Monthly Archives: June 2015
CVE-2015-0760 (adaptive_security_appliance_software)
The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259.
CVE-2015-0761 (anyconnect_secure_mobility_client)
Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug ID CSCus86790.
CVE-2015-0762 (unified_meetingplace)
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) for Microsoft Outlook allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu51400.
CVE-2015-0763 (unified_meetingplace)
Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338.
CVE-2015-0764 (unified_meetingplace)
Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603.
CVE-2015-0765 (ons_15454_system_software)
Cisco ONS 15454 System Software 10.30 and 10.301 allows remote attackers to cause a denial of service (tNetTask CPU consumption or card reset) via a flood of (1) IP or (2) Ethernet traffic, aka Bug ID CSCus57263.
CVE-2015-0766 (firesight_system_software)
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196.
Google introduces new security and privacy features
In response to recent research from Pew, indicating that fewer than 10% of Americans feel in control of their data, Google announced new tools help users do just that.
The feature, called My Account, is an easy way for Google account holders to manage many of their security and privacy options from one dashboard.
New Features
MyAccount is not just a convenient dashboard though, as Google has introduced new features to play with such as Privacy Checkup and Security Checkup, which help the user choose what personal information they are happy to share and where they are happy to share it.
As Google explained in their blog:
Privacy and security are two sides of the same coin: if your information isn’t secure, it certainly can’t be private. My Account gives you quick access to the settings and tools that help you safeguard your data, protect your privacy, and decide what information is used to make Google services work better for you.
By offering greater control over how apps such as Maps, YouTube and Search collect data, Google is hoping to reassure users that they can in fact keep their data as private as they wish.
Greater transparency
Notably, Google has also introduced a new site privacy.google.com which allows user to examine what data Google itself is storing on them.
We listen to feedback from people around the world to better understand their concerns about privacy and security. In addition to My Account, we want to help people find answers to common questions on these topics, such as: “What data does Google collect? What does Google do with the data it collects? What tools do I have to control my Google experience?”
The new privacy.google.com promises to have all this information and more so if you are interested in learning about how Google uses and stores your data, you should check it out. I certainly will be.
Avast SecureMe Protects Apple Watch Wi-Fi Users
For all of the Apple Watch fans, I’m excited to announce that Avast SecureMe will be available for the device soon. We will launch Avast SecureMe for iOS this summer and will then also expand its functionality for Apple Watch. We designed the app specifically for unsecured Wi-Fi networks, which are a low-hanging fruit for hackers looking to spy on people’s browsing activities and to re-route users to fake sites that collect logins, PINs and other personal information. A ubiquitous presence in cafes, hotels and airports, an alarming number of public Wi-Fi routers are poorly configured. In a study conducted in New York, Chicago and San Francisco, our researchers found out that more than half of routers aren’t set up in a secure way.
To protect users from losing valuable personal information, Avast SecureMe performs the following operations:
- Quick glance to see if router security is enabled
- Notifications if the router is unsecured
- Establish a secure connection in unprotected Wi-Fis
If the iPhone or iPad the Apple Watch is connected to enters a suspect network, Avast SecureMe notifies the user and engages its VPN to secure user connections for online tasks like email, banking, and engaging on social networks. In fact, Avast SecureMe automatically connects to the secure VPN when it detects a user connecting to public Wi-Fi, making all transferred data invisible to prying eyes. Users can disable the protection for Wi-Fi connections they trust, like their home network.
Avast SecureMe will be available for iPhones and iPads, and is extendable for use on Apple Watches.