People love to try and get something for nothing, especially on the Internet where there’s all kinds of things available for nothing. But a lot of those free things are illegal and attackers have become very adept at taking advantage of users’ desire for free episodes of Gilmore Girls or bonus Dragon Ball Z content. Researchers […]
Monthly Archives: June 2015
BBC Publishes Links Removed By Google Under The Right To Be Forgotten
Blackhats Using Mystery Magento Card Stealers
Ransomware Slinging Exploit Kit Targets Flash Remote Code Execution
Court Decides Wrangle Over Shot-Down Drone
CEBA-2015:1192 CentOS 7 openssl BugFix Update
CentOS Errata and Bugfix Advisory 2015:1192 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1192.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: e6c2ef7c0b89fcfacb8e64488d2802271ab082921512860385fb1c0aae46684a openssl-1.0.1e-42.el7.9.x86_64.rpm b96a444096055df0ceec150eb107130a814060558ddaa4ecbec1abcfc0acc99e openssl-devel-1.0.1e-42.el7.9.i686.rpm 018b50c925ec2feba99dd5b06e651327da4258b7a0c0a4bb4e551c6f0710ceb0 openssl-devel-1.0.1e-42.el7.9.x86_64.rpm 7a2778580ee3d50584b8329e859d4be55d93ff749b088f50df2bb9a6879eb817 openssl-libs-1.0.1e-42.el7.9.i686.rpm b4dcd15094fc1a2f4e9742169d66e5de06a6751de26f2baa13282cca64954e3d openssl-libs-1.0.1e-42.el7.9.x86_64.rpm 13600af8063a7f56cb8686a5261c1c8cf42335a2a5f41ada1038d3e55ef78b08 openssl-perl-1.0.1e-42.el7.9.x86_64.rpm 3c62e5f755a5db436f16c15af1236b8c80565b69b00d31f60bb4b686f36270c7 openssl-static-1.0.1e-42.el7.9.i686.rpm 0aae83ae75cbcb9bb61c5c85fe5a06b35a8fc96d5fd35ce2b845d647c243b160 openssl-static-1.0.1e-42.el7.9.x86_64.rpm Source: ad13e94dd6fb298aef32f250d95ea9f27a2de4a62d2f1e9f3e3ecc7c8e034c84 openssl-1.0.1e-42.el7.9.src.rpm
ICANN policy changes trigger privacy concerns
Internet name authority ICANN has unsettled privacy advocates after a new working group document flagged changes to the way domain proxy services can operate.
The post ICANN policy changes trigger privacy concerns appeared first on We Live Security.
Avira vs. Freemium(dot)com – We Will Protect You Against PUA
The court order sets a legal precedent for how Internet security companies like Avira can protect their consumers from potential ad-ware injection, malware, and unintended downloads introduced by installer companies like Freemium.
One of Freemium’s major investors, ProSiebenSat.1 Media AG, hosts a suite of gaming sites and download sites, as well as Axel Springer’s Computerbild.de download portal, which all use Freemium’s installer software to earn money on the downloads of products they offer. Our antivirus software detects and flags unintended downloads with a safety warning, so Freemium filed a cease-and-desist letter against Avira GmbH claiming anti-competitive practices, and demanding that we should not be allowed to block the downloads.
The courts disagreed.
According to the terms of the legal judgment, our antivirus software is allowed to continue to provide a safety notice flagging these downloads as ‘potentially unwanted applications’ (PUA), in keeping with our recently published security policies. Freemium was denied its request for a cease-and-desist and, as the losing party, was ordered to pay all court costs.
“This ruling establishes a major legal milestone in the fight against misleading consumers into unintentionally installing unwanted software onto their computers,” said Travis Witteveen, CEO of Avira GmbH. “Earlier this year we established clear guidelines defining unethical software behaviour, and defining what our security software will block. We believe in ‘freemium’ and advertising-supported business models, however they must remain transparent and ethical in their implementation.”
The post Avira vs. Freemium(dot)com – We Will Protect You Against PUA appeared first on Avira Blog.
Cross-Site Scripting in extension "404 Page not found handling" (pagenotfoundhandling)
Release Date: June 29, 2015
Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
Affected Versions: version 2.1.0 and below
Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:F/RL:O/RC:C (What’s that?)
CVE: not assigned yet
Problem Description: The extension fails to properly encode user input for output in HTML context.
Solution: An updated version 2.1.1 is available from the TYPO3 Extension Manager and at http://typo3.org/extensions/repository/download/pagenotfoundhandling/2.1.1/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: Credits go to Bas van Beek who discovered and reported the issue.
General advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.
CVE-2015-0196 (websphere_commerce)
CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 before 7.0.0.8 Cumulative iFix 2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.