Emergency vBulletin patch fixes dangerous SQL injection vulnerability

	Juniper boosts DDoS Secure appliance to mitigate UDP-based amplification attacks | Wave of 100Gbps 'mega' DDoS attacks hits record level in 2014
	Network World Security				Forward this to a Friend >>>
	Emergency vBulletin patch fixes dangerous SQL injection vulnerability Developers of the popular vBulletin Internet forum software have issued emergency patches Wednesday in order to fix a SQL injection vulnerability that could allow attackers to read and manipulate information stored in the databases of vBulletin-based sites.Code patches that need to be applied manually were released for versions 5.0.4, 5.0.5, 5.1.0, 5.1.1 and 5.1.2 of vBulletin and can be downloaded by registered customers. The vulnerability only affects vBulletin 5—officially known as vBulletin 5 Connect—and not vBulletin 4.“The issue may allow attackers to perform SQL injection attacks on your database,” said Wayne Luke, the vBulletin technical support lead, in an announcement on the official support forum. “It is recommended that all users update as soon as possible.”To read this article in full or to leave a comment, please click here Read More WHITE PAPER: McAfee The Only Next Gen Firewall to Stop AETs The risk of network security systems being compromised by AETs continues to grow as more and more cybercriminals actively exploit this vulnerability. The answer is to combine stream-based inspection with data normalization on multiple protocol layers. The risk of network security systems being compromised by AETs continues to grow as more and more cybercriminals actively exploit this vulnerability. The answer is to combine stream-based inspection with data normalization In this Issue Juniper boosts DDoS Secure appliance to mitigate UDP-based amplification attacks Wave of 100Gbps 'mega' DDoS attacks hits record level in 2014 Vulnerability exposes some Cisco home wireless devices to hacking Chaos Computer Club bolsters NSA spying complaint with Tor snooping evidence Survey: Corporate security thwarted by dialog failure between IT dept. and management : KnowBe4 Why Security Awareness Training? Ransomware, That's Why... Since September 2013, several ransomware strains are attacking end-users. You cannot just rely on your filters, you also have to train your end-users. Get a Quote for your organization now and your users trained ASAP. If your files get encrypted due to human error after your user steps through our training, KnowBe4 will pay the crypto-ransom. Learn more >> Juniper boosts DDoS Secure appliance to mitigate UDP-based amplification attacks Juniper Networks has added a new way for its anti-DDoS appliance to mitigate what’s known as massive UDP-based amplification attacks that typically work by exploiting compromised servers of different kinds to both spoof and vastly increase the denial-of-service barrage.One type of such attack that has been on the rise this year is the Network Time Protocol (NTP) amplification attack that works when the attacker exploits vulnerable and unpatched NTP servers to overwhelm the victim’s system with UDP traffic. The size and scale of these UDP-based DDoS attacks is now reaching 300G/bit sec and more, making it hard to simply backhaul traffic, says Paul Scanlon, director of product management at Juniper Networks.To read this article in full or to leave a comment, please click here Read More WHITE PAPER: PrinterLogic Printer Installer: Eliminating Print Servers Printer Installer is an on-premise web application that enables you to centrally manage and deploy Windows shared or direct iP printers. Learn More Wave of 100Gbps 'mega' DDoS attacks hits record level in 2014 Huge DDoS attacks are becoming a regular occurrence with over 100 incidents breaching the psychological 100Gbps barrier that used to be seen as signifying trouble, new figures from Arbor Networks have confirmed.Arbor's numbers drawn from its Atlas monitoring of traffic through 290 global ISPs show a consistent upward trend on such volumetric attacks at every point on the scale in the last year, with a doubling in the number of attacks over 20Gbps compared to 2013.But super-massive 100Gbps attacks soared to 111 for the first half of 2014, mostly concentrated in Q1 which accounted for 72 on its own. As it happens, the largest attack in Q2 specifically was a 154Gbps NTP amplification assault on a Spanish data centre, which looks small compared to the 325Gbps monster that struck CloudFlare in February.To read this article in full or to leave a comment, please click here Read More WHITE PAPER: Juniper Networks Security in the Next-Generation Data Center This white paper examines these trends, and it reveals the key capabilities that