CentOS Errata and Security Advisory 2016:0492 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0492.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: f8614dd38fb7e019afa699e25fc731f997d428bbd9dd50320d0f71b19f5535a7 tomcat6-6.0.24-94.el6_7.i686.rpm 46e02d37f713c5edbae3dcf040f0642287260f93c9a1cbd5dbd0d2693c102382 tomcat6-admin-webapps-6.0.24-94.el6_7.i686.rpm 82fc56750818f61e89eab739bcb26dd002640d069cdeb0ef84154b462ea51837 tomcat6-docs-webapp-6.0.24-94.el6_7.i686.rpm fefd36854a7040b0b814fa106ebf9f742a961242e92e367005c6ead63853886f tomcat6-el-2.1-api-6.0.24-94.el6_7.i686.rpm 019ea8a80237a40156f71082d367f13d33fbb7aa912c3af287fb3e40962681b3 tomcat6-javadoc-6.0.24-94.el6_7.i686.rpm 80c2a2765d5f74c3c1c217e64cef26b954d7af04e52f647979924c945b1bad57 tomcat6-jsp-2.1-api-6.0.24-94.el6_7.i686.rpm 9d893e38fff5735bc172848045862c20bffcef0b3b139d314729eeb677b25810 tomcat6-lib-6.0.24-94.el6_7.i686.rpm 9cafcac19f81f93c987f2d165c7ea5e98025f69084a928209eecb73fac65ff18 tomcat6-servlet-2.5-api-6.0.24-94.el6_7.i686.rpm b126c331e5ea8d820b3c1e6237d96969d22a9e2a197872eeba878bf753c18b12 tomcat6-webapps-6.0.24-94.el6_7.i686.rpm x86_64: 5c7b1d88821eeb3f81384b27b18689a7b78d3ea8380c10d2521a2949eac52806 tomcat6-6.0.24-94.el6_7.x86_64.rpm 4ee7ed55677887523bd064e3d5ae46a5152d14c7be7fab8b7c1e890cf87c217b tomcat6-admin-webapps-6.0.24-94.el6_7.x86_64.rpm 32ab28e638d1003fc21407b6cfd15c28d92d22c40fb04d91b607205cd7eaea12 tomcat6-docs-webapp-6.0.24-94.el6_7.x86_64.rpm 9924b5b670d4be16a0df7bfbf690db353dad980bd960399f2e89e4b79679b0b0 tomcat6-el-2.1-api-6.0.24-94.el6_7.x86_64.rpm 715eef5bdd8e7f0126bbe9e9bdbeacd333bbcdd5c484ed7c8ecd9b718a37255c tomcat6-javadoc-6.0.24-94.el6_7.x86_64.rpm 256bd12729ef9468397f58eb7ddd59c09e95ec4c7dfa97542d9b2ee0ba4bc24c tomcat6-jsp-2.1-api-6.0.24-94.el6_7.x86_64.rpm ee014887ba7baa2f049e0177727cb65043610bc3fd2e1470d623953ee9e459bc tomcat6-lib-6.0.24-94.el6_7.x86_64.rpm 53c6ab13f86498330cee66850df0d749f8822b8231ac9af0c9e0c424f53bf3a6 tomcat6-servlet-2.5-api-6.0.24-94.el6_7.x86_64.rpm f7350eb3574d8a43df55f3ca15dfefa2e06de538465d5df4a6b40ae48e486648 tomcat6-webapps-6.0.24-94.el6_7.x86_64.rpm Source: 2bde7fdacb5e7b67ec2ffd165597cff21c192c996a721a9be3a31d3199c17e5d tomcat6-6.0.24-94.el6_7.src.rpm
Monthly Archives: March 2016
Who are the most famous hackers in history?
Since the beginning of the internet, there have been hackers who have used the Net to benefit at the expense of other users. Some have managed to attack so many people, or companies and institutions so large, that they have become internationally infamous. These are the great villains of the internet.
At Panda Security, we have spent the last 25 years successfully fighting against these cyber criminals. We work every day to protect all of our users from the threats these hackers create, making your Panda antivirus purchase more than worthwhile 
Today we are going to recall some of the biggest hackers, whose cyber-crimes made them famous and led to arrest and jail time. Some of them even switched sides, saying goodbye to the dark side of the Internet.
