Privacy search engine DuckDuckGo has seen traffic rocket after recent widely publicised privacy scares, according the the company.
The post DuckDuckGo traffic up after Apple integration and privacy issues appeared first on We Live Security.
Monthly Archives: June 2015
AVG opens new Tel Aviv Center of Excellence for mobile
It gives me great pleasure to tell you about AVG’s latest office in Israel, spanning three floors in the brand new Adgar Tower in Tel Aviv.
The view from the large windows on the 23rd floor is impressive, and light pours into every room.
The office is set to become AVG’s global center of excellence for mobile and the headquarters for our mobile development and product teams. As the world looks ahead to the Internet of Things and an increasingly mobile future, the AVG office in Tel Aviv is the perfect breeding ground for innovation and growth.
As you would expect from such an important locale, a huge amount of planning went into the office, built with AVG’s core values at its heart:
Transparency
AVG has long held the belief that everything we do should be transparent. In our products, this manifests itself through pioneering projects such as the Short Privacy Notice but in the new Tel Aviv office, it is exists in a wonderful mixture of glass and light.
I firmly believe that collaboration is key to the success in a company of any size, and with my background in startups, it was a principle we wanted to ingrain in our new office space. Glass walls and doors of glass ensure that everyone is visible, reachable and approachable. To me, it feels more like an incubator than a corporate office.
Execution
Like any AVG office around the globe, the engineers and workers in the Tel Aviv office pride themselves on attention to detail and high quality execution. Continuing this ethos was something we was certain needed to be done when planning for the future.
Every room houses a team of product and engineering experts all working together with a common purpose, to provide value to over 100 million users of AVG’s mobile products.
We never stop trying to help and protect our users, and the vibrant and collaborative atmosphere in Tel Aviv is the perfect environment to make it happen!
Respect
Naturally, any office gets its character from its staff and we wanted to make sure that the new Tel Aviv office felt like home from the word ‘go’.
Each team customized the layout and finish of their office, down to choosing their own posters. Like in any business, motivated and impassioned people perform better, feel more rewarded and the office benefits from this.
Work-life balance has always been important to me, so we felt it was important that staff in Tel Aviv were able to express themselves for their talents and abilities outside of work. The AVG Talents initiative is the perfect reflection of that.
Throughout the office, the walls display the artwork, photography and pets of AVG Tel Aviv staff. It doesn’t just make the office look great, but creates a sense of trust and familiarity. It encourages us to value each other not just as colleagues, but as talented and diverse people from all walks of life.
AVG Talents was in full swing this week as the staff band, The Showstoppers, helped us celebrate the new office with a concert, attended by the whole team.
CEBA-2015:C003 CentOS 6 xorg-x11-server BugFixUpdate
CentOS Errata and Bugfix Advisory 2015:C003 Upstream details at : http://bugs.centos.org/view.php?id=6809 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 2b179666c4cc9e2e551dd501cb1eb5782587b07fbc3ab2e25b0c992f935e94b4 xorg-x11-server-common-1.15.0-26.el6.centos.0.1.i686.rpm cfd4bdd646b43bd1e408ec185683ad1ad5f41ae733e949162cbecd7d75f46932 xorg-x11-server-devel-1.15.0-26.el6.centos.0.1.i686.rpm 1e5b73bd45927926e4ccdf10c7638c1187f19b6654c3aeedea4602b60b677837 xorg-x11-server-source-1.15.0-26.el6.centos.0.1.noarch.rpm b9aada45c6d65b669f06a93de77bba894acfd6070cccb140b6f28ab4abcea85d xorg-x11-server-Xdmx-1.15.0-26.el6.centos.0.1.i686.rpm 2694b10619ced7fdc8e575084906f7eeb9b7a4198422db44095841d2c0d792c3 xorg-x11-server-Xephyr-1.15.0-26.el6.centos.0.1.i686.rpm 336e333a6be40da9f101773d25fc7b19ffc4ce9784edd765824a8a03aaa985f8 