today's security teams require to effectively ensure that vital corporate assets remain secure, while at the same time optimizing access, cost, and administrative efficiency. View Now Vulnerability exposes some Cisco home wireless devices to hacking Nine of Cisco’s home and small office cable modems with router and wireless access point functionality need software updates to fix a critical vulnerability that could allow remote attackers to completely compromise them.The company has shared the software updates with service providers, so users who obtained the affected equipment from their ISPs or other Cisco resellers should contact those organizations.The vulnerability is a buffer overflow that results from incorrect validation of input in HTTP requests. If left unpatched, it allows remote, unauthenticated attackers to inject commands and execute arbitrary code with elevated privileges.To read this article in full or to leave a comment, please click here Read More Chaos Computer Club bolsters NSA spying complaint with Tor snooping evidence The German Chaos Computer Club said Wednesday that it has added to its legal complaint about U.S. spying on German citizens evidence that the NSA allegedly snooped on at least one of its Tor servers.The CCC filed a complaint with Germany’s federal prosecutor, Harald Range, in February, demanding an investigation into the German government’s alleged involvement in the U.S. National Security Agency’s mass surveillance of German citizens.However, while Range started an investigation into the alleged tapping of Merkel’s phone by the NSA in June, he said there wasn’t enough evidence to start a similar investigation into the widely reported mass surveillance of German citizens.To read this article in full or to leave a comment, please click here Read More Survey: Corporate security thwarted by dialog failure between IT dept. and management So talk to me!That ‘s what security professionals should be doing with business management executives, but the problem is, it isn’t really happening, according to a Ponemon Institute survey of over 4,800 IT and security practitioners in companies around the world who were asked how often discussions about security risks actually occurred. According to this study, about a third of those surveyed said they never speak to business management executives unless contacted, and about a quarter said formal discussions about security risk happen only once annually.One consequence of this disconnect in formal communication is that executive management often remains uninformed about the nature of security threats confronting the organization and IT security teams struggle to get what they deem to be adequate budgets.  To read this article in full or to leave a comment, please click here Read More
	SLIDESHOWS Worst data breaches of 2014…So far We identified the worst of these for the first quarter of the year, and now we show you the worst for April though June. JOIN THE NETWORK WORLD COMMUNITIES As network pros you understand that the value of connections increase as the number of connections increase, the so called network effect, and no where is this more evident than in professional relationships. Join Network World's LinkedIn and Facebook communities to share ideas, post questions, see what your peers are working on and scout out job applicants (or maybe find your next opportunity). Network World on Facebook Network World on LinkedIn MOST-READ STORIES 1. Cisco customers are brutally consolidating too 2. Microsoft to lay off 18,000 in next year 3. 10 Web Services That Make Your Life Easier 4. Say goodbye to desktop phones 5. 17 obscure Windows tools and tricks too powerful to overlook 6. Microsoft may announce its biggest layoffs ever on Thursday 7. Y2K bug resurfaces and sends draft notices to 14,000 men born in the 1800s 8. Ubuntu 14.04: Is Canonical taking on too much 9. 10 disturbing attacks at Black Hat USA 2014 10. Microsoft researchers: Re-use the same password across sites likely to be hacked
	Do You Tweet? Follow everything from NetworkWorld.com on Twitter @NetworkWorld. You are currently subscribed to networkworld_security_alert as security.world@gmail.com. Unsubscribe from this newsletter | Manage your subscriptions | Subscribe | Privacy Policy When accessing content promoted in this email, you are providing consent for your information to be shared with the sponsors of the content. Please see our Privacy Policy for more information. If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com To contact Network World, please send an e-mail to customer_service@nww.com. Copyright (C) 2014 Network World, 492 Old Connecticut Path, Framingham MA 01701 ** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **