Monthly Archives: August 2015

Avast

Nonprofit organization upgrades hardware with savings from Avast

Leave a comment
NeighborImpact logo

NeighborImpact uses free Avast for Business to manage computers in multiple locations.

Nonprofit organizations operate on extremely tight budgets. Michael Hensley, Information and Facilities Officer at NeighborImpact doesn’t let that stand in the way of his organization’s mission. The Avast team recently spoke with Hensley about his work and how Avast for Business has helped him.

“We are a non-profit human-services agency serving 3 counties in central Oregon.” Hensley said, “Our staff is not very tech-savvy and we’ve had significant issues with that. We needed something simpler.”

Hensley recently switched NeighborImpact to Avast for Business security software and explained what made him choose the new cloud-based solution.

“The fact that it’s cloud-based is the primary feature that we needed. We have offices and classrooms distributed throughout the area. We are able to monitor all of our computers from the web-console which has shown consistent improvement.” Hensley went on to say that “viewing all of our devices from one place is really convenient.”

Hensley said that his nonprofit used to use Bitdefender but switched because it was too expensive.

“I was somewhat familiar with Avast. I knew it was a reputable company that had been around for a while. When I discovered Avast for Business and weighed the options it was the natural choice. It’s simple, cloud-based, and free.”

NeighborImpact was able to save enough of their precious budget by switching to Avast for Business to make a big impact on NeighborImpact’s server upgrade.

“The savings on software were extremely helpful in budgeting for our hardware upgrade. The extra money allowed us to get hardware in a different category than we otherwise would have been able to afford.”

 

Avast for Business can save your non-profit, company, or school money and time. Sign up on the Avast website.

Full Disclosure

New BlackArch Linux ISOs (version 2015.07.31)

Leave a comment

Posted by Black Arch on Aug 03

Hi,

Today we released new BlackArch Linux ISOs. The new ISOs include over
1230
tools for i686 and x86_64 and over 1010 tools for armv6h and armv7h.

A detailed ChangeLog can be found here: https://www.blackarch.org/blog.html

If you’re not already familiar with BlackArch Linux, please read
the
DESCRIPTION section below.

[ DOWNLOAD ]

You can download the new ISOs here: https://www.blackarch.org/download.html
<…

Fedora

Fedora 22 Security Update: xen-4.5.1-5.fc22

Leave a comment

Resolved Bugs
1247142 – CVE-2015-5154 xen: qemu: ide: atapi: heap overflow during I/O buffer memory access [fedora-all]
1179352 – Utilize system-wide crypto-policies
1242246 – xen-qemu-dom0-disk-backend.service trys to run a non-existent executable
1243563 – CVE-2015-5154 qemu: ide: atapi: heap overflow during I/O buffer memory access
1239309 – xen package does not create new entry in /boot/efi/EFI/fedora/grub.cfg<br
QEMU heap overflow flaw while processing certain ATAPI commands.
[XSA-138, CVE-2015-5154] (#1247142)
try again to fix xen-qemu-dom0-disk-backend.service (#1242246)
correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246),
rebuild efi grub.cfg if it is present (#1239309),
re-enable remus by building with libnl3,
modify gnutls use in line with Fedora’s crypto policies (#1179352)

NVD

CVE-2015-5084

Leave a comment

The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically approximate attackers to obtain sensitive information via unspecified vectors.

NVD

CVE-2015-5352

Leave a comment

The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.

NVD

CVE-2015-5537

Leave a comment

The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.

NVD

CVE-2015-5600

Leave a comment

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.