Blog

By Nancy Rand, Posted in Security

June 10, SearchSecurity – (International) June 2015 Patch Tuesday brings critical IE security fix, Flash update. Microsoft today released its June 2015 Patch Tuesday updates, delivering a total of eight bulletins that address 45 unique vulnerabilities. The two updates marked "critical" -- one each for Internet Explorer and Windows Media Player vulnerabilities that could result in remote code execution -- are paired with six "important" updates affecting Microsoft Office, Windows and Exchange Server. MS15-05... read more.

• June 10, 2015

By Nancy Rand, Posted in Security

June 8, Securityweek – (International) MalumPOS malware targets Oracle Micros PoS systems. Security researchers at Trend Micro discovered a new point-of-sale (PoS) malware dubbed MalumPOS that is targeting Oracle’s Micros and other PoS platforms via files disguised as display drivers before targeting up to 100 running processes to scrape payment card information. Source June 8, Securityweek – (International) NIST updates ICS cyber security guide. The National Institute of Standards and Technology (NIST)... read more.

• June 09, 2015

By Nancy Rand, Posted in Security

June 5, Softpedia – (International) Zeus banking trojan variant goes completely undetected. A security researcher from PricewaterhouseCoopers discovered that a new variant of the Zeus banking trojan delivered via the Neutrino exploit kit (EK) is completely undetectable by most antivirus products, and that encoded data in the EK indicates that the trojan is part of a new malicious campaign. Source June 4, Threatpost – (International) Adware-laden Skype botnet disrupted. Security researchers from PhishMe a... read more.

• June 08, 2015

By Nancy Rand, Posted in Security

June 5, CNN – U.S. government hacked; feds think China is the culprit. Four million current and former federal employees, from nearly every government agency, might have had their personal information stolen by Chinese hackers, U.S. investigators said. U.S. officials believe this could be the biggest breach ever of the government's computer networks. China called the allegation irresponsible. Source June 4, Softpedia – (International) Hoard of vulnerabilities found in SysAid Help Desk. A security researc... read more.

• June 05, 2015

By Nancy Rand, Posted in Uncategorized

June 3, Help Net Security – (International) Weak SSH keys opened many GitHub repositories to compromise. A security researcher discovered that large numbers of GitHub repositories are vulnerable to compromise and the delivery of malicious code due to a flaw that generated weak cryptographic secure shell (SSH) keys until 2008. Source June 3, Help Net Security – (International) IoT devices entering enterprises, opening company networks to attacks. A recently released OpenDNS report on Internet of Things (I... read more.

• June 04, 2015

By Nancy Rand, Posted in Security

June 2, Securityweek – (International) Exploit for recently patched Flash flaw added to Magnitude, Neutrino, Nuclear Pack. Security researchers from Kafeine discovered that the Magnitude, Neutrino, and Nuclear Pack exploit kits (EKs) are leveraging a recently published Adobe Flash Player memory corruption vulnerability to deliver variants of the Andromeda malware and CryptoWall ransomware. Source June 2, Softpedia – (International) Dyre banking trojan aims at Europe and North America, infections double u... read more.

• June 04, 2015

By Ken Phelan, Posted in Virtualization

My daughter Joyce is graduating this week with a Master’s Degree in Occupational Therapy (#joytheot). Joyce has spent some time educating me on Occupational Therapy, and one of the concepts that I really like is OT’s position on Client Centered Care. I think there is a message there for us in the IT industry. Client Centered Care starts with getting its goals directly from the client. If I was to be in some kind of accident, the healthcare industry would work to put me back together. They would try to re... read more.

• June 02, 2015

By Nancy Rand, Posted in Security

June 1, IDG News Service – (International) Apple vulnerability could allow firmware modifications, researcher says. A security researcher discovered a vulnerability in the firmware of Apple computers made before mid-2014 in which an attacker could tamper with the system’s unified extensible firmware interface (UEFI) and install a rootkit by exploiting a flaw that unlocks UEFI code when a computer goes to sleep and reawakens. Source May 30, Softpedia – (International) Blue coat patches SSL visibility appl... read more.

• June 02, 2015

By Nancy Rand, Posted in Security

May 29, Softpedia – (International) Non-sophisticated malware steals thousands of credentials from targeted SMBs. Security researchers from Kaspersky discovered a large malware campaign, dubbed Grabit that has infiltrated small and medium businesses worldwide across a variety of sectors with a commercial keylogger called HawkEye and several remote administration tools (RATs) distributed via emails containing malicious macro-laden Microsoft Word documents. The researchers reported that the campaign has colle... read more.

• June 01, 2015

By Nancy Rand, Posted in Security

May 28, Softpedia – (International) Apache Cordova glitch allows tampering with mobile app behavior. A security researcher at Trend Micro discovered a high-severity security flaw in Android apps built with Apache Cordova which could allow an attacker to use locally compromised apps or remote web servers to inject malicious intent bundles by taking advantage of default behavior preferences in the Cordova framework. Source May 27, Softpedia – (International) Flash Player vulnerability exploited 2 weeks aft... read more.

• May 29, 2015