Monthly Archives: July 2015

Avira

Plex TV Has Been Hacked – You Might Want To Change Your Password!

If your answer is yes, you might want to change your password, ladies and gentleman, because Plex has been hacked.

Plex, a very popular media sever helps you to organize videos, music and photos and allows you to stream them to your smart TVs, streaming boxes and of course mobile devices. The company also runs their own forum which now has been hacked.

The hacker who goes by the name of Savaka demands a payment of about 1500€ worth of bitcoins. He writes: “Hello,

My name is savaka and I like to hack things. Recently https://plex.tv/ (s) forum & website was compromised by me. I managed to obtain all of your data, customers as well as software and files.

I replaced the index.php of the administrator cpanel with a nice message, but the ones in charge of your data decided that it would be pretty lulzy’ to remove the message and place the original index back there.

I gave them until the 3rd of this month to send 9.5 BTC to redacted or I would release all this data.

This ransom is still active and on the 3rd: if no BTC payment is made, the ransom wll go up by 5 BTC.

Eventually if no BTC payment is made, the data will be released via multiple torrent networks and there will be no more plex.tv

You can also pay me to remove your data from the content that’s going to be released by e-mailing [redacted ] If you send an e-mail without BTC ready to send, I will add your data to a special list.

savaka

P.S I don’t care who the BTC comes from as long as the payment is made: no data will be released.

As a result the company has taken its forums offline for the time being and informed its users about the hack. Right now the Plex staff is investigating whether other parts of their infrastructure have been compromised.

The post Plex TV Has Been Hacked – You Might Want To Change Your Password! appeared first on Avira Blog.

Security

Senator Demands Answers on FBI’s Use of Zero Days, Phishing

The chairman of the powerful Senate Judiciary Committee is asking some pointed questions of the FBI director about the bureau’s use of zero-day vulnerabilities, phishing attacks, spyware, and other controversial tools. Sen. Charles Grassley (R-Iowa) has sent a letter to FBI Director James Comey asking for “more specific information about the FBI’s current use of […]

Fedora

Fedora 21 Security Update: pcre-8.35-12.fc21

Resolved Bugs
1236659 – CVE-2015-3210 pcre: heap buffer overflow in pcre_compile2() / compile_regex() [fedora-all]
1226918 – CVE-2015-3210 pcre: heap buffer overflow in pcre_compile2() / compile_regex()
1237224 – CVE-2015-5073 pcre: heap buffer overflow in find_fixedlength() [fedora-all]
1237223 – CVE-2015-5073 pcre: heap buffer overflow in find_fixedlength()<br
This release fixes two heap buffer overflows when compiling certain regular expressions: CVE-2015-3210 and CVE-2015-5073.

Fedora

Fedora 22 Security Update: pcre-8.37-2.fc22

Resolved Bugs
1236659 – CVE-2015-3210 pcre: heap buffer overflow in pcre_compile2() / compile_regex() [fedora-all]
1226918 – CVE-2015-3210 pcre: heap buffer overflow in pcre_compile2() / compile_regex()
1237224 – CVE-2015-5073 pcre: heap buffer overflow in find_fixedlength() [fedora-all]
1237223 – CVE-2015-5073 pcre: heap buffer overflow in find_fixedlength()<br
This release fixes two heap buffer overflows when compiling certain regular expressions: CVE-2015-3210 and CVE-2015-5073.

NVD

CVE-2015-3443 (secret_server)

Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask.