Red Hat Enterprise Linux: Updated ksh Shift_JIS packages that add one enhancement are now available for
Red Hat Enterprise Linux 6.
Monthly Archives: February 2016
RHEA-2016:0162-1: coreutils Shift_JIS enhancement update
Red Hat Enterprise Linux: Updated coreutils Shift_JIS packages that add one enhancement are now available
for Red Hat Enterprise Linux 6.
RHBA-2016:0160-1: kernel bug fix update
Red Hat Enterprise Linux: Updated kernel packages that fix one bug are now available for Red Hat
Enterprise Linux 6.5 Extended Update Support.
50 Shades of Dridex Botnet Grey
A “white hat” is how we described the hacker who added Avira installers to the Dridex botnet distribution network. Our description might have been a bit off-color.
The post 50 Shades of Dridex Botnet Grey appeared first on Avira Blog.
AVG and The Scouts challenge UK children to ‘Take Six’ before posting online
LONDON – February 9, 2016 – AVG Technologies (NYSE: AVG), the online security company™ providing leading software and services to secure devices, data and people, and The Scout Association, announced today the start of a new initiative aimed at encouraging young people to think before posting or sharing their pictures, videos or texts. Today’s launch of Take 6, or #tk6 is focused on helping people make more informed decisions online with a small, but significant, behaviour change.
In a society where communication via mobile and social media is immediate, many people do not give much thought to ramifications of sending that text or that image. #tk6 is built on the idea that people should stop to think before posting or sending, essentially encouraging them to “take six seconds” before making that decision.
There are three options for the #tk6 community to tackle their very own ‘six-second challenge’:
- Six Seconds of Silence: With the help of their friends and fellow Scouts, we challenge children to record a video showing the action of counting to six in silence, to symbolise the six seconds of thinking before you post.
- The Lemon Challenge: Accepting the nomination, brave the bitterness to bite into a lemon for six seconds, then nominate six more people to take the challenge.
- Be Prepared: Create six-second videos illustrating The Scouts’ “Be Prepared” motto to represent the time needed to stop and think about a decision in the digital world.
Challenges will be accepted via Facebook, Instagram and Twitter, when posted with #tk6.
The AVG Technologies and The Scout Association partnership sees the development of the #tk6 platform, supported by social media, designed to offer three, key interactions:
- Connect– building a community
- Discover– embed #tk6 into behavioural consciousness
- Engage– source and share relevant and entertaining content
Introducing this programme with The Scout Association and its extensive network, the “take six seconds” challenge empowers digitally savvy young people to make real change to their online behaviour. The programme creates a forum, where they can openly share some of the key issues in their world, learn from each other, and make better decisions for the future. When surveying the landscape of online content today, the vast majority of it is targeted to the parents or is talking down to kids. We want to create a place online where youth can positively influence each other, rather than listening to (or more likely ignoring) lectures from adults. With the right tools, and just a little bit of time to think before they act (say, six seconds), young people can be more responsible than we give them credit for.
“AVG is proud to be adding the #tk6 campaign to our #smartuser initiative,” said Tony Anscombe, Senior Security Evangelist at AVG Technologies. “The #smartuser initiative aims to educate and empower people, helping ensure they receive information about online responsibilities with the right content at the right time. Partnering with The Scout Association will introduce #tk6 to millions of UK-based Scouting, and indirectly, non-Scouting, individuals to play an active part in this.”
“Together, we will seek to create a #tk6 community where relevant brands, influencers and organisations can engage,” said Alex Killick, Corporate Partnerships Manager at The Scout Association. “Our aim is for this partnership to deliver the shared space, not just to create a community, but to give the community the opportunity to share the key issues they face.”
About AVG Technologies N.V. (NYSE: AVG):
AVG is the leading provider of software services to secure devices, data and people. AVG’s award-winning consumer portfolio includes internet security, performance optimization, location services, data controls and insights, and privacy and identity protection, for mobile devices and desktops. The AVG Business portfolio, delivered through a global partner network, provides cloud security and remote monitoring and management (RMM) solutions that protect small and medium businesses around the world. For more information visit www.avg.com.
About the Smart User Initiative:
The Smart User Initiative is a growing global digital coalition of individuals, businesses and brands working together to help prepare the next wave of digital citizens to be safer, happier and more productive online. Our aim is to nurture and enable the next four billion smart phone users to have the digital skills needed to enjoy the Internet and the digital world without compromising themselves or others. When people get their first smart phone it doesn’t come with an instruction manual to teach them the “dos and don’ts” of digital safety to protect themselves from identity theft, privacy breeches, cyberbullying and more. The Smart User Initiative uses entertaining and engaging content that’s accessible right where the users need it to create a place where anyone can get involved from simple association right through to active participation.
About Scouting:
The Scout Association was founded on 1 August 1907.
Adventure is at the core of Scouting, and the Association passionately believes in helping their members fulfil their full physical, intellectual, social and spiritual potential by working in teams, learning by doing and thinking for themselves.
Over 200 activities are offered by Scouting around the UK, made possible by the efforts of 100,000 voluntary adult leaders. This has helped make Scouting the largest co-educational youth movement in the UK.
One of the challenges that the Scout Movement faces is finding more volunteers to plug the current gap. At present there are over 35,000 young people on waiting lists as more and more young people want to experience the adventure of Scouting.
Studies have shown Scout Leaders contribute the equivalent of 37 million hours voluntary work every year which is the equivalent of £380 million pounds worth of unpaid youth work.
Worldwide Scouting has more than 31 million male and female members and operates in nearly every country in the world.
In January 2012 the Duchess of Cambridge started to volunteer with the Scout Movement with her local group in North Wales.
