GitHub repositories are vulnerable to compromise and the delivery of malicious code due to a flaw that generated weak cryptographic secure shell (SSH) keys until 2008. Source June 3, Help Net Security – (International) IoT devices entering enterprises, opening company networks to attacks. A recently released OpenDNS report on Internet of Things (I... read more.

• June 04, 2015