Monthly Archives: January 2016
US Government Changes Personnel Data Processing After OPM Hack
Hard-Coded Password Found In Lenovo File-Sharing App
Hedge fund managers ‘need a cybersecurity response plan’
Having in place a ‘cybersecurity response plan’ is vital if hedge fund managers in London are to deal effectively with this threat.
The post Hedge fund managers ‘need a cybersecurity response plan’ appeared first on We Live Security.
PHP FastCGI Process Manager (FPM) SAPI Memory Leak / Buffer Overflow
PHP-FPM suffered from memory leak and buffer overflow vulnerabilities in the access logging feature. The fixed versions of PHP are 5.5.31, 5.6.17, and 7.0.2.
Apple Can Still Read Your End-to-End Encrypted iMessages
If you are backing up your data using iCloud Backup, then you need you watch your steps NOW!
In government fight against encryption, Apple has positioned itself as a staunch defender of its user privacy by refusing the federal officials to provide encryption backdoors into its products.
When it comes to Apple’s iMessage service, the company claims that it can’t read messages sent
New Kaspersky Lab Technology Enhances Usability When Protecting Corporate Data with Encryption
CESA-2016:0063 Important CentOS 7 ntp SecurityUpdate
CentOS Errata and Security Advisory 2016:0063 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0063.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 4b606ea94878f359cc016e2fb3545c87af50b77cab65c21ca7daa534c5a49252 ntp-4.2.6p5-22.el7.centos.1.x86_64.rpm 4a320e7a12cf9b0e662e05a5371df9fe3b8fe3881f8b489ec02fc97769ac8628 ntpdate-4.2.6p5-22.el7.centos.1.x86_64.rpm 37c9092a5fc997a11dd02bd4748024584c305f691437e4546418e453cec19c7e ntp-doc-4.2.6p5-22.el7.centos.1.noarch.rpm b71ff70a1dfd7ed80ad43c76d651b821b5cdc3cd4360b87f244b4aff154d5387 ntp-perl-4.2.6p5-22.el7.centos.1.noarch.rpm 71e36f16c2b105c208284bdfc4d08b1e93b0822fa7f08a569043c4cefdccf4f8 sntp-4.2.6p5-22.el7.centos.1.x86_64.rpm Source: 207b221dcadaa5ce149bd47258f23eafe973686dfe31030d689850dfe6b4d9ed ntp-4.2.6p5-22.el7.centos.1.src.rpm
PHP LiteSpeed suEXEC_Daemon Secret Disclosure
In suEXEC_Daemon mode of the LiteSpeed web server spawns one PHP master process during startup. It is running as root and accepts LSAPI requests, which in turn specify what user under the script should run. The LSAPI request is authenticated with a MAC, which is based on pre-shared random key between the the PHP and the web server. The researchers found that the Litespeed PHP SAPI module did not clear this secret in its child processes so it was available in the PHP process memory space of the child processes. The fixed versions of PHP are 5.5.31, 5.6.17, and 7.0.2.
pfSense Firewall 2.2.5 Cross Site Request Forgery
pfSense Firewall version 2.2.5 cross site request forgery exploit.