xorg-x11-server-Xnest-1.15.0-26.el6.centos.0.1.i686.rpm 917b3fe03a281ce3e29a05e478bee90422f2d7ba770e49f2857692c1b22a6a8e xorg-x11-server-Xorg-1.15.0-26.el6.centos.0.1.i686.rpm 6db15af10bfb8196b4bc35a07989086834286751f7c3b1ff6a6c1dbd6afde843 xorg-x11-server-Xvfb-1.15.0-26.el6.centos.0.1.i686.rpm x86_64: 2ca61ed81ecea1eb6645b0bf2529b8de43e12de07afbf470f3e674712e046c06 xorg-x11-server-common-1.15.0-26.el6.centos.0.1.x86_64.rpm cfd4bdd646b43bd1e408ec185683ad1ad5f41ae733e949162cbecd7d75f46932 xorg-x11-server-devel-1.15.0-26.el6.centos.0.1.i686.rpm c868e0fcf8740a3cde3de10cca3a2990afdbb9ffe672c651691f417f3346cc4b xorg-x11-server-devel-1.15.0-26.el6.centos.0.1.x86_64.rpm 1e5b73bd45927926e4ccdf10c7638c1187f19b6654c3aeedea4602b60b677837 xorg-x11-server-source-1.15.0-26.el6.centos.0.1.noarch.rpm 485b71485e2a02823f6acf56ec95400da5bf99d49ef4e550c749ba919b3fa50d xorg-x11-server-Xdmx-1.15.0-26.el6.centos.0.1.x86_64.rpm 13b01f94c94cf781b45713a4ab519b1d19a5e8fe78795795c434c4cf9b57840c xorg-x11-server-Xephyr-1.15.0-26.el6.centos.0.1.x86_64.rpm abff1971ae3afb6ad72f9b6bf8a71fcd617456e0d10c5d572b72266af3714a85 xorg-x11-server-Xnest-1.15.0-26.el6.centos.0.1.x86_64.rpm c15b7ceff5729117e137decde42f78882c65b9a2bc471320eae39ea2e6641ea4 xorg-x11-server-Xorg-1.15.0-26.el6.centos.0.1.x86_64.rpm 7dbf0776cc4df9022c57b9784b4e3a2a03a0edd9476081325dd20cdca43011da xorg-x11-server-Xvfb-1.15.0-26.el6.centos.0.1.x86_64.rpm Source: 53dd0f31ccc34d4446dfd0900067d002ccbda900a570ab70935b0e161bd400ca xorg-x11-server-1.15.0-26.el6.centos.0.1.src.rpm
CESA-2015:1123 Important CentOS 6 cups SecurityUpdate
CentOS Errata and Security Advisory 2015:1123 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1123.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 66ec9a6b8eae38c42730cfe9bc7bc692f3f09a833edd36f19c5358fef55e3d38 cups-1.4.2-67.el6_6.1.i686.rpm d8828f29adc025acc0fbb338f6dddbcbe0802749eed42b15d972592ab53c0b6d cups-devel-1.4.2-67.el6_6.1.i686.rpm 3322ec2e7dffe6fbc9c45b4868cf680604f10059dc7a3cb4d0bb10f3d6e5e3a3 cups-libs-1.4.2-67.el6_6.1.i686.rpm 8e2764b166884672cbbeab1c5b93ca301f57144fc29ee641d9b5175d5104cdf2 cups-lpd-1.4.2-67.el6_6.1.i686.rpm 2bd30d9e1e6891dec1ae2b18ffa709c3b0e0c28e51cd1f3d5a07171f0ccc6bb5 cups-php-1.4.2-67.el6_6.1.i686.rpm x86_64: 34abf99f7ef817dfdd2000581dd00a6a0e58a971a7b0ab4f01e3d2b6d782c4bc cups-1.4.2-67.el6_6.1.x86_64.rpm d8828f29adc025acc0fbb338f6dddbcbe0802749eed42b15d972592ab53c0b6d cups-devel-1.4.2-67.el6_6.1.i686.rpm bce9e461adf875feb74a5b9bf273e0d6d4471fe3968d544987296761cec1a840 cups-devel-1.4.2-67.el6_6.1.x86_64.rpm 3322ec2e7dffe6fbc9c45b4868cf680604f10059dc7a3cb4d0bb10f3d6e5e3a3 cups-libs-1.4.2-67.el6_6.1.i686.rpm b6da7e01721b2ce11affe423d77de600ffedb9f6499399a7f23102705d4dfbf2 cups-libs-1.4.2-67.el6_6.1.x86_64.rpm d24718b3355681f4feec4378bb6c20e304cebe822d62af818acd6d24cf21a5e2 cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm c3f21692061194bb7c2884659ad1ebc341d829d820a70748e1f35d243272700f cups-php-1.4.2-67.el6_6.1.x86_64.rpm Source: 232eea3a52f7b16c040c3e8dec51ff3ff9727439bb6aebc414f93cbed320ce24 cups-1.4.2-67.el6_6.1.src.rpm
CESA-2015:1123 Important CentOS 7 cups SecurityUpdate
CentOS Errata and Security Advisory 2015:1123 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1123.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 9a0a783639a76c7a31f8b06404a14a695ee4fdb8a23d68e36ad2bf074a39683a cups-1.6.3-17.el7_1.1.x86_64.rpm 65ac0d62c9aba2c6d7a3af646b4e84813785eca49bcd0ab7ef5fd745cf102803 cups-client-1.6.3-17.el7_1.1.x86_64.rpm 1fc6a991ef7613143d118de74c2cd2371d55d7e2acc5ba3c9044de1a870e0530 cups-devel-1.6.3-17.el7_1.1.i686.rpm af9dddf564b1f0c35c03d236b91990921617a21e8acab7faffea758e382db90d cups-devel-1.6.3-17.el7_1.1.x86_64.rpm ebbc4bf3a5d61a67e4d842df45771a7a8487af30a8010ba74aa4de3dc9c8ba04 cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm b1b7637e3d914d459ba3a9e7d11c0c1cf9fcea9ec7ba2e682cf541a5aa3b069e cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm 2c17418bc05af2157bf6c050851eae652ad0973b3ead4f205ecdd05b968c6998 cups-libs-1.6.3-17.el7_1.1.i686.rpm 323eaae9e86300f4c93e8b61efc91814d8727d83aca2e8ceefe4dd4a5cb82d88 cups-libs-1.6.3-17.el7_1.1.x86_64.rpm f9f98142b37b03129802443c4e78f4f87168a2f6645af35a892287a5d1e0bf5b cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm Source: 172f45bf8b2000e29d5b7418e7f250c188b0d0252edb03434caed2552993a779 cups-1.6.3-17.el7_1.1.src.rpm
