Monthly Archives: May 2015

Mandriva

[ MDVSA-2015:227 ] mariadb

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:227
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : mariadb
 Date    : May 5, 2015
 Affected: Business Server 1.0, Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 This update provides MariaDB 5.5.43, which fixes several security
 issues and other bugs. Please refer to the Oracle Critical Patch Update
 Advisories and the Release Notes for MariaDB for further information
 regarding the security vulnerabilities.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0499
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0501
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0
Security

Netflix Releases FIDO Incident Response Tool

Engineers at Netflix have released another one of the company’s bespoke security tools as an open-source application, this time an incident-response system known as FIDO. The tool is designed to help automate the process of incident response, and specifically it acts as a new layer that helps tie together existing applications by evaluating and assessing […]

Full Disclosure

Fortinet FortiAnalyzer & FortiManager – Client Side Cross Site Scripting Vulnerability

Posted by Vulnerability Lab on May 05

Document Title:
===============
Fortinet FortiAnalyzer & FortiManager – Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1354

Security Bulletin FortiGuard: http://www.fortiguard.com/advisory/FG-IR-15-005/

PSIRT ID: 1327458

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3620

CVE-ID:
=======
CVE-2015-3620

Release Date:
=============…

Full Disclosure

vPhoto-Album v4.2 iOS – File Include Web Vulnerability

Posted by Vulnerability Lab on May 05

Document Title:
===============
vPhoto-Album v4.2 iOS – File Include Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1477

Release Date:
=============
2015-05-05

Vulnerability Laboratory ID (VL-ID):
====================================
1477

Common Vulnerability Scoring System:
====================================
6.2

Product & Service Introduction:…

Avast

BYOD increases the need for Anti-Theft protection

smartphone and tablet

The convenience of BYOD can go down the drain if the employee loses their device. Protect it with Avast Anti-Theft.

Small business owners embrace the idea of employees supplying their own computers, smartphones, and tablets in the workplace. But the savings and convenience can go down the drain if the employee falls prey to a phishing scam and downloads malware or loses their device. Protecting mobile devices has become increasingly more important as Bring Your Own Device (BYOD) grows in popularity.

Technical security measures to protect information are of obvious importance. However, many security incidents relate to the theft or loss of equipment.

We can write multiple blog posts about BYOD policies and educating your employees about the latest threats and tricks that cybercrooks play (spearphishing, for example), which is all extremely important, but if you simply lose your device, then all bets are off anyway. You can avoid headaches in the case of misplaced or stolen devices by having a way to remotely locate the missing device and wiping the data away if it ends up in the wrong hands.

Avast Anti-Theft allows users to log on to their desktop account or use a friend’s phone to remotely locate their device, lock it, activate the remote siren, or wipe its data clean.

Learn 5 ways to thwart the thief who stole your Android.

Business owners also need to consider what to do about company data on an employee’s personal device when they are terminated or leave the company. Some companies have resorted to wiping personal devices clean of all data, but that includes contacts, family photos, apps and music, which can lead to unpleasant lawsuits or complaints from former employees. Mobile device management systems (MDMs) are available, but could be overkill for very small businesses.

If you only have a few employees, and do not require a full-blown MDM, then Install Avast Anti-Theft for free from the Google Play store to protect your own devices and those of your employees.