Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors.
Monthly Archives: February 2016
The cat and mouse game of internet security
Security is an evolutionary business rather than a revolutionary one.
“Computer security has been around for 25 or 30 years and the threats keep evolving,” Avast CEO Vince Steckler in a video interview with ValueTech.
The solutions keep evolving too. “If you go back 20 years ago, the big issue was script kiddies and big public splashes of viruses that frankly didn’t cause any harm. These days, things are much more complicated. You don’t have big flaws, big loopholes for bad guys to take advantage of. What this turned into is a cat and mouse game.”
Keeping up with the bad guys
To combat today’s cybercrooks, Avast Virus Lab analysts must study what the bad guys have done previously.
“You start trying to predict what the bad guys might be trying to take advantage of in the future and closing off those holes. At the same time, those guys are finding other little ways in and you have to catch up with them,” said Steckler.
Antivirus companies have done an excellent job at protecting the consumer and small business “endpoint” – such a good job that it’s actually very difficult to break into the endpoint itself. This forces cybercrooks to look for other entry points.
Avast experts agree that the likely path cybercrooks take is through the home router.
Home routers give cybercrooks an easy target
Consumer routers tend to be acquired based on price and they have a lot of flaws. Steckler estimates that, “We can break into probably about 70% of home routers in the world.”
The reason home routers are so vulnerable, he says, is that, “They are very poorly protected and the username-password on them is something that’s easy to crack. It’s not that difficult for someone to break in remotely over the Internet via the username and password or in a drive-by, in which case it’s even easier.” Most routers also have unpatched software leaving them with a number of vulnerabilities.
Recently the hacktivist group, Anonymous, launched a DDoS attack using compromised home routers so Steckler thinks that the frequency of those types of attacks will increase.
How to secure the Internet of Things,the Smart Home, and Industry 4.0
“The Internet of Things and 4.0 get a lot of press because they have nice catchy buzz words,” said Steckler. People have connected refrigerators, connected thermostats, door locks, security cameras, and baby cameras, but, “Right now a lot of internet-connected refrigerators don’t do anything. They are just a browsing tablet.”
“But when people start looking at what kind of protection is needed, you have to be thinking about what’s the risk. If my internet-connected refrigerator gets hacked, what happens? If my thermostat gets hacked, what happens?,” asked Steckler.
“The common thing with all of this is that none of these devices in the so-called Internet of Things really have any direct connection to the Internet. They are all connected, once again, through the home router,” said Steckler.
Since the home router is a vulnerable entry point that means that the risk for attack exists. “If you can harden your home router, that really goes a long way towards protecting the Internet of Things.”
The risk of BYOD
“The Enterprise is a much different story, when you get into the BYOD (Bring Your Own Device). We all have mobile devices, and for many reasons it’s much more convenient to use one mobile device for both your personal and your business,” said Steckler. “Some businesses encourage it by providing a device, but the fact of the matter is most everyone is going to be using one mobile device for both.”
That co-existence of personal and business-related data on one device that the employee is responsible for causes a risk to the consumer and the business. To the business it means that their data can be lost if access to the internal systems is compromised. If the employee loses the device, the typical company response will be to remotely wipe everything on it including all their personal stuff – then they suffer a big data loss.
“A solution is really to virtualize the entire corporate usage of it and run all the corporate usage on the corporate servers,” said Steckler. “That’s why we’ve brought out a new solution this year that does exactly that.”
Avast Virtual Mobile Platform (VMP) addresses these security risks, helping IT organizations liberate their businesses from leaks of confidential data and minimize mobile device costs.
Watch the entire interview including Mr. Steckler’s opinion about when Artificial Intelligence will become a threat to humanity and why Avast built a Silicon Valley-style building for its headquarters.
Hacking Smartphones Running on MediaTek Processors
A dangerous backdoor has been discovered in the MediaTek processor that could be exploited to hack Android devices remotely.
MediaTek is a Taiwan-based hardware company that manufacture hardware chips and processor used in the smartphones and tablets.
The backdoor was discovered by security researcher Justin Case, who already informed MediaTek about the security issue via Twitter, as
Americans ‘worry more about online privacy than losing main incomeâ€
American consumers are more concerned about not knowing how their personal data is collected online than they are about losing their main source of income, new research has found.
The post Americans ‘worry more about online privacy than losing main income” appeared first on We Live Security.
Pdfium Opj_t2_read_packet_header Use-After-Free
Pdfium suffers from a heap use-after-free in Opj_t2_read_packet_header (libopenjpeg).
Packet Storm New Exploits For January, 2016
This archive contains 192 exploits that were added to Packet Storm in January, 2016.
eClinicalWorks Population Health (CCMR) SQL Injection / CSRF / XSS
eClinicalWorks Population Health (CCMR) suffers from cross site request forgery, cross site scripting, session fixation, and remote SQL injection vulnerabilities.
OpenXchange User Enumeration
OpenXchange versions prior to 7.8 suffer from a user folder enumeration vulnerability.
VMWare Zimbra Mailer Release 8.6.0.GA Replay Attack
VMWare Zimbra Mailer Release 8.6.0.GA, latest patch and prior versions with DKIM implementation are vulnerable to longterm Mail Replay attacks. If the expiration header is not set, the signature never expires. This means, that the e-mail, perhaps caught while performing a man in the middle attack, can be replayed years after catching it.
Debian Security Advisory 3460-1
Debian Linux Security Advisory 3460-1 – It was discovered that privoxy, a web proxy with advanced filtering capabilities, contained invalid reads that could enable a remote attacker to crash the application, thus causing a Denial of Service.