Cross-site scripting (XSS) vulnerability in Easy File Sharing Web Server 6.8 allows remote attackers to inject arbitrary web script or HTML via the username field during registration, which is not properly handled by forum.ghp.
Monthly Archives: January 2015
CVE-2014-9440
SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2014-9441
Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) ll__opt[image2_url] or (3) ll__opt[image3_url] parameter in a ll_save_settings action to wp-admin/admin-ajax.php.
CVE-2014-9442
SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php.
CVE-2014-9443
Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
We like the ‘Oversharing on social media’ message aired during Sugar Bowl
In last night’s broadcast of the Sugar Bowl, a showdown of two power-house college football teams in the USA, Allstate Insurance, aired a series of brilliant commercials about the risk of over-sharing on social networks. The social media team at Avast has been preaching this message for a while now, so we were happy to see this clever series of advertisements.
The ads are about a couple who shared on social networks that they were away from their house, actually attending the game. Allstate’s “Mayhem” character took advantage of this knowledge and broke into their unoccupied house, and proceeded to have a “MayhemSale” of all their possessions. “Buy Matt & Shannon’s stuff now at MayhemSale.com,” he announced, then soon after took to Twitter to sell off items one-by-one. I immediately visited the website, but apparently there were so many other interested people, that it kept crashing.
Saw couple posting from tonight’s game. Figured I’d break into their house / sell all their stuff. #MayhemSale http://t.co/FKHiRjz68S
— Mayhem (@Mayhem) January 2, 2015
Burglars can easily search Facebook or Twitter for targeted keywords or see who has checked into airport lounges on Foursquare. According to FBI statistics, summertime is the most active for burglaries and oversharing can tip off thieves to your absence. Homeowners should be extra vigilant about protecting their goods.
Our advice – be extremely cautious what you share on social media, and wait until after you are back to share your vacation pictures.
Cyber Security Professionals Predict Their Biggest Concerns For 2015 – Forbes
Cyberthieves Will Target Apple Pay, ATMs And Banks In 2015 – PYMNTS
Smartphones: Hackers’ Target for 2015 – CNBC
Tools to change and remember your passwords, this will help you!
Every time you sign up to a Web service, social networking site or online platform you face the same problem: What password should I use? Your passwords should be easy to remember but strong at the same time. And not only that, sometimes you are even requested to mix upper and lower case letters, numbers, or even non-alphanumeric characters (punctuation) to make your password harder to guess by an attacker.
In fact, all these requests aim at forcing users to use a character combination strong enough to prevent it from being cracked by a hacker. However, users frequently prefer the convenience of using the same password for everything (with some variations depending on whether they need numbers or letters), which poses an important security risk.
First, avoid using passwords that are easy to figure out. It is true that memorizing more complex passwords can be more difficult, but it obviously can be done.
Better still, you don’t even need to do that! There are many applications out there that can give you a hand with managing your passwords.
That’s the case of Dashlane, a free app available for PC, Android and iOS that allows users to check the security of their passwords and store them in one place.
This way it is the app that remembers all passwords for you, while you only have to remember the master password that enables you to use Dashlane and its password repository.
Another excellent option, apart from memorizing all of your passwords or managing them through apps such as Dashlane, is to opt for the greater security level provided by suites such as Panda Global Protection 2015 or Panda Gold Protection 2015, which include a password manager that enables you to access all the Web services that you use by just remembering one master password. Additionally, both security suites increase computer protection with features such as file encryption and PC tuneup.
In any event, there are other aspects that must be taken into consideration when creating a password. Most of them are just common sense. Never write down passwords on a piece of paper; don’t use the same password over and over again; and don’t use passwords that are easy to guess, like your date of birth or your kid’s or pet’s names. Also, it is essential that you change your passwords regularly.
Why so much fuss about passwords? Well, it wouldn’t be the first time that the leak of data belonging to millions of user accounts compromises the security of popular services such as Gmail or Dropbox, for example. So, if you don’t want to be the victim of identity and data theft, we strongly recommend that you take the appropriate security measures and manage all your passwords as effectively as possible. As the saying goes, better safe than sorry!
The post Tools to change and remember your passwords, this will help you! appeared first on MediaCenter Panda Security.