WordPress Newsletter plugin versions 2.6.x and 2.5.x suffer from an open redirect vulnerability.
Monthly Archives: March 2015
WordPress Max Banner Ads 1.9 Cross Site Scripting
WordPress Max Banner Ads plugin versions 1.09 through 1.9 suffer from a cross site scripting vulnerability.
WordPress Ya'aburnee / Dignitas Privilege Escalation
WordPress Ya’aburnee theme version 1.0.7 and Dignitas theme 1.1.9 suffer from a privilege escalation vulnerability.
WordPress Contact Form DB 2.8.29 Cross Site Request Forgery
WordPress Contact Form DB plugin version 2.8.29 suffers from a cross site request forgery vulnerability.
[ MDVSA-2015:055 ] freetype2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:055 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : freetype2 Date : March 4, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated freetype2 packages fix security vulnerabilities: The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font (CVE-2014-9656). The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial
[ MDVSA-2015:054 ] bind
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:054 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : bind Date : March 4, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated bind packages fix security vulnerability: Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator's part, or due to interference with network traffic by an attacker. This issue affects configurations with the directives "dnssec-lookaside auto;" (as enabled in the Mageia default configuration) or "dnssec-validation auto;" (CVE-2015-1349). _________________________________________________________
Gary Kovacs’ Keynote Speech at Mobile World Congress
In the address, Gary outlined AVG’s vision of a safer Internet for everyone. To achieve that, we must understand how digital technology, especially mobile, has impacted the ideas of identity and privacy.
The modern Internet has given rise to an economy based on collecting and monetizing user information.
As a result, the lives of consumers are more exposed now than ever before in history. Their actions online are being watched, even scrutinized, and not necessarily towards benevolent ends
Consumer data shows that more and more people are demanding trust, actively considering it when they choose whether or not to adopt a technology.
If we want to facilitate further development of technology and digital economy, we need to challenge our thinking again. It’s time for another revolution, a Trust Revolution.
Looking forward to this morning’s keynote “The New Mobile Identity” with @gary_kovacs @taavikotka @bkrunner @VMware @dialoglk. #MWC15
— Wireless Reach (@QCWirelessReach) March 4, 2015
Love that @gary_kovacs starts w/ “the human view,” that with each new tech platform shift, we’re getting “closer to the skin” #MWC15 — marisagallagher (@marisagallagher) March 4, 2015
RT @implausibleblog: @gary_kovacs Speaking on privacy and trust #OnePageChallenge yes please! pic.twitter.com/J4DAZgvVQd #TrustRevolution #MWC15
— AVGFree (@AVGFree) March 4, 2015
#MWC2015 Kovacs said 72% people are unhappy with having to share data with companies. — Judith Bitterli (@JudyatAVG) March 4, 2015
It would take 76 days to read all the privacy policies I’ve signed up to on apps, says AVG’s Gary Kovacs #MWC15. Need to simplify policies— Amdocs (@Amdocs) March 4, 2015
Trust is currency, Gary Kovacs #MWC15 — Hilary McGuinness (@McguiHilary) March 4, 2015
‘Time for a trust revolution: Let’s work together for a simpler digital security for everyone.’ #SAPMWC15 #MWC15 pic.twitter.com/p59VIHw6O8
Robust privacy on apps and services can bring people in, says @gary_kovacs. http://t.co/XqOCuPcHC3 #IBMmobile #MWC15 pic.twitter.com/BJV6rDvxrt
— IBM Mobile (@ibmmobile) March 4, 2015
— Ann Rosenberg (@rosenbergann) March 4, 2015
Thoroughly enjoyed @gary_kovacs‘ excellent #MWC15 keynote on the trust revolution needed for mobile & online data — Richard Gamblin (@RichGx) March 4, 2015
AVG Surpasses 200 Million Users Worldwide
MOBILE WORLD CONGRESS, BARCELONA – March, 4, 2015 – AVG® Technologies N.V. (NYSE: AVG), the online security company™ announced today that it has passed the significant milestone of 200 million active users worldwide including over 100 million on mobile. Over 50 million new customers have joined the AVG family over the last 18 months alone, using one or more of AVG’s consumer and business products for mobile and desktop platforms, including Android, iOS, Windows and Apple Mac.
“This is a very significant milestone for AVG and one that not many companies ever achieve. Not only have we reached the 200 million user mark, but more than half of these users are mobile customers. This highlights the successful evolution our company has made from a PC heritage to a strong mobile future,” said Gary Kovacs, Chief Executive Officer, AVG Technologies. “The last 18 months have been the fastest period of growth in the company’s history and we expect this rate to continue going forward. This also gives us an important and growing base of customers in over 200 countries who trust AVG with their digital safety, and to whom we can offer over time our enhanced services to increase the value and protection we provide.”
AVG announced the all-new version of AVG Zen™ this week during Mobile World Congress, showcasing its wide range of security features including important family safety services, support for industry partner applications and services, and support for the Internet of Things, all from one place.
Kovacs continued, “At AVG, we believe that everyone in the world has the inalienable right to security and privacy online. We are committed to enabling the next three billion people coming on line to explore the Internet with peace of mind and security.”
###
About AVG Technologies (NYSE: AVG)
AVG is the online security company providing simple, integrated software and services to secure devices, data and people. Over 200 million active users and businesses use AVG’s products and services worldwide.
All trademarks are the property of their respective owners.
Contacts:
US
Katie Han
Waggener Edstrom for AVG
+ 1 (212) 551 4807
UK
Samantha Woodman
Waggener Edstrom for AVG
+ 44 (0)20 7632 3840
AVG reaches 200 million active users!
Today I’m proud to announce that AVG now has more than 200 million active users globally.
To put that into perspective, if AVG were a country, it would be the sixth largest behind Brazil.
This is a very significant milestone for AVG and one that not many companies ever achieve. The last 18 months have been the fastest period of growth in the company’s history and we expect this rate to continue.
None of this would be possible without your incredible support.
Thank you and we are looking forward to the next 200 million!
Pentesting Microsoft SQL Server
Whitepaper discussing penetration and security testing against Microsoft SQL Server. Written in Turkish.