Adobe released a new version of Reader and Acrobat, patching eight security vulnerabilities in the PDF reader. The patches were delayed a weeks because of issues during regression testing.
Monthly Archives: September 2014
Back-and-Forth With Google Led to Disclosure of Android Browser Flaw
The researcher who originally discovered the same-origin policy bypass in the Android browser said he reported the vulnerability to Google some time ago, but that the company’s Android security team said it was unable to reproduce the issue. Rafay Baloch said he first reported the vulnerability to Google on Aug. 13, informing the company’s Android […]
4 steps to avoid viruses
Protecting your computer is, very often, much easier than you might think. If you follow these four steps to prevent viruses, your computer won’t become infected again.
Take care with Java, Adobe Flash and Acrobat Reader
As we have seen in practically all the PandaLabs reports, these programs are a key target for cyber-criminals. That’s why it’s best to ensure they are always up-to-date or, if you don’t use them, uninstalled.
Viruses and malware can slip past antivirus programs and infect PCs by exploiting programs that haven’t been kept up-to-date.
Take care which programs you install
It is essential to be aware of what you’re installing or running on your computer. Virus creators earn a lot of money from programs or applications which, at first glance, seem harmless but can infect your computer when they are run. That’s why you should:
- Never open messages from unknown sources.
- Avoid non-secure web pages. You can recognize secure pages as the address begins with ‘https://’ and they display a padlock icon.
- Use secure passwords.
- Not provide confidential information via email.
Keep your Windows operating system up-to-date
Malware and viruses exploit security holes in outdated versions of Windows. To prevent this, you must install the latest security patches.
Windows makes this easy for you, so you can enable automatic updates so you don’t have to worry about it.
Use a good antivirus
A good antivirus can do much more than keep your computer virus-free. It can protect your identity and that of your business and can also prevent fraud when you shop online.
Find out what is the best antivirus for your needs from our new 2014 product range.
What’s more, if you have an antivirus with parental control, you can protect your children from danger on the Internet.
The post 4 steps to avoid viruses appeared first on MediaCenter Panda Security.
USB & WiFi Flash Drive 1.3 Code Execution
USB & WiFi Flash Drive version 1.3 suffers from a code execution vulnerability.
WordPress Slideshow Gallery 1.4.6 Shell Upload
WordPress Slideshow Gallery plugin version 1.4.6 shell upload exploit.
Microsoft Security Bulletin Re-Release For September, 2014
This bulletin summary notes that MS14-055 has undergone a major revision increment as of September 15, 2014.
Red Hat Security Advisory 2014-1244-01
Red Hat Security Advisory 2014-1244-01 – The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. It contains a DNS server, a resolver library with routines for applications to use when interfacing with DNS, and tools for verifying that the DNS server is operating correctly. These packages contain version 9.7 of the BIND suite. A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.
Red Hat Security Advisory 2014-1246-01
Red Hat Security Advisory 2014-1246-01 – Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application.
Red Hat Security Advisory 2014-1194-01
Red Hat Security Advisory 2014-1194-01 – The Conga project is a management system for remote workstations. It consists of luci, which is a secure web-based front end, and ricci, which is a secure daemon that dispatches incoming messages to underlying management modules. It was discovered that Plone, included as a part of luci, did not properly protect the administrator interface. A remote attacker could use this flaw to inject a specially crafted Python statement or script into Plone’s restricted Python sandbox that, when the administrator interface was accessed, would be executed with the privileges of that administrator user.
Red Hat Security Advisory 2014-1245-01
Red Hat Security Advisory 2014-1245-01 – Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application.