Monthly Archives: May 2015

Avira

Hackers-For-Hire: It’s This Cheap to Hack Your Account

That’s only partly true. Business Insider released an interesting list that tells you how much it costs to get different accounts hacked. According to the page hacking a generic website is quite expensive when compared to the other options: You’ll have to pay as much as $2000 to get it done. Getting Facebook account access is a lot cheaper with only $350 and the one for Gmail would only cost you $90. One popular hacker apparently even offers to boost Yelp reviews!

Let’s face it. If you know the right search terms you’ll be able to find almost everything. “While it’s well-known that the dark web offers black market marketplaces for things like drugs and firearms, so too are there places where hackers offer up their skills for a fee. These hackers-for-hire offer a wide-ranging menu of services, many of which are likely not legal, “ writes Business Insider, and one of the pages offering some of the services reads: “Hiring a hacker shouldn’t be a difficult process, we believe that finding a trustworthy professional hacker for hire should be a worry free and painless experience.”

Hacking as something for the mass market? Of course – hackers-for-hire would come in handy if you really need to break into your own accounts; but how often does that really happen? While the above site states in their Terms of Use that “you agree to act responsibly in a manner demonstrating the exercise of good judgment. For example and without limitation, you agree not to: violate any applicable law or regulation, infringe the rights of any third party, including, without limitation, intellectual property, privacy, publicity or contractual rights, etc.” one can only wonder how legitimate the requests made are in the end.

If there is one thing we can take from all of this, it’s that account safety should be takes more serious than ever.

The post Hackers-For-Hire: It’s This Cheap to Hack Your Account appeared first on Avira Blog.

Panda Security

Security challenges in the digital era

security

The boom in information technology has led to a transformation which has been increasing in recent years due to the widespread adoption of Internet and mobile devices. Individuals and companies are all are imbued with ‘digital life’, which now defines the way we act, buy, work… the way we live. This reality has also marked a before and after in another sector:  that of information security which is becoming more complex every day.

According to IDC, companies are becoming increasingly aware of the risks in the market – from an infection caused by one of the many existing malwares, now spread to any platform and device, to a persistent advanced threat – and almost 50 percent of the companies in Europe (45 percent to be exact) increased their security budgets in 2014. In fact, Spain is the third country in Europe where more companies have increased their investment in this area, just behind the United Kingdom and Germany. Moreover, according to Gartner, another major IT consultant, the fear of suffering targeted cyber-attacks is what is encouraging 40 percent of the largest companies to make far-reaching plans for 2018 to defend themselves against these risks. Plans which they currently lack and which go far beyond preventive controls such as firewalls, traditional antivirus and vulnerability management, and which follow a more global and integrated control of all security areas.

In this context, the way of buying and selling security has also changed radically. According to independent analysts in the ICT sector, companies no longer sell only security, which is just the necessary lever to sell anything related to technology: cloud, big data, Internet of Things, mobility… Let’s say security has become a ‘building block’ for almost every aspect. In fact, these macrotrends carry the most sophisticated formulas for information security. For example, big data and analytics allow behaviors to be modeled in order to prevent attacks.

More sophisticated and intelligent solutions offered as a service

In general, the market trend is to offer as a service the most sophisticated and intelligent security solutions.  Advanced security services, managed and based on the cloud system, are on the rise. As it is no longer possible to put up walls as in the past, we now have to protect companies from below, from the processor itself to the highest levels. In this new approach security must be seen as a more global concept which includes more aspects from communications to storage, passing through many more elements. The key to this more complex world is, on the one hand, that security is immersed in a complete cloud solution, and on the other, that it includes different capacities in order to provide a more comprehensive service.

The price of being safe

 With this more complex scenario with “the ‘baddies’ becoming increasingly ‘badder’ and smarter”, with the proliferation of more sophisticated attacks with different formats making them more difficult to stop, will companies have to invest more money to be safe? The answer is ‘no’. In fact prices have dropped in recent years, especially since the boom of the cloud based system. What happens is that now companies have to protect themselves against more threats. There is a new range of risks and this is why investments in security are becoming increasingly higher.