1. “Cracka”: The mysterious British teenager who hacked into the CIA director’s database
The latest cyber-criminal to draw international press attention is a 16-year-old British boy who managed to hack into the personal mailings of the CIA Director, FBI Director and the Director of National Intelligence. He was also able to hack into the Director of National Intelligence’s phone bills, revealing the identities of 31,000 US government agents (CIA, Homeland Security, and FBI).
The true identity of this kid has not been disclosed but we know that he calls himself “Cracka” and claims to be a member of the group of hackers, “Crackas with Attitude”, who act in defense of the Palestinian movement. “Cracka” was arrested last month in the southeast of England.
2. “The homeless hacker” who betrayed Bradley Manning
Adrian Lamo is known as “The homeless hacker” because he was always traveling, connecting, and attacking via WiFi at Internet cafes and other public access points. Although he began his hacking career legally; analyzing security threats for large companies like Microsoft, Fortune 500, Bank of America or Yahoo!; he was later arrested for stealing data from more than 2,000 subscribers of The New York Times.
In 2002, he was sentenced to six months of house arrest and two months of probation for the above crime. He is also remembered for his betrayal of US soldier Bradley Manning; in 2010 he reported Manning to the Federal Government for leaking classified information about the army and the Secretary of State to another famous hacker, WikiLeaks.
Adrian Lamo, Kevin Mitnick, and Kevin Poulsen (2001).
3. “Soupnazi”: 170 million credit cards hacked from Miami Beach
Albert Gonzalez is the hacker hiding behind the alter-ego “Soupnazi” and the person responsible for one of the largest identity thefts in the history of the Internet. He gained access to accounts and stole more than 170 million credit cards from users worldwide.
This hacker was arrested in 2008 at a Miami Beach hotel and, in 2010, was sentenced to 20 years in prison by a New Jersey Federal Court. It is believed that Gonzalez was working with hackers hiding in other countries, making them impossible to catch.
4. The St. Petersburg hacker who stole $10 million from Citibank network
After the end of the Cold War, St. Petersburg became one of the main hot-spots for cyber-crime. This is where Vladimir Levin had a remarkable career that could be straight out of a James Bond film.
In 1994, after graduating from Saint Petersburg State Institution of Technology, Levin managed to steal $10 million from Citibank clients, all from his apartment in St. Petersburg. Unfortunately for Levin, Interpol tracked him down and arrested him in London’s Stansted airport. He was extradited to the United States, where he was sentenced to serve three years in prison and pay a fine of $240,015 (plus return all of the stolen money). It is believed that Levin could be part of an organized group (leading it or taking orders) connected to the Russian mafia.
5. The Most Wanted cyber-criminal in the United States
Kevin Mitnick’s case is probably the most controversial in Internet history. In 1983, he managed to hack into the Pentagon network and into the systems of very large corporations (similar to Nokia or Motorola). He combined social engineering practices by hacking both computers and telephone networks. This made him the most wanted cyber-criminal in the world, in a highly-publicized investigation that ended with his arrest two years later.
After serving five years in prison, Mitnick decided to leave the dark side of the Net. He became a security consultant for several companies and began to hold conferences about cyber security on universal forums. He currently runs his own security consulting company, Mitnick Security Consulting, LLC.
These are our Top 5 hackers. We are very well-informed about the malware these hackers create and we analyze it every day so that you can have the best virus protection. Who do you think is the worst hacker?
The post Who are the most famous hackers in history? appeared first on MediaCenter Panda Security.
Uber Bug Bounty Rewards Loyalty, Promises Transparency
Uber announced a public bug bounty program that will pay up to $10,000 for critical bugs, and which also includes a loyalty program that pays bonuses for five or more finds.
FBI Most Wanted — Three 'Syrian Electronic Army' Hackers Charged for Cyber Crime
Syrian Electronic Army (SEA) Hackers have made their place on the FBI’s Most Wanted List.
The US Department of Justice and the Federal Bureau of Investigation (FBI) are willing to pay $100,000 reward for any information that leads to the arrest of the heads of the infamous hacking group Syrian