A group of Canadian issuing banks have begun a pilot test of an NFC-enabled version of Nymi – a biometric wristband that uses the cardiac rhythm of the wearer to authenticate the user’s identity.
The post Biometric wristband piloted by Canadian bank appeared first on We Live Security.
Release Date: November 5, 2014
Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
Affected Versions: 4.18.0, 4.18.1, 4.18.2 and 4.18.3
Vulnerability Type: XSS
Severity: Low
Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:P/A:N/E:ND/RL:O/RC:C
References: PMASA-2014-11
Related CVE: CVE-2014-7217
Problem Description: Crafted database content can trigger XSS in table search and table structure pages.
Solution: An updated version 4.18.4 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/phpmyadmin/4.18.4/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: The vendor of the phpMyAdmin upstream software credits Ashutosh Dhundhara. Thanks to Andreas Beutel for providing a TYPO3 extension package with an updated phpMyAdmin version.
General advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.
Sadly, the hassle of managing the family technology is only going to get greater. The number of connected devices in our homes is growing rapidly. In 2013, the average home already had more than five connected devices. Homes like mine, with more than 20 devices, are driving this average up with every passing day.
As we start to realize that our families are spending so much time online, it is our responsibility as parents to ensure that they are doing so safely. Then the long to-do list of Internet safety comes into focus.
Our tablet has run out of space? Has my son set his privacy setting correctly on social media accounts? Is the security software on my own phone updated? What can I do to speed up my wife’s laptop?
As our list of devices continues to grow, so too does the to-do list of the family tech wiz.
There must be a simpler way to manage my family’s devices without having to actually track down each device every time I want to do something.
That’s why for 2015, AVG is launching AVG Protection: the one-stop solution to help me keep my family protected across all our devices—no matter how many—wherever we are.
AVG Protection brings together our best security products for all platforms: AVG Internet Security for Windows desktop, laptops and tablets; AVG AntiVirus for Android smartphones and tablets; and AVG AntiVirus for Mac under a single subscription. Add to this AVG PrivacyFix and AVG Cleaner for Mac and Android, which are free, to complete my protection, performance and privacy needs — the solution is a compelling one.
But most importantly, AVG Protection has AVG Zen to tie them all together. AVG Zen allows me to manage all of our devices from one screen, fix issues, scan machines, and enable protection remotely from my PC or my Android device when mobile. And the alerting system lets me know when something needs my attention so I can rest assured my family is safe online. The days of checking up on each of my direct family or my extended family devices one by one are over.
It couldn’t be easier to start protecting your family using AVG Protection, click here to get started.
The CentOS images included in the docker index have been bumped to 20141029. Fixes ===== 1. Updated CentOS-5 image to 5.11 2. Updated CentOS-6 image to 6.6 3. Updated fakesystemd package in CentOS-7 image to include properly provide deps for the lsb-base container. 4. Fixed some broken symlinks in the CentOS-7 container. Additional Information ====================== For detailed information or to see the code differences used in building the images, please see https://github.com/CentOS/sig-cloud-instance-build
Posted by KoreLogic Disclosures on Nov 05
Title: VMWare vmx86.sys Arbitrary Kernel Read
Advisory ID: KL-001-2014-004
Publication Date: 2014.11.04
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-004.txt
1. Vulnerability Details
Affected Vendor: VMWare
Affected Product: Workstation
Affected Version: 10.0.0.40273
Platform: Microsoft Windows XP SP3 x86, Microsoft Windows Server 2003 SP2 x86, Microsoft Windows 7 SP1 x86
CWE…
Posted by MustLive on Nov 05
Hello list!
There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery
vulnerabilities in D-Link DAP-1360 (Wi-Fi Access Point and Router).
————————-
Affected products:
————————-
Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This model
with other firmware versions also must be vulnerable.
D-Link will fix these vulnerabilities in the next version of firmware (will
be released in…
Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or “drilled-down” all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG target.
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
This Metasploit module exploits a post-auth vulnerability found in X7 Chat versions 2.0.0 up to 2.0.5.1. The vulnerable code exists on lib/message.php, which uses preg_replace() function with the /e modifier. This allows a remote authenticated attacker to execute arbitrary PHP code in the remote machine.
Resolved Bugs
1113528 – CVE-2014-4650 python: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs [fedora-all]<br
Fix for CVE-2014-4650: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs.