Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability types and different affected versions.
Monthly Archives: August 2015
CVE-2015-6744 (banking)
Basware Banking (Maksuliikenne) before 8.90.07.X relies on the client to enforce (1) login verification, (2) audit trail creation, and (3) account locking, which allows remote attackers to “disrupt security-critical functions” by “dropping network traffic.” NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions.
CVE-2015-6745 (banking)
Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 and ADT3 due to different vulnerability type and different affected versions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-6744.
CVE-2015-6746 (banking)
Basware Banking (Maksuliikenne) before 8.90.07.X stores private keys in plaintext in the SQL database, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 due to different vulnerability types.
CVE-2015-6747 (banking)
Basware Banking (Maksuliikenne) 8.90.07.X does not properly prevent access to private keys, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 due to different vulnerability types. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-6746.
KeyRaider Steals More Than 225.000 Apple Accounts
If you own an iPhone and it’s jailbroken you might want to be extra careful when it comes to where you download your apps or the KeyRaider malware might get you. Or your credentials for that matter.
The post KeyRaider Steals More Than 225.000 Apple Accounts appeared first on Avira Blog.
Viber 4.2.0 Denial Of Service
Viber version 4.2.0 suffers from a denial of service vulnerability.
Cyberoam CR500iNG-XP – 10.6.2 MR-1 Blind SQL Injection
Cyberoam versions CR500iNG-XP – 10.6.2 MR-1 and below suffer from a remote blind SQL injection vulnerability.
How to keep your Facebook business page secure
Managing the security of your Facebook business page is important to maintain a good reputation.
Nowadays we can hardly imagine a successful business functioning without digital marketing. When we say digital marketing Facebook comes to mind immediately. The most popular social platform with more than one billion users all over the world is a massive communication platform not only for the individuals, but also for brands and their consumers.
Freelancers, owners of small local businesses, and large corporations; all of them use Facebook to promote their products and talk with their customers. In this blog post we will show you how to keep your Facebook page safe from the bad guys.
Manage the managers
Even if you are a small business, managing all your social media efforts by yourself can be difficult. Don’t try to control everything, it’s impossible and you will end up with micromanagement overload with unnecessary work. Instead, control the roles of your co-workers and educate them!
Follow our tips to avoid basic security mistakes:
- 1. Make sure that you have always more than one admin. In case you are the admin and your Facebook account has been blocked, you can lose control over your page.
- 2. Control the level of rights. For example, your support person doesn’t need publishing rights and colleague from the Business Intelligence department will be perfectly fine with only Analytical rights. Check out what kind of levels are available and manage your managers accordingly!
- 3. Update section Page roles regularly. You might forget that you once gave page access to a graphic designer to upload a new cover image, or that your community manager who has left the company six months ago still has access to your page. Make sure that your Facebook page managers are always up-to-date.
- 4. Educate your staff members about secured login into their personal accounts. At the end of the day they use their profile to access your Facebook page.
- 5. If you cooperate with an agency or freelancers, use third party applications to moderate Facebook conversations. In this way no one will have direct access to your Facebook page and you can better control what kind of content is being published on your behalf.
Manage the apps
As Facebook grows in popularity, competition among brands grows. Everyone wants to attract more fans and engage with more potential consumers. One of the ways is to offer different kinds of contests. You can also connect your social media profiles, such as Twitter, Instagram, Pinterest or others using a special app. All those apps require access to your Facebook page. Make sure you use only well known, secure applications. Regularly go to your page Settings – Apps and check which one should still have access to your page. Learn more about apps security directly on Facebook.
Content is a king
Producing and distributing good content is a key to success. You want to avoid the unpleasant surprise of discovering posts on your Facebook page that should not appear there. Consider using one of many publishing platforms that allows you to control and filter outgoing content. If you can’t afford a third party social media management tool, then regularly monitor your page. Pay attention to who is posting on your page behalf (Facebook shows the author of the post to the admins) and use pre-scheduling options. If you plan your communication ahead, not only you will save some time, but you can control it better.
Secure your mobile social apps
If, like millions of other Facebook users, you and your team access your page via mobile, you should consider installing an application that will block access to Facebook. This is handy in case your mobile is lost or for simply preventing your friends from joking around and posting something on your behalf, while you leave your smartphone unattended. Avast Mobile Security protects your Facebook for free with a security code.
Stay tuned for more social media security and privacy tips!
Follow Avast on Facebook, Twitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.
CVE-2014-9728 (linux_kernel)
The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c.