Blog

By Nancy Rand, Posted in Security

March 30, Help Net Security – (International) Massive DDoS against GitHub continues. Systems engineers at GitHub reported that complex, large-scale distributed denial-of-service (DDoS) attacks against the company’s servers that started March 26 are ongoing but that all of the Web site’s services are available to users. Security researchers from Insight Labs traced the start of the attack to advertising and visitor tracking provided by the Chinese search engine Baidu. Source   ... read more.

  • March 31, 2015

By Hank Smith, Posted in Virtualization

What is vGPU? vGPU provides the ability to virtualize the GPU of a graphics card, specifically an NVIDIA K card. Most applications in VDI environments do not require a GPU; however, for CAD, engineering, and medical applications, GPUs are typically required. For more information on vGPU take a look at this article. Citrix Citrix recently announced vGPU support for mixed environments - Citrix XenDesktop/XenApp on the front-end and VMware vSphere on the back end. The requirements for vGPU are VMware... read more.

  • March 30, 2015

By Nancy Rand, Posted in Security

March 26, Softpedia – (International) Microsoft revokes rogue digital certificate for Google and other web domains. Microsoft updated its Certificate Trust List (CTL) for Windows operating systems, and pushed automatic updates to revoke a certificate fraudulently issued by Egypt-based MCS Holdings. The fraudulent certificates affected several Google domains, as well as other domains, and left Windows users vulnerable to Web content spoofing, phishing, and man-in-the-middle (MitM) attacks. Source March 26... read more.

  • March 27, 2015

By Nancy Rand, Posted in Security

March 25, Securityweek – (International) Over 15,000 vulnerabilities detected in 2014: Secunia. Secunia released its annual vulnerability review and found that 15,435 vulnerabilities across 3,870 applications from 500 vendors were discovered in 2014, 11 percent of which were considered highly critical, while .3 percent were rated extremely critical. The report also states that over 60 percent of attacks occurred through remote networks, making it the most common attack vector, among other trends. Source ... read more.

  • March 26, 2015

By Nancy Rand, Posted in Security

March 24, Softpedia – (International) Jailbroken iPhones unlocked with software brute-force tool in 14 hours, tops. An iOS jailbreaker published a software library under the GNU General Public License called TransLock, that unlocks iOS devices in 14 hours or less via brute-force by injecting itself into the app that manages the device’s home screen, and setting return values in the “SBFDeviceLockController” class to “No”, allowing unlimited attempts and the ability to try a new PIN every five seconds. The t... read more.

  • March 25, 2015

By Nancy Rand, Posted in Security

March 23, Softpedia – (International) New point-of-sale malware PoSeidon exfiltrates card data to Russian domains. Security researchers from Cisco Systems’ Talos Security Intelligence and Research Group discovered that cybercriminals are using a new point-of-sale (PoS) malware family dubbed PoSeidon that infects systems via a binary file and uses a memory scraping technique to retrieve and clone Discover, American Express, MasterCard, and Visa card information before delivering it to command and control (C&... read more.

  • March 24, 2015

By Nancy Rand, Posted in Security

March 19, Softpedia – (International) Zero-days for Firefox, IE 11, Adobe’s Flash and Reader exploited at Pwn2Own 2015. Security researchers leveraged multiple zero-day vulnerabilities to exploit 13 undisclosed bugs in Adobe’s Flash and Reader, Mozilla’s Firefox, and Microsoft’s Internet Explorer 11 to take control of compromised systems through various methods, which included heap overflow remote code execution, a cross-origin vulnerability, and a use-after-free (UAF) remote code execution, among others at... read more.

  • March 23, 2015

By Nancy Rand, Posted in Security

March 18, Softpedia – (International) Ransomware uses GnuPG encryption program to lock down files. Researchers from Bleeping Computer and Emsisoft discovered that cybercriminals are using open source GNU Privacy Guard (GnuPG) code and Visual Basic Scripting Edition (VBS) to power VaultCrypt ransomware that uses a 1024-bit RSA key pair to encrypt information and Microsoft’s sDelete application to remove data used in the process. The ransomware sends user log-in credentials for Web sites to a command and cont... read more.

  • March 20, 2015

By Nancy Rand, Posted in Security

March 18, Securityweek – (International) Apple fixes WebKit vulnerabilities with release of Safari 8.0.4. Apple released Safari versions 8.0.4, 7.1.4, and 6.2.4, which address a total of 16 memory corruption issues that were identified in WebKit by Apple’s own security team, and Google Chrome Security Team, and included a user interface inconsistency. Source March 18, Securityweek – (International) Johnson Controls, XZERES, Honeywell patch vulnerable products. The Industrial Control Systems Cyber Emergen... read more.

  • March 19, 2015

By Nancy Rand, Posted in Security

March 17, Softpedia – (International) D-Link patches against critical remote command and code execution flaws. D-Link released firmware updates patching two critical vulnerabilities that allowed attackers to intercept network traffic and execute commands on vulnerable devices and exploit cross-site request forgery (CSRF) attacks to create, modify, or delete data and execute code. Source March 16, IDG News Service – (International) OpenSSL mystery patches due for release Thursday. The OpenSSL Project Team... read more.

  • March 18, 2015