Lucian Constantin – Page 29

Adobe Releases Critical Security Patches for 9 Products

Posted on November 14, 2017 by Lucian Constantin

Adobe Systems has released security patches for nine of its products to fix 86 vulnerabilities, the majority of which are rated as critical and important. In addition to Flash Player, Reader and Acrobat, which are the usual recipients of Adobe’s security patches, the company has updated Photoshop CC, Adobe Connect, Adobe DNG Converter, InDesign, Digital..

The post Adobe Releases Critical Security Patches for 9 Products appeared first on Security Boulevard.

Continue reading Adobe Releases Critical Security Patches for 9 Products→

Quarantine Flaw in Antivirus Products Allows Privilege Escalation

Posted on November 13, 2017 by Lucian Constantin

The malware quarantine feature in several antivirus products could have been abused by local attackers to gain administrative privileges on computers. The issue, dubbed AVGater, was discovered by Florian Bogner, a researcher with security firm Kapsch. It exploits a user’s ability to restore suspicious files that antivirus programs have moved to quarantine. Bogner found a..

The post Quarantine Flaw in Antivirus Products Allows Privilege Escalation appeared first on Security Boulevard.

Continue reading Quarantine Flaw in Antivirus Products Allows Privilege Escalation→

Fancy Bear Adopts New DDE Attack Against Microsoft Office

Posted on November 9, 2017 by Lucian Constantin

Russian cyberespionage group Fancy Bear is using a recently publicized technique that abuses a legitimate Microsoft Office feature to create documents that can install malware. For the past several years the most common method of embedding malicious co… Continue reading Fancy Bear Adopts New DDE Attack Against Microsoft Office→

Sowbug Cyberespionage Group Hits South America, South Asia

Posted on November 7, 2017 by Lucian Constantin

Security researchers have identified a cyberespionage group that has been stealing data from policy and diplomatic organizations in South America and South Asia since at least 2015. “While cyberespionage attacks are often seen against targets in the U.S., Europe, and Asia, it is much less common to see South American countries targeted,” researchers from Symantec..

The post Sowbug Cyberespionage Group Hits South America, South Asia appeared first on Security Boulevard.

Continue reading Sowbug Cyberespionage Group Hits South America, South Asia→

Fake WhatsApp on Google Play Shows How Easy Users Can Be Tricked

Posted on November 6, 2017 by Lucian Constantin

Google removed a rogue version of the WhatsApp Messenger application from Google Play that had been installed by more than 1 million people. A subsequent search by users and researchers revealed that it was one of many similar fake apps hosted on the a… Continue reading Fake WhatsApp on Google Play Shows How Easy Users Can Be Tricked→

Fancy Bear Cyberspies Hide Phishing Pages Behind Blogspot Links

Posted on November 3, 2017 by Lucian Constantin

Security researchers have identified a new phishing campaign launched by Russian cyberespionage group Fancy Bear that uses rogue blogspot.com URLs to bypass spam filters. These latest attacks were aimed at Bellingcat, a group of volunteers who perform … Continue reading Fancy Bear Cyberspies Hide Phishing Pages Behind Blogspot Links→

New Trojan ‘Silence’ Uses Stealth to Attack Banks

Posted on November 2, 2017 by Lucian Constantin

Security researchers have discovered a new attack against financial organizations, in which hackers break into their infrastructure and stay lurking for months to learn their internal procedures before starting to steal money. Because of the extended period of time when attackers monitor and learn the behavior of their victims, researchers have dubbed the Trojan program..

The post New Trojan ‘Silence’ Uses Stealth to Attack Banks appeared first on Security Boulevard.

Continue reading New Trojan ‘Silence’ Uses Stealth to Attack Banks→

Update Your WordPress Website Now, Researcher Warns

Posted on November 2, 2017 by Lucian Constantin

WordPress version 4.8.3, released Oct. 31, fixes a serious security issue that could result in SQL injection attacks. Details about the vulnerability are now public, so attacks could soon follow. “If you haven’t updated yet, stop right now and update,” Anthony Ferrara, VP of engineering at Lingo Live and the researcher who identified the flaw..

The post Update Your WordPress Website Now, Researcher Warns appeared first on Security Boulevard.

Continue reading Update Your WordPress Website Now, Researcher Warns→

Oracle Provides Workaround for Critical Flaw in Identity Manager

Posted on October 30, 2017 by Lucian Constantin

Oracle has warned customers about a critical vulnerability in the Oracle Identity Manager (OIM) that could allow an attacker to gain complete control over the user management system. OIM is part of Oracle’s Fusion Middleware suite of business applications and provides user provisioning and management. Companies use this application to add new accounts for employees..

The post Oracle Provides Workaround for Critical Flaw in Identity Manager appeared first on Security Boulevard.

Continue reading Oracle Provides Workaround for Critical Flaw in Identity Manager→

IoT Reaper Botnet Is Much Smaller Than Initially Believed

Posted on October 27, 2017 by Lucian Constantin

Security researchers warned last week that attackers are building a massive botnet of more than a million routers and wireless cameras. However, additional research has revealed that the number of devices actually enslaved by the botnet is only around 20,000, for now. “Over a million organizations have already been affected worldwide, including [in] the U.S.,..

The post IoT Reaper Botnet Is Much Smaller Than Initially Believed appeared first on Security Boulevard.

Continue reading IoT Reaper Botnet Is Much Smaller Than Initially Believed→