Blog

By Nancy Rand, Posted in Security

March 13, Softpedia – (International) Google leaks Whois data for over 282,000 protected domains. Cisco Systems’ Talos researchers reported to Google that private information such as names, physical and email addresses, and phone numbers belonging to 282,867 domains registered through Google Apps’ registrar, eNom, were leaked for nearly two years due to a software defect that did not extend the company’s unlisted registration service, potentially exposing them to spam, spear-phishing attacks, or identity th... read more.

• March 16, 2015

By Nancy Rand, Posted in Security

March 12, Help Net Security – (International) 2,400 unsafe mobile apps found in average large enterprise. Veracode researchers found that hundreds of thousands of mobile applications installed in corporate environments across multiple industries revealed the average global enterprise contains approximately 2,400 unsafe applications in its mobile environment, including apps that expose sensitive data, perform suspicious security actions, or retrieve or share personal information about users. Source March... read more.

• March 13, 2015

By Nancy Rand, Posted in Security

March 10, Softpedia – (International) Exploit code published for Elasticsearch remote code execution flaw. Security researchers at Xiphos Research created an exploit for a glitch in Elasticsearch versions earlier than 1.3.8 and 1.4.3 that allows server-side code execution by passing Groovy code in a search query and executing it in the sandbox. The glitch was patched in updates released February 11. Source March 10, Threatpost – (International) Yahoo patches critical eCommerce, small business vulnerabili... read more.

• March 11, 2015

By Nancy Rand, Posted in Security

March 9, Securityweek – (International) Email spoofing flaw found in Google Admin console. Security researchers identified a security flaw in the Google Apps Admin console that could have been exploited to gain temporary ownership of any previously unclaimed domain and used to send malicious emails that would not be flagged as suspicious because they came from trusted servers. Google has addressed the vulnerability. Source March 7, Softpedia – (International) Two arrested in the largest data breach in th... read more.

• March 11, 2015

By Nancy Rand, Posted in Security

March 4, Softpedia – (International) Strong SSL/TLS ciphers downgraded to use weak crypto key in FREAK attack. A security researcher at INRIA and the Microsoft Research Team identified a serious vulnerability in the implementation of secure sockets layer (SSL) and transport layer security (TLS) protocols on Apple and Android devices that can be abused through man-in-the-middle (MitM) attacks that capitalize on abandoned policies to force the use of weak RSA keys, potentially leaving a wide range of governme... read more.

• March 05, 2015

By Nancy Rand, Posted in Security

March 3, Help Net Security – (International) Phishers target victims of iOS device theft. Security researchers at Malwarebytes discovered an elaborate phishing campaign that targets victims of iOS device theft by using spoofed messages and a fake iCloud log-in Web page, which is available in 10 different languages, to steal users’ log-in credentials, enabling the thieves to unlock the stolen devices. Source March 3, Securityweek – (International) Lossy image compression can hide malicious code in PDF fil... read more.

• March 05, 2015

By Hank Smith, Posted in Infrastructure

Citrix announced the release of XenMobile 10 this past January although it was officially available for download in February. XenMobile 10 brings some new features and some much needed enhancements. New Features and Enhancements I will not go over all the new stuff (you can read that here), however I do want to go over the new features and enhancements that I have heard many customers requesting. XenMobile Server – Citrix combined the AppController and XenMobile Device Manager server into a single... read more.

• March 04, 2015

By Nancy Rand, Posted in Security

March 2, Help Net Security – (International) 0-day flaw in Seagate NAS devices endangers thousands. A security researcher discovered that certain firmware versions of Seagate Business Storage 2-Bay NAS devices are susceptible to an easily-exploitable zero-day remote code execution vulnerability due to outdated Web-enabled application management versions of Hypertext Preprocessor (PHP), CodeIgniter, and Lighttpd technologies that contain known security issues. The company is reportedly working on the issue.... read more.

• March 03, 2015

By Nancy Rand, Posted in Security

February 27, Softpedia – (International) Apps bypass Google Play verification and spew tempest of ads. Bitdefender security researchers discovered 10 apps hosted in Google Play that use social engineering to trick users into installing ad-spewing software and relied on deceptive tactics to ensure persistence on users’ devices. None of the apps linked to Web sites hosting malware, allowing the apps to bypass Google Play quality controls. Source February 27, Securityweek – (International) Critical vulnerab... read more.

• March 02, 2015

By Nancy Rand, Posted in Uncategorized

February 26, Securityweek – (International) Lizard Squad hijacks Lenovo website, emails. Lizard Squad hackers hijacked the Lenovo Web site and email servers by using CloudFlare IP addresses to modify DNS records in Lenovo domain registrar accounts and redirect users to defacement pages, and changed mail server records to allow the group to intercept emails sent to Lenovo email addresses. The hijacking mirrored a similar attack that targeted Google Vietnam during the week of February 23. Source February 2... read more.

• February 27, 2015