Blog

By Ed Bratter, Posted in Uncategorized

Background If your organization has deployed a Microsoft Certificate Authority (CA) for its PKI solution, your users probably started inquiring recently what the yellow triangle in the address bar of Google Chrome is all about (if they haven’t, either you are ahead of the curve or your users are… Well, I won’t go down that slippery slope). When clicking on the padlock, additional information shows that the website is encrypted with obsolete cryptography. Additionally, there is a reference that SHA1... read more.

• May 20, 2015

By Nancy Rand, Posted in Uncategorized

May 15, Softpedia – (International) Apache fixes vulnerability affecting security manager protections. The security team responsible for Apache Tomcat discovered a vulnerability in multiple versions of the software’s open-source web server and servlet container that could allow an attacker to bypass protections for the Security Manager component and run malicious web applications. Source May 14, CNN – (International) Washington Post mobile site temporarily shut down in apparent hack. The Washington Post... read more.

• May 19, 2015

By Hank Smith, Posted in Virtualization

Last week I had the privilege to attend Citrix Synergy 2015 down in Orlando, FL. In this blog I wanted to review some the key announcements Citrix made during the keynote. XenApp 6.5 Lifecycle Citrix loves XenApp, so much so that they extended the lifecycle for XenApp 6.5 to December 31, 2017. However, there is a catch; the extended date is only for customers that remain current in the Software Maintenance or Subscription Advantage and Technical Support programs. Otherwise the end of maintenance (EOM)... read more.

• May 18, 2015

By Nancy Rand, Posted in Uncategorized

May 14, Softpedia – (International) Cisco TelePresence vulnerable to unauthorized root access, denial of service. Cisco reported two vulnerabilities in versions of its TelePresence TC and TE video conference products in which an attacker could exploit improper authentication protocols for internal services to bypass authentication and obtain root access on the system, and a flaw in the network drivers in which an attacker could use specially crafted internet protocol (IP) packets sent at a high rate to caus... read more.

• May 18, 2015

By Nancy Rand, Posted in Security

May 13, Softpedia – (International) Flash Player 17.0.0.188 addresses security holes. Adobe released updates for Flash Player that fixed 18 vulnerabilities, including 10 memory corruption, heap overflow, integer overflow, type confusion, and use-after-free bugs that could allow an attacker to run arbitrary code on an affected system. Source May 13, Softpedia – (International) Mozilla Firefox 38 fixes 13 vulnerabilities, 5 are critical. Mozilla released fixes for 13 vulnerabilities in Firefox version 38,... read more.

• May 14, 2015

By Nancy Rand, Posted in Security

May 7, Threatpost – (International) Apple fixes webkit vulnerabilities in Safari browser. Apple released an update for its Safari Web browser fixing multiple vulnerabilities in Webkit, including memory corruption and anchor element issues that could be exploited by an attacker to send users to malicious Web sites, leading to arbitrary code execution or unexpected application termination, as well as a state management problem in which unprivileged origins could access file system contents via a specially cra... read more.

• May 11, 2015

By Nancy Rand, Posted in Security

May 6, Softpedia – (International) Tinba banking trojan checks for sandbox before launching. Security researchers from F-Secure discovered a new variant of the Tiny Banker (Tinba) trojan, which checks for mouse movement and the active window a user is working on to ensure that it is executed on a real machine and not a sandbox before running its malicious routines. The trojan also queries the number of cylinders available to the system’s storage device to determine if it is a virtual machine. Source May... read more.

• May 08, 2015

By Nancy Rand, Posted in Uncategorized

May 5, Help Net Security – (International) New AlphaCrypt ransomware delivered via Angler EK. Security researchers at Webroot and Rackspace discovered and determined that a new form of ransomware resembling TeslaCrypt and CryptoWall, dubbed AlphaCrypt, is being delivered via the Angler exploit kit (EK). Researchers stated that it differs from other ransomware variants by deleting volume snapshot services (VSS) and executing quietly in background processes to avoid detection. Source May 5, Help Net Securi... read more.

• May 06, 2015

By Nancy Rand, Posted in Uncategorized

May 4, Securityweek – (International) PayPal fixes remote code execution flaw in Partner Program website. PayPal fixed a vulnerability discovered by Vulnerability Lab researchers in its Partner Program Web site which would allow an attacker to leverage a bug in the site’s Java Debug Wire Protocol (JDWP) service to remotely execute server-side commands with root privileges. Source May 1, Threatpost – (International) Mozilla moving toward full HTTPS enforcement in Firefox. The Mozilla Foundation reported t... read more.

• May 06, 2015

By Nancy Rand, Posted in Security

May 1, Securityweek – (International) Security bug in ICANN portals exploited to access user data. The Internet Corporation for Assigned Names and Numbers (ICANN) released April 30 initial findings from an investigation revealing that a vulnerability in two of the organizations generic top-level domain (gTLD) portals had resulted in the exposure of 330 advanced search result records pertaining to 96 applicants and 21 registry operators since April 2013. The organization plans to contact both the affected us... read more.

• May 04, 2015