Blog

By Hank Smith, Posted in Virtualization

Last week I had the privilege to attend Citrix Synergy 2015 down in Orlando, FL. In this blog I wanted to review some the key announcements Citrix made during the keynote. XenApp 6.5 Lifecycle Citrix loves XenApp, so much so that they extended the lifecycle for XenApp 6.5 to December 31, 2017. However, there is a catch; the extended date is only for customers that remain current in the Software Maintenance or Subscription Advantage and Technical Support programs. Otherwise the end of maintenance (EOM)... read more.

• May 18, 2015

By Nancy Rand, Posted in Uncategorized

May 14, Softpedia – (International) Cisco TelePresence vulnerable to unauthorized root access, denial of service. Cisco reported two vulnerabilities in versions of its TelePresence TC and TE video conference products in which an attacker could exploit improper authentication protocols for internal services to bypass authentication and obtain root access on the system, and a flaw in the network drivers in which an attacker could use specially crafted internet protocol (IP) packets sent at a high rate to caus... read more.

• May 18, 2015

By Nancy Rand, Posted in Security

May 13, Softpedia – (International) Flash Player 17.0.0.188 addresses security holes. Adobe released updates for Flash Player that fixed 18 vulnerabilities, including 10 memory corruption, heap overflow, integer overflow, type confusion, and use-after-free bugs that could allow an attacker to run arbitrary code on an affected system. Source May 13, Softpedia – (International) Mozilla Firefox 38 fixes 13 vulnerabilities, 5 are critical. Mozilla released fixes for 13 vulnerabilities in Firefox version 38,... read more.

• May 14, 2015

By Nancy Rand, Posted in Security

May 7, Threatpost – (International) Apple fixes webkit vulnerabilities in Safari browser. Apple released an update for its Safari Web browser fixing multiple vulnerabilities in Webkit, including memory corruption and anchor element issues that could be exploited by an attacker to send users to malicious Web sites, leading to arbitrary code execution or unexpected application termination, as well as a state management problem in which unprivileged origins could access file system contents via a specially cra... read more.

• May 11, 2015

By Nancy Rand, Posted in Security

May 6, Softpedia – (International) Tinba banking trojan checks for sandbox before launching. Security researchers from F-Secure discovered a new variant of the Tiny Banker (Tinba) trojan, which checks for mouse movement and the active window a user is working on to ensure that it is executed on a real machine and not a sandbox before running its malicious routines. The trojan also queries the number of cylinders available to the system’s storage device to determine if it is a virtual machine. Source May... read more.

• May 08, 2015

By Nancy Rand, Posted in Uncategorized

May 5, Help Net Security – (International) New AlphaCrypt ransomware delivered via Angler EK. Security researchers at Webroot and Rackspace discovered and determined that a new form of ransomware resembling TeslaCrypt and CryptoWall, dubbed AlphaCrypt, is being delivered via the Angler exploit kit (EK). Researchers stated that it differs from other ransomware variants by deleting volume snapshot services (VSS) and executing quietly in background processes to avoid detection. Source May 5, Help Net Securi... read more.

• May 06, 2015

By Nancy Rand, Posted in Uncategorized

May 4, Securityweek – (International) PayPal fixes remote code execution flaw in Partner Program website. PayPal fixed a vulnerability discovered by Vulnerability Lab researchers in its Partner Program Web site which would allow an attacker to leverage a bug in the site’s Java Debug Wire Protocol (JDWP) service to remotely execute server-side commands with root privileges. Source May 1, Threatpost – (International) Mozilla moving toward full HTTPS enforcement in Firefox. The Mozilla Foundation reported t... read more.

• May 06, 2015

By Nancy Rand, Posted in Security

May 1, Securityweek – (International) Security bug in ICANN portals exploited to access user data. The Internet Corporation for Assigned Names and Numbers (ICANN) released April 30 initial findings from an investigation revealing that a vulnerability in two of the organizations generic top-level domain (gTLD) portals had resulted in the exposure of 330 advanced search result records pertaining to 96 applicants and 21 registry operators since April 2013. The organization plans to contact both the affected us... read more.

• May 04, 2015

By Nancy Rand, Posted in Uncategorized

April 30, Help Net Security – (International) Barracuda fixes critical MITM flaws in its Web filter. Barracuda Networks issued a security update patching two critical flaws in the firmware of its Web Filter appliances in which an attacker could perform man-in-the-middle (MitM) attacks due to vulnerabilities in certificate verification when performing secure socket layer (SSL) inspection and the use of default certificates for multiple machines. Source April 29, Securityweek – (International) Bartalex mal... read more.

• May 01, 2015

By Nancy Rand, Posted in Security

April 29, Securityweek – (International) InFocus projectors plagued by authentication flaws: Core Security. Security researchers at Core Security identified an authentication bypass vulnerability in InFocus network-connected projectors in which an unauthenticated user could bypass the login page and access the projector’s Web interface as an administrator by navigating to the “main.html” page. Once logged in, the unauthenticated user would have the ability to access and modify private network and WiFi confi... read more.

• April 30, 2015