91% of Scout volunteers and 88% of youth members say that Scouting has helped them develop key skills for life. *
In 2012 Scouting was voted the UK’s most inspirational and practical charity. *
*Source nfpSynergy Brand Attributes Survey, May 2012 and PACE Members survey 2011
Contact:
AVG: Tony Mays
Tel: +44 7852 776936
Email: [email protected]
Press information: http://now.avg.com
DSA-3473 nginx – security update
Several vulnerabilities were discovered in the resolver in nginx, a
small, powerful, scalable web/proxy server, leading to denial of service
or, potentially, to arbitrary code execution. These only affect nginx if
the resolver
directive is used in a configuration file.
Vuln: Linux Kernel CVE-2015-7990 Incomplete Fix Null Pointer Deference Denial of Service Vulnerability
Linux Kernel CVE-2015-7990 Incomplete Fix Null Pointer Deference Denial of Service Vulnerability
Vuln: Oracle Java SE CVE-2015-2625 Remote Security Vulnerability
Oracle Java SE CVE-2015-2625 Remote Security Vulnerability
Online dating scams target divorced, middle-aged women
Romance, or Sweetheart, scammers troll for lonely, vulnerable people on dating sites
Lonely hearts still waiting for their soulmate are easy prey for online dating scams.
Many people search for love through online dating sites, dating apps, or social media. Unfortunately, before you find your prince (or princess), you have to eliminate the frogs.
“Romance” scammers, sometimes referred to as “sweetheart” scammers take advantage of vulnerable people, especially divorced women over 40, by posing as an eligible romantic prospect.
How romance scams work
It all starts with a fake online profile. Scammers may use a fake name or steal the identity of a real person. There is often more than one person perpetuating the scam – there have been reports of a room full of people working from the same script. Often they portray their fictional selves as living overseas or on active duty in the military. This gives them a good reason for why they cannot meet their intended in person.
Romance scams are a long form of social engineering. The scammer can take weeks building an interesting backstory that draws their victim in, but they often express strong emotional feelings in a short period of time, which keeps the victim psychologically engaged. They use words filled with love, share personal information, and sometimes even send their victims small gifts.
Once trust is established, the scammer will push to take the communications to email or an instant messenger service. The new online lover will soon have a problem which requires money to fix. It could be a personal emergency like a family member who needs immediate medical attention, or some kind of financial hardship like a failed business or street mugging.
A shot to the heart
While declaring their love and devotion for the victim continually, the scammer may directly ask for money to be wired to them, send a check or money order and ask their sweetheart to cash it for them, or send a package and ask it to be reshipped to a different address. The Federal Trade Commission warns that scammers are now upping the ante and engaging in online bank fraud.
“They ask their love interest to set up a new bank account. The scammers transfer stolen money into the new account, and then tell their victims to wire the money out of the country. Victims think they’re just helping out their soulmate, never realizing they’re aiding and abetting a crime,” writes the FTC in their consumer blog.
The FBI’s Internet Crime Complaint Center (IC3) reports that the average complainant loses over a hundred thousand dollars to internet dating scams. They saw more than $82 million in victim losses in the last six months of 2014. Females suffered 82 percent of the losses; males sustained the remaining 18 percent.
Recognizing an online dating scammer
The online dating scam is a variation on the Nigerian scam, which started before the days of the internet. Here are tips from the FBI on how to identify a dating scammer.
Your online “date” may only be interested in your money if he or she:
- Presses you to leave the dating website you met through and to communicate using personal e-mail or instant messaging
- Professes instant feelings of love
- Sends you a photograph of himself or herself that looks like something from a glamour magazine
- Claims to be from your home country and is traveling or working overseas
- Makes plans to visit you but is then unable to do so because of a tragic event
- Asks for money for a variety of reasons (travel, medical emergencies, hotel bills, hospitals bills for child or other relative, visas or other official documents, losses from a financial setback or crime victimization).
If an online dating scam happens to you or someone you care about, please report it at ftc.gov/complaint — click on Scams and Rip-Offs, then select Romance Scams.
CAS – Moderately Critical – Information Disclosure – DRUPAL-SA-CONTRIB-2016-005
- Advisory ID: DRUPAL-SA-CONTRIB-2016-005
- Project: CAS (third-party module)
- Version: 7.x
- Date: 2016-February-10
- Security risk: 12/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:None/E:Proof/TD:All
- Vulnerability: Information Disclosure
Description
This module enables you to use your Drupal site as a client or server for the single sign on protocol CAS. This vulnerability only affects sites that use the “CAS Server” sub module.
The module doesn’t allow an administrator to restrict which CAS clients are allowed authenticate with the Drupal CAS server. A malicious CAS client can trick your users into exposing information about themselves, including: username, uid, email, account created date, account language, and roles.
This vulnerability is mitigated by the fact that a user must click a specially formed link from the malicious site and log into your Drupal CAS server with their credentials. If the user already has an active session with your Drupal CAS server, then that step is skipped.
CVE identifier(s) issued
- A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Versions affected
- CAS 7.x-1.x versions prior to 7.x-1.5.
Drupal core is not affected. If you do not use the contributed CAS module, there is nothing you need to do.
Solution
Install the latest version:
- If you are using the CAS Server sub-module, upgrade to CAS 7.x-1.5 and configure the “white list” of accepted CAS clients that are allowed to authenticate with your CAS server.
- If you use the CAS module but NOT the server sub-module, then do nothing.
Also see the CAS project page.
Reported by
Fixed by
- Brian Osborne the module maintainer
- Robert Wohleb
- Olarin
Coordinated by
- Michael Hess of the Drupal Security Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity