ManageEngine OpManager, Social IT Plus, and IT360 suffer from remote code execution via upload and arbitrary file deletion vulnerabilities.
Monthly Archives: September 2014
[ MDVA-2014:016 ] java-1.7.0-openjdk
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Advisory MDVA-2014:016 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : java-1.7.0-openjdk Date : September 29, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated java-1.7.0-openjdk packages fix an upstream regression: This update provides IcedTea 2.5.2, which fixes several bugs, most notably regressions in the previous release which broke Groovy and several other Java tools and applications. _______________________________________________________________________ References: http://blog.fuseyism.com/index.php/2014/09/02/icedtea-2-5-2-released-back-in-the-groovy/ http://advisories.mageia.org/MGAA-2014-0172.html _____________________________________________
[ MDVSA-2014:191 ] perl-XML-DT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:191 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : perl-XML-DT Date : September 29, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated perl-XML-DT package fixes security vulnerability: The mkxmltype and mkdtskel scripts provided in perl-XML-DT allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file (CVE-2014-5260). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5260 http://advisories.mageia.org/MGASA-2014-0390.html _______________________________________________________________________ Updated P
How George Clooney made sure phone hackers didn’t ruin his wedding
Newly weds George Clooney and Amal Alamuddin supplied guests with “burner phones” to prevent photographs from falling into the hands of hackers and the tabloid press.
The post How George Clooney made sure phone hackers didn’t ruin his wedding appeared first on We Live Security.
How George Clooney made sure phone hackers didn’t ruin his wedding
Newly weds George Clooney and Amal Alamuddin supplied guests with “burner phones” to prevent photographs from falling into the hands of hackers and the tabloid press.
The post How George Clooney made sure phone hackers didn’t ruin his wedding appeared first on We Live Security.
AllMyGuests 0.4.1 XSS / SQL Injection / Insecure Cookie Handling
AllMyGuests version 0.4.1 suffers from bypass via malformed cookies, remote SQL injection, and cross site scripting vulnerabilities.
CloudFlare Rolls Out Free SSL
In a move that will essentially double the number of SSL-protected sites on the Web in the space of 24 hours, CloudFlare on Monday said that it was enabling SSL for all of its more than two million customers for free. The new service is called Universal SSL, and the company is making it available […]
The Craigslist scams
Craigslist is a website hosting classified ads for jobs, houses, cars… To give you an idea, there are around 10 million new Craigslist ads every month.
As sometimes happens with these kinds of pages, Craigslist has become a hunting ground for fraudsters trying to scam the people who read these ads.
In fact, there’s even an “Avoid scams & fraud†section on the website offering advice on how to improve security in transactions.Â
How to recognize scams on Craigslist
- If the reply sent by the person you have contacted comes from another country, be wary.
- They often ask for payment via platforms such as Western Union or Money Gram or a check or money order as surety on the transaction.
- The other party can’t meet you in person to make the transaction.
- There is a ‘third-party’ who will make the transaction.
Example of fraud on Craigslist
- Companies offering work but who ask for an advance payment from the employee.
- Rental of apartments that don’t exist.
- Sale of cars that ask for payment in advance without you having seen the vehicle.
Tips for avoiding fraud on Craigslist
- Read the ad carefully.
- Don’t buy or rent anything without having physically seen it.
- Take payment in cash. PayPal is also a secure way of receiving payment. Don’t accept checks or money orders.
- Don’t give any type of personal or financial information.
- Be wary of incredible bargains. If you find a low-priced apartment in an up-market area, it’s probably a scam.
- Have a good look at photos. Many scams include photos of things that look too good for the asking price.
We know that criminals are becoming increasingly devious in disguising their scams, so, with your Internet security in mind, please take great care when buying online.
Have you ever fallen victim to a similar scam?
The post The Craigslist scams appeared first on MediaCenter Panda Security.