SQL Injection in EXT:sb_akronymmanager
Release Date: June 18, 2015
Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
Affected Versions: version 0.5.0 and below
Vulnerability Type: SQL Injection
Severity: High
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:C/A:P/E:F/RL:O/RC:C (What’s that?)
CVE: not assigned yet
Problem Description: Failing to properly sanitize user-supplied input, the extension is vulnerable to SQL Injection.
Solution: An updated version 7.0.0 is available from the TYPO3 Extension Manager and at http://typo3.org/extensions/repository/download/sb_akronymmanager/7.0.0/t3x/. Users of the extension are advised to update the extension as soon as possible.
General advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.
CVE-2015-2861 (vesta_control_panel)
Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel before 0.9.8-14 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-4628 (limesurvey)
SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.
You’re as secure as your apps’ developers allow them to be
We rely on our apps. Every day, we use our favorites to check the news, the weather forecast for our upcoming holidays, and to communicate with our beloved ones. Some apps, especially system apps, are continuously used regardless of other apps that are in use. Keyboard is one of them.
Recently, a dangerous vulnerability was discovered in the most popular keyboard, SwiftKey. The app always checks for language updates, but this process is not performed in a secure way. If you’re connected to an open or public Wi-Fi network, your phone is under risk of a very common –and dangerous –attack: the man-in-the-middle. MITM compromises your connection, allowing a third party to eavesdrop on your Internet activity. This includes the passwords you’re entering using the very same keyboard, your financial information—everything.
Your security depends on the use of a VPN. You probably already know what a VPN is and how it works. If not, you can find a lot of information in our blog. Like our product Avast SecureLine, a VPN creates an encrypted tunnel for inbound and outbound data of your Internet connection, blocking any possibility of a man-in-the-middle attack.
Unfortunately, the story does not end here. If you use SwiftKey while connected to an insecure Wi-Fi network, the attacker can also download malware into your phone or tablet. This is where Avast Mobile Security & Antivirus (AMS) comes into play. Some users think that we don’t need a security product in our phones. They might also think that antivirus companies exaggerate the need for security apps just to sell their products. Not only does AMS scan the installation process of apps, but it also checks the Internet sites you’re visiting and malicious behavior of any file in your device.
via: Droid Life
There is another need for a security program. When Google updates its app permission scheme in Lollipop, we’re alerted of a possible abuse of the scheme if an app requires more permissions under the “Other”category. However, in the next Android version M, apps will not ask permission for Internet connection (as you may think that any app requires Internet connection, right)?
If you have a Samsung S4, S5 or S6, running the stock operational system still poses as a risk —currently, the vulnerability has still yet to be resolved by SwitfKey nor Samsung. On the brighter side, you’re in luck if you use SwiftKey from Google Play (as an user app, not a system one) as it does not suffer from this issue.
You’re as secure as your apps’developers allow them to be. As shown in this case, even the most useful, popular app can contain vulnerabilities that could be abused without making use of proper protection when connecting to open Wi-Fi networks and having an up-to-date security app running in your Android..
Wonder CMS 0.6-Beta File Inclusion / Traversal / Disclosure
Wonder CMS version 0.6-Beta suffers from inclusion, password disclosure, and directory traversal vulnerabilities.