Obviously, the investment made by large corporations is still higher than that made by the smaller companies.  But at least, it seems that they are all starting to be aware that an attack can cost them a lot of money and can damage their image.  How they deal with it is another matter, but the awareness is there, and also at the highest level within the companies. Moreover, news about security is one of the few subjects in the IT world which makes the headlines in newspapers around the world. Still, as we said, SMB’s are the most vulnerable.  Unfortunately they are generally the least prepared and the main victims of many attacks.

With the Internet of Things the risks can be limitless

Another major risk looming on the horizon in this new digital scenario derives from the so-called ‘Internet of Things’. Given the growing proliferation of all kinds of sensors and gadgets such as the popular wearables, devices which we will all wear in the near future like watches or smart glasses  (many people already do this), and the unstoppable advance of the smartphone, the risks will constantly increase. The Internet of Things means bringing the digital into the physical world, and this will lead to endless security risks. Undoubtedly, with this trend there are many challenges ahead to overcome, not only with regard to safety, but also privacy, complying with the regulations, etc. Therefore, the Internet of Things makes the current situation even more complex, opening up at the same time interesting business opportunities which we should all exploit to the full.

The post Security challenges in the digital era appeared first on MediaCenter Panda Security.

US-CERT

SB15-131: Vulnerability Summary for the Week of May 04, 2015

Original release date: May 11, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
alienvault — unified_security_management The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg). 2015-05-01 9.3 CVE-2015-3446
CONFIRM
MISC
cisco — unified_computing_system_central_software Cisco UCS Central Software 1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. 2015-05-06 10.0 CVE-2015-0701
CISCO
emc — autostart ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets. 2015-05-06 9.3 CVE-2015-0538
CERT-VN
BUGTRAQ
google — chrome Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. 2015-05-01 7.5 CVE-2015-1250
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
realtek — realtek_sdk The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request. 2015-05-01 10.0 CVE-2014-8361
MISC
CONFIRM
samsung — samsung_security_manager Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request. 2015-05-01 10.0 CVE-2015-3435
MISC
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
apple — safari WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154. 2015-05-07 6.8 CVE-2015-1152
CONFIRM
APPLE
apple — safari WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154. 2015-05-07 6.8 CVE-2015-1153
CONFIRM
APPLE
apple — safari WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153. 2015-05-07 6.8 CVE-2015-1154
CONFIRM
APPLE
apple — safari The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site. 2015-05-07 4.3 CVE-2015-1155
CONFIRM
APPLE
apple — safari The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link’s target, and spoof the user interface, via a crafted web site. 2015-05-07 4.3 CVE-2015-1156
CONFIRM
APPLE
cisco — finesse Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595. 2015-05-02 4.3 CVE-2015-0714
CISCO
cisco — unity_connection SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608. 2015-05-06 6.5 CVE-2015-0715
CISCO
cisco — unity_connection Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659. 2015-05-06 6.8 CVE-2015-0716
CISCO
dell — sonicwall_secure_remote_access_firmware Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request to cgi-bin/editBookmark. 2015-05-01 6.8 CVE-2015-2248
CONFIRM
MISC
elasticsearch — elasticsearch Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors. 2015-05-01 4.3 CVE-2015-3337
CONFIRM
BUGTRAQ
DEBIAN
emc — sourceone_email_management EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. 2015-05-06 5.0 CVE-2015-0531
BUGTRAQ
foxitsoftware — enterprise_reader Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file. 2015-05-01 4.3 CVE-2015-3632
EXPLOIT-DB
CONFIRM
MISC
MISC
foxitsoftware — enterprise_reader Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures. 2015-05-01 5.0 CVE-2015-3633
CONFIRM
haxx — curl The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. 2015-05-01 5.0 CVE-2015-3153
UBUNTU
DEBIAN
CONFIRM
ibm — db2 IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities. 2015-05-07 4.0 CVE-2014-0919
CONFIRM
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
ibm — rational_license_key_server The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4 before 8.1.4.7 allows remote authenticated users to read cookies via unspecified vectors. 2015-05-07 4.0 CVE-2015-1907
CONFIRM
python — pillow The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. 2015-05-01 5.0 CVE-2014-3598
CONFIRM
SUSE
redhat — enterprise_virtualization_manager Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain. 2015-05-01 6.8 CVE-2015-0237
REDHAT
siemens — homecontrol_for_room_automation The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted certificate. 2015-05-07 5.4 CVE-2015-3610
CONFIRM

