Blog

By Nancy Rand, Posted in Security

July 9, Securityweek – (International) APT-style evasion techniques spotted in “Kofer” ransomware campaign. Security researchers from Cybereason discovered a ransomware campaign primarily targeting European users dubbed “Operation Kofer” that is mimicking advanced persistent threat (APT) operations by continuously generating new variants of the same malware to evade detection, among other anti-detection techniques. Source July 9, CSO Online – (International) Despite warnings, majority of firms still run... read more.

• July 10, 2015

By Timothy Karl, Posted in Uncategorized

Starting with Presentation Server 4.5, Citrix introduced a feature called Proximity Printing. This feature allows an administrator to control the assignment of network printers based on a user’s location using a combination of session printer policies and filters, e.g., mapping a network printer based on a client IP address, or a range of client IP addresses. With XenApp 6 and later versions, the client IP address filter changed, and the option to enter an IP address range was removed. The only option wi... read more.

• July 09, 2015

By Nancy Rand, Posted in Security

July 7, Help Net Security – (International) Flaw allows hijacking of professional surveillance AirLive cameras. Engineers from Core Security discovered vulnerabilities in AirLive’s surveillance cameras in which an attacker could invoke computer-generated imagery (CGI) files without authentication or utilize backdoor accounts to execute arbitrary operating system commands, possibly allowing the attacker to see camera’s transmission stream and compromise network devices. Source July 6, Threatpost – (Intern... read more.

• July 08, 2015

By Nancy Rand, Posted in Security

July 6, Securityweek – (International) KINS malware toolkit leaked online. Security researchers from MalwareMustDie reported that version 2.0 of the KINS banking trojan toolkit was leaked and widely distributed on the Internet, and that the malware’s developers have integrated ZeusVM banking trojan technology in the newest release, including the use of stenography to conceal configuration data. Source July 6, Softpedia – (International) Govt supplier of surveillance software gets hacked, 400GB of data le... read more.

• July 07, 2015

By Nancy Rand, Posted in Security

July 2, Threatpost – (International) Cisco UCDM platform ships with default, static password. Cisco warned customers that its Unified Communications Domain Manager Platform software versions prior to 4.4.5 have a default, static password for an account with root privileges, possibly allowing an unauthenticated remote attacker to take full control of an affected system with root privileges. Source July 2, Softpedia – (International) GhostShell hackers reveal 548 targets, links to dumps. Hackers associated... read more.

• July 06, 2015

By Timothy Karl, Posted in Uncategorized

Maintaining a Citrix environment with the latest Microsoft and Citrix hotfixes is critical to the health of every environment. However, keeping up-to-date with all of the recommended hotfixes can be a time-consuming process for administrators. The good news is Citrix maintains several support articles that provide recommended hotfixes for various Citrix products. Updated articles are posted when new Citrix and Microsoft hotfixes become available. I highly recommend that every Citrix administrator reads t... read more.

• July 02, 2015

By Nancy Rand, Posted in Security

July 1, Securityweek – (International) Attackers abuse RIPv1 Protocol for DDoS reflection: Akami. Security researchers from Akami discovered that malicious actors have been leveraging routers running Routing Information Protocol version 1 (RIPv1) to reflect distributed denial-of-service (DDoS) attacks by creating malicious requests for routes and then spoofing the source Internet protocol (IP) address to match the one of the targeted system. Source July 1, Softpedia – (International) iOS 8.4 fixes 33 sec... read more.

• July 02, 2015

By Nancy Rand, Posted in Security

June 30, Softpedia – (International) Dridex is the most prevalent banking malware in the corporate sector. SecurityScorecard released findings from a report revealing that the Dridex banking trojan was the most prevalent malware found in corporate environments from January – May, primarily targeting the manufacturing and retail sectors, followed by the Beloh and Tinba trojans, which targeted telecommunications and technologies companies. Source June 30, Securityweek – (International) Yahoo patches SSRF v... read more.

• July 02, 2015

By Nancy Rand, Posted in Security

June 29, Securityweek – (International) Security firm discloses details of Amazon Fire Phone vulnerabilities. MWR InfoSecurity released details on three recently patched Amazon Fire Phone vulnerabilities, including flaws in the CertInstaller package that can allow third party applications to install digital certificates to intercept encrypted traffic via man-in-the-middle attacks, and an issue with the Android Debug Bridge (ADB) in which an attacker could bypass the lock screen, steal information, add and r... read more.

• June 30, 2015

By Nancy Rand, Posted in Security

June 25, Help Net Security – (International) Samsung disables Windows Update, undermines the security of your devices. A security researcher discovered that the Samsung SW Update software for Microsoft Windows personal computers (PCs) runs an executable file upon start-up that disables Windows Update to prevent driver and update software conflicts, posing a security risk to users. Microsoft has reportedly contacted Samsung to address the issue. Source June 25, Help Net Security – (International) The down... read more.

• June 29, 2015