Vulnerabilities

Issued by: CIO Security

Java and Python FTP attacks can punch holes through firewalls

The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks. On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.

Network Security

Issued by: CIO Security

Cisco deepens enterprise network virtualization, security detection of DNA suite

Cisco today announced a variety of hardware, software and services designed to increase network virtualization and bolster security for campus, branch office and cloud customers. The products, which include a Network Functions Virtualization branch office device and improved security network segmentation software, fall under Cisco’s overarching Digital Network Architecture plan. DNA offers integrated networking software—virtualization,…

Software Security

Issued by: Dark Reading

Preparing Security For Windows 7 End-Of-Life Support

Moving to Microsoft’s latest OS may give you flashbacks to when XP support ended. Last month, Microsoft announced it will end support for Windows 7 in 2020, giving customers three years to upgrade their systems to Windows 10. In the short term, computers running Windows 7 will still work, and Microsoft will still share security…

Vulnerabilities

Issued by: Security Week

Microsoft Releases Security Update for Flash Player Libraries

While most of this month’s security updates have been postponed to March 14, Microsoft has decided to release one bulletin to address the Flash Player vulnerabilities fixed by Adobe on Patch Tuesday. The critical bulletin, MS17-005, resolves 13 vulnerabilities in the Flash Player libraries used by Internet Explorer 10, Internet Explorer 11 and Edge.

Vulnerabilities

Issued by: Security Week

Google Discloses Unpatched Windows GDI Vulnerability

An unpatched vulnerability affecting the Windows Graphics Device Interface (Windows GDI) was publicly disclosed last week after Microsoft failed to address it within 90 days after being notified. The issue was disclosed by Mateusz Jurczyk, an engineer with Google’s Project Zero team, who initially discovered it along with other bugs in the user-mode Windows GDI…

Malware & Threats

Issued by: Security Week

Bug Allowed Theft of Over $400,000 in Zcoins

An implementation bug has allowed someone to make a profit of more than $400,000 after creating roughly 370,000 units of the Zcoin cryptocurrency, users were told on Friday. Zcoin (XZC), worth approximately $2 per unit, is an implementation of the Zerocoin protocol, which aims to provide fully anonymous currency transactions. Zerocoin has also been used…

Application Security

Issued by: Security Week

Trojan Downloader Masquerades as Defunct Flash Player for Android

A recently observed malware downloader targeting Android users is masquerading as an update for Adobe Flash Player, ESET researchers warn. Although the Flash Player for Android was discontinued nearly half a decade ago, cybercriminals are still abusing it to trick unsuspecting users into downloading and installing their malicious programs. As always, the attackers rely on…

Network Security

Issued by: Linux Blog

Facebook manifesto redacted to omit plans for AI to monitor private messages

An earlier version of Mark Zuckerberg’s 6,000-word manifesto for Facebook revealed his belief that artificial intelligence could one day be used to monitor private messages for terrorists scheming an attack. The text eventually published by Zuckerberg on Thursday did detail how Facebook is using AI today to flag terrorist propaganda in public posts. However, as…

Network Security

Issued by: CSO

RSA 2017: what are you trying to solve?

This year at the RSA Security Conference some 40,000 people packed the halls of the Moscone center in search of solutions (and light up swords) to solve their problems. Whatever the issue, they were looking for a salve to sooth their wounds in a manner of speaking. For all of the vendors hawking their wares there…