classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter.
Monthly Archives: September 2015
CVE-2015-7386
Multiple cross-site scripting (XSS) vulnerabilities in includes/metaboxes.php in the Gallery – Photo Albums – Portfolio plugin 1.3.47 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) Media Title or (2) Media Subtitle fields.
CVE-2015-7387
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by “SELECT 1;INSERT INTO.”
Making technology simpler: Thanks to my mother
Some days ago we wrote about scams targeting senior citizens. This group is at risk because generally speaking, they have less computer education than younger people who have grown up in the digital world. I recommended the reading to my mother, thinking she will benefit from it. She thanked me, but said that there were “some things” she did not understand.
Friends and family can help senior citizens enjoy a safe online experience
In the Avast blog we do our best to write in simple terms. However, we know much more about security and, quite frequently, explains things in technical writing. So, I’ve take some time to write what will be useful for your mother (and mine). What about recommending her to read this?
Computer and mobile security essentials for senior citizens
- Ask for help from one you trust. Don’t be ashamed to ask for help. Remember there are a lot of people that love to help and share knowledge. Start with your family and friends. If you and your friend both have Avast installed, it’s possible for them to remotely access your computer. If they don’t have spare time or knowledge, then try the Avast Community Forum. With sections in several languages, you’ll find friendly people that could guide you with security technology. Find us there!
- Install and keep your security software updated. Avast makes everything simple for you. All the “difficult tasks” have been automated: Protection against viruses and malware, blocking spam, preventing fraud and hacker intrusions, automatic updates of your software.
- Scan and protect your network. That “complex” device with lights blinking that gets you on the internet is called a “router”. Do you know that it could be the weaker part of your network? Avast can scan your home network and make sure it’s secure. Our next Avast version will give you much more control of an online pain: Passwords. Keep them updated and strong!
- In your Android mobile devices, use an easy and comprehensive security app. Avast apps bring a lot of protective features that give peace of mind, like analyzing malicious app (maybe the ones with intrusive ads, right?). With our family of apps, you can clean temporary files, keep your battery in good shape, and stay safe when using free Wi-Fi connections. Also, to stay safe, use only known app stores like Google Play and Amazon.
- Common sense! Do not open unsolicited emails, ever! Don’t trust strange messages about promises of a better computer, prizes, and special offers. Keep your attention always on: Do not install unknown software, and do not accept extra offers during installation of trusted programs. If you have any suspicions, ask others or in Avast Community Forum.
What do you think? Did I write enough for your mother to understand? If so, I accomplished my goal.
Special thanks for my mother (for the inspiration and love). And a special thanks to the guys that share all their time and effort to make the internet a better place and for teaching me to write with such pleasure: The volunteers on the Avast Community Forum.
Follow Avast on Facebook, Twitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.
Security for iOS 9
IOS 9, the Apple’s new operating system is here and along with it comes a mission on its behalf – to slowly rehabilitate the brand image that has been under scrutiny in recent months.
Beyond doubts over the amount of space that the new system occupies and how long the batteries will last, Apple’s integrity is at play following the Celebgate scandal that saw many well-known stars have their private photos, some nude, leaked thanks to a weakness in the security of the iCloud. As if that weren’t enough, there have been problems with the security measures in place for the Apple Watch.
With this serving as a backdrop, the company has just launched its new mobile operating system, one which sees security being prioritized above all else – an access code which features more digits and a two-step verification process.
The latter is more important than ever when it comes to keeping stored information safe. With this new process it is impossible, even if someone got hold of your passwords, to access your Apple ID account as it would be necessary to have a second password – one which only the user has hold of.
These new measures join other security measures that were already in place on Apple’s devices such as Touch ID, which allows you to unblock the iPhone by using fingertip technology, and the encryption of iMessages.
Security for iOS 9
Besides these security measures, any user who has a device starting with iPhone 4 up to the brand new iPhone 6, can take advantage of iOS 9 and, if they like, can also opt for these extra measures to ensure their phones and privacy are kept under wraps.
- Find my iPhone: What Android allows its users to do, Apple allows theirs to do, too. With this tool it’s possible to know where the phone is and even delete anything stored on it.
- Block access to Siri from a blocked screen: Apple’s virtual assistant is useful, but sometime she can put your security at risk. In some cases it’s possible to get past the blocked screen and interact with Siri. To avoid this, you can deactivate this option and save yourself any hassle.
- Be careful with autocomplete: Just like on any other device, the autocomplete tool is useful yet dangerous. It allows you to forget passwords and users but allows anyone to access your accounts or device. It’s better to remove this option.
- Secure passwords: Again, even though you have the two-step verification process, the best way to keep yourself protected is to have a secure password. Keep these tips in mind when you’re selecting a new password (and change it often!).
- Automatic updates: Enjoying the latest automatic updates from Apple is essential to be able to take advantage of all the new security measures. An updated device is a safe device!
The post Security for iOS 9 appeared first on MediaCenter Panda Security.
Compromised Uber accounts ‘being used in China’
It has been reported that compromised Uber accounts are being used by criminals in China.
The post Compromised Uber accounts ‘being used in China’ appeared first on We Live Security.