Back to top

Low Vulnerabilities

Primary
Vendor — Product		 Description Published CVSS Score Source & Patch Info
kozos — easyctf Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2015-05-01 3.5 CVE-2015-0913
JVNDB
JVN
CONFIRM
redhat — enterprise_virtualization_manager Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory. 2015-05-01 2.1 CVE-2015-0257
REDHAT

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

AVG

Switch to flight-mode on Mother’s Day

Perhaps Mother’s Day is your opportunity, for one day at least, to bring back the tradition of enjoying a meal surrounded by great conversation and the people you love.

Technology has definitely changed the dinner table dynamic, sometimes for good, and sometimes for bad.  And depending on your age, your family values, and how you use your mobile devices, the experience is often different for many of us.

For some, dinner times used to be a place where debate over controversial urban myths often surfaced.  In the days before “Mythbusters” existed, it was at the dinner table where hypotheses’ and logic were tested and rigorously explored.

And while stronger family personalities often won arguments based on false pretences – mobile devices and Internet now mean that the real facts are just a Google or Wikipedia search away.  In my view, the lessons of learning to “agree to disagree”, along with the ability to resolve conflict using conversation alone, are sadly lacking in today’s world.

Busy family schedules used to be communicated across the dinner table too, but even this has been replaced by Calendar invites and Facebook events.  For technologically savvy families there’s virtually no need to discuss such things during mealtime.

It’s no wonder with all the technology at our disposal, and with the humdrum of daily living taken care of by apps of every kind, that Mother’s are missing out on the attention and conversation they deserve.

So, for this Mother’s Day, switch to flight-mode during dinner time and pretend you’ve taken off to a world of wonder and beauty – one where loving connections are fostered, arguments are settled the old fashioned way, and where stories are shared and enjoyed.

Happy Mother’s Day, and stay safe out there.

Full Disclosure

Broken, Abandoned, and Forgotten Code

Posted by Zach C on May 10

Hello,

I’m posting a multipart reversing and exploitation series entitled “Broken,
Abandoned, and Forgotten Code.” It explores the discovery, reverse
engineering, and exploitation of an unauthenticated firmware update
capability in the UPnP stack of Netgear SOHO routers.

This isn’t your typical “OMG command injection SOHO Routers are so
insecure!!!1!” project. We all know they are; that’s been covered ad…

Fedora

Fedora 20 Security Update: kernel-3.19.7-100.fc20

Resolved Bugs
1218074 – CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation
1218110 – CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation [fedora-all]
1218662 – I/O errors, broken ncq trim since Samsung SSD update EXT0DB6Q
1205083 – [abrt] WARNING: CPU: 3 PID: 644 at drivers/net/wireless/iwlwifi/mvm/tx.c:952 iwl_mvm_rx_ba_notif+0x525/0x5c0 [iwlmvm]() [iwlmvm]
1208999 – iscsi issues on 3.19 kernel
1214030 – CVE-2015-3339 kernel: race condition between chown() and execve()
1204390 – [abrt] WARNING: CPU: 6 PID: 790 at drivers/media/v4l2-core/v4l2-ioctl.c:1025 v4l_querycap+0x41/0x70 [videodev]() [videodev]
1206036 – Impossible to reduce the display brightness under the new kernel – Toshiba Z30 laptop
1215989 – Backlight is non-responsive on Toshiba Satellite<br
The 3.19.7 update contains a number of important updates across the tree
The 3.19.6 stable updates contains a number of important fixes across the tree

Fedora

Fedora 22 Security Update: ca-certificates-2015.2.4-1.0.fc22

This is an update to the set of CA certificates released with NSS version 3.18.1
However, the package modifies the CA list to keep several legacy CAs still trusted for compatibility reasons. Please refer to the project URL for details.
If you prefer to use the unchanged list provided by Mozilla, and if you accept any compatibility issues it may cause, an administrator may configure the system by executing the “ca-legacy disable” command.