Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before 7.6.1-06, and HP XP7 Global Link Manager Software (aka HGLM) 6.x through 8.x before 8.1.2-00, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Monthly Archives: March 2015
CVE-2014-9283 (captcha)
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.
CVE-2014-9683 (linux_kernel)
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.
CVE-2015-0890 (google_captcha)
The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.
Hillary Clinton used personal email for government business, putting security at risk
Hillary Clinton might be in hot water after it is revealed that she never had an official email account, but was instead using a personal one. That’s potentially a breach of federal law, but it’s definitely a security risk.
The post Hillary Clinton used personal email for government business, putting security at risk appeared first on We Live Security.
The phishy side of text messaging
Email is still a massive form of electronic communication, but the trend towards text messages and text messaging apps can’t be ignored. Younger generations in particular are ditching email in favor of these kinds of solutions. And you better believe that the hackers are aware of this trend, too.
When we focus on text messages in particular, you’ve probably noticed that companies are starting to utilize text messaging as a way to communicate with you. If you haven’t received text messages from outside companies yet, then you’ve probably at least received them from your mobile carrier for alerts about billing, bandwidth usage, and so on.
The unique thing about these messages is that they’re so simple. They usually come from a short number, they’re only a few lines long, and sometimes they include a link. This is a format that we’ve come to expect from text messages of this sort, but it’s a dream come true for hackers.
Just think about how hard hackers have had to work to send believable phishing messages through email that contain images and formatting that seem like the real thing. Many computer users have been trained to identify a fake email message, but all of that training goes out the window when it comes to text messages. Since the format and expectations are so different, people who don’t fall for phishing over email could fall for it through text messaging.
This is especially dangerous because it can be incredibly easy for a hacker to compose a text message for phishing. A recent article from CNNMoney showed how AT&T text messages in particular can be faked without much trouble. Hopefully more people will be trained to think twice about believing every text message, but until then…
It’s open season for hackers and text messaging
.
The post The phishy side of text messaging appeared first on Avira Blog.
From Nottingham to Barcelona in 17 Years
In my talk I spoke about how, 17 years ago, I started as a shop owner in Nottingham selling software and networking tools to small businesses. All those years later, I am General Manager of AVG Business and presenting at the world’s leading mobile show.
Of course, things have changed rapidly in this period, but one thing remains the same – my vision, which is the same as the AVG Business vision, namely to help businesspeople do what they do best – run their businesses.
Back in my Nottingham days, security meant four walls and a locked door. However, we all know that this has changed. Phenomena such as Bring Your Own Device and the so-called Consumerization of IT have changed everything.
Cloud apps and services made this happen. Businesspeople expect the connectivity and flexibility that the cloud delivers. In turn, cloud brings about security challenges. Staff handle business-critical and confidential data on an increasing number of devices, both company provided and their own. My old-fashioned four walls and a locked door no longer applies. How can this connectivity and flexibility be controlled and secured?
I said on stage that Bring Your Own Device (BYOD) is no longer a debate – it’s a responsibility. We are now at the point where BYOD has become “YOD.” Thanks to cloud computing, staff no longer need to bring devices into an office in order to access business data. The workplace is now everywhere, we live in an age of business without walls. Telling staff not to use their own smartphone for work purposes is not an option. Digital natives demand it.
Cloud is here, but it has made control and security harder – business owners are demanding solutions from their IT partners and providers, and this is where we come in.
I was delighted to be joined on stage by Shreyas Sadalgi, SVP Business Development at Centrify, market leader in Single Sign On technology. Together we unveiled a simple, affordable way for small businesses to help keep company confidential data safe, private and within their control even when shared with employee-owned mobile devices (such as smartphones and tablets) and externally hosted cloud services.
We’re making it simple for businesses. Through Secure Sign On, a new employee can have access to any of their employer’s apps through any device. When an employee leaves, access is removed very quickly. This simple solution solves the YOD question and puts control and security back in the hands of the business, as quickly as physically taking a key and locking a door.
It’s amazing how far you can go in 17 years!
Why IoT should stand for “Illusion of Trustâ€
Our always on, always connected world has fundamentally changed how businesses operate. Communicating with customers and employees will never be the same again.
Cloud solutions bring many benefits by making things easier for businesses, and it’s happening whether we like it or not.
But many businesses trust the cloud blindly without proper consideration for the challenges and deeper issues at hand.
The added convenience of cloud applications also comes with a potential downside, such as potential security threats and surrender of control.
Many people are familiar with the acronym “IoT”, and we understand it to mean the Internet of Things. This is a catch-all term for our world of cloud based information and smart connected devices.
I believe there’s another meaning for these three letters – “Illusion of Trust”.
I call it the Illusion of Trust because business owners don’t realise that cloud security is an issue.
The reality is that, through their T’s and C’s, cloud providers are limiting their responsibility for the data they create and manage. This means that interruptions to service or changes of policy can leave businesses in trouble. As we hand the control, we need to consider the trust – just as we do we with employees.
No so long ago, Facebook experienced a software flaw due to a seemingly simple error that cascaded into a much larger problem causing an major outage that lasted five hours.
I personally know a number of businesses impacted by this outage. It was unplanned, unscheduled and hugely inconvenient for the many thousands that rely on Facebook as a business tool.
Businesses around the globe trust Facebook to deliver – all the time. The same goes for other cloud-based services that millions of businesses rely on.
The following line is from the terms and conditions of a well-known cloud storage provider:
“We may add or remove functionalities or features, and we may suspend or stop a Service altogether”.
These T’s and C’s are not unusual. There are thousands of providers out there and many do not take any responsibility for losing data, for changing or suspending service, or for any outages that may occur.
Traditionally, if your employees suddenly decided to take five unscheduled hours off you’d be able to take action, wouldn’t you? This is within your control.
But when you adopt cloud solutions, you forgo that control in return for added convenience and cost efficiencies.
Businesses are still too eager to hand over their vital services and data to cloud providers. They are placing blind trust in a system that is not entirely reliable. Instead, I believe that cloud providers should have to win the trust of businesses before they take control over important business elements.
After all, who we trust with our data and our livelihood is now one of the most important business decisions we can make as businesspeople.
I hope, over the next few years, that we witness an evolution in cloud services that focuses on transparency, flexibility and reliability.
Trust is something that should be earned and not granted unconditionally at the onset.
10 tips for protecting your virtual Bitcoin wallet
There have been some high-profile Bitcoin thefts recently. Here are 10 tips on protecting your virtual bitcoin wallet.
The post 10 tips for protecting your virtual Bitcoin wallet appeared first on We Live Security.
BEdita CMS 3.5.1 Cross Site Scripting
BEdita CMS version 3.5.1 suffers from a cross site scripting vulnerability.