Monthly Archives: May 2015

Avast

The Tar Heel State welcomes Avast Software

Avast announces the opening of our new Charlotte, N.C. office.

Avast announces the opening of our new Charlotte, N.C. office.

During this beautiful spring in “The Queen City” aka Charlotte, North Carolina, new Avast Software offices have opened their doors bringing 60 IT, marketing, business development, and technical support jobs to the area.

The flagship product launching out of the Charlotte office is Avast for Business, the new free, easy-to-use, cloud-managed security offering designed with small and medium sized businesses (SMBs), educational institutions, non-profit organizations, and small government in mind. Luke Walling, a long time Charlotte resident, is the general manager and vice president of Avast for Business.

“We’re thrilled to open doors in Charlotte,” said Walling. “With state-of-the-art facilities in North Carolina coupled with regional offices across the globe, Avast is in prime position to ensure our customers receive top-notch security solutions for their PCs, Macs and servers. As small business owners realize the essential need for data protection in today’s digital world, we’re happy to provide a free product that’s both reliable and secure. Charlotte has been home to me for many years and I’m pleased to report such a strong start.”

Since its launch in February 2015, Avast for Business has been adopted by 75,000 new customers.The freemium software model that Avast brings will change the complexion of security products for small businesses that are often priced out of the security game by expensive resellers, or forced to settle on using consumer-grade security software for business purposes. Avast for Business provides an easily managed and scalable solution for SMBs.

Avast expects to hire about 60 people based in Charlotte within the next few months. Job listings can be found on the Avast careers website and at this writing include positions such as Technical Support Specialist, Marketing Specialist, and several positions for Software engineers and a Senior UX Design/Creative.

The growing team is settling into their new office space, and with perks like an Avast orange pool table, free-flowing coffee and soft drinks, and team-building dinners and fun days out, they are sure to build upon their initial success. Welcome to Avast, Charlotte!

Marketing manager, Cathy F. cuddles with Chester
Sales rep Robert B. takes a pool break
Handsome pool table covered with Avast orange
Vanir I., data analyst has a park view from his desk
Chester reads the writing on the wall
The daily caffeine fix
Roger R. at dinner with the Charlotte team
Elena C. from Prague visits with Mike H.
Mirek S. from Prague enjoys a beer with Luke W., VP of the Charlotte office
Jessica T. enjoys the conversation with her Prague colleagues
Fun day out at Carowinds
Cathy F. and Robert B. are brave before riding the Carolina Cobra
These Avastians have braggin' rights after conquering the Nighthawk!

Security

Ubuntu Security Notice USN-2603-1

Ubuntu Security Notice 2603-1 – Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Atte Kettunen discovered a buffer overflow during the rendering of SVG content with certain CSS properties in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

Security

Red Hat Security Advisory 2015-1012-01

Red Hat Security Advisory 2015-1012-01 – Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A heap-based buffer overflow flaw was found in the way Thunderbird processed compressed XML data. An attacker could create specially crafted compressed XML content that, when processed by Thunderbird, could cause it to crash or execute arbitrary code with the privileges of the user running Thunderbird.

AVG

Hackers Using Starbucks Gift Cards to steal money

Earlier in May, researcher Bob Sullivan reported that hackers were targeting Starbucks mobile users and using the Starbucks app to steal money through linked credit cards.

The Starbucks app links to a credit card so that the user can prepay for goods and purchase Starbucks gift cards for friends and family to spend in store.

Reports indicate that the gift cards are fundamental to the attacks.

After gaining access to the victim’s Starbucks account, attackers create a new gift card for the entire balance of the account and issue it to themselves. The problem is then compounded  as the Starbucks app automatically tops up the user’s balance when it gets low. This means that the attacker can then strike again.

Within a few minutes, attackers could potentially siphon hundreds of dollars through gift cards without even needing the victim’s credit card details.

In a recent blog post, Starbucks recently defended the security of their app and said that “News reports that the Starbucks mobile app has been hacked are false.”

Instead, they say that it is reusing login details from other sites that is putting customers at risk:

Occasionally, Starbucks receives reports from customers of unauthorized activity on their online account. This is primarily caused when criminals obtain reused names and passwords from other sites and attempt to apply that information to Starbucks. To protect their security, customers are encouraged to use different user names and passwords for different sites, especially those that keep financial information.

 

This isn’t the first time that the Starbucks app has come under fire, after last year it emerged that it stores users’ passwords on the device in plain text.

 

How to help protect yourself from attacks such as these:

Pick a strong, unique password

It goes without saying that this attack would not be possible if hackers were shut out of Starbucks accounts. Therefore, keeping a strong and unique password (one that is not used on any other site) is one of the most important things you can do to help protect yourself from an attack like this. For help creating a strong password, check out this simple guide.

 

Turn off or limit auto-top up

One of the things that makes this attack so dangerous is the fact that the damage can escalate rapidly thanks to the auto top-up functionality used by the Starbucks app (and many others like it).

While automatically replenishing your account balance can be an incredibly convenient thing, if you are concerned about attacks like these, disable or set a deposit limit on your auto top-up.

 

Regularly check your accounts

Just like with online banking fraud, one of the best ways to protect yourself or recover from attacks such as this is to stay vigilant. Regularly check your bank statements and online account histories for suspicious activity and do not hesitate to get in touch with your bank or retailer should something unexpected appear.

For Starbucks users, if you see any suspicious activity on your Starbucks Card or mobile app, please immediately notify Starbucks customer service at 1-800-STARBUC.

NVD

CVE-2014-8384

The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request.

NVD

CVE-2015-0278

libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.

NVD

CVE-2015-1868

The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.

NVD

CVE-2015-2346

XML external entity (XXE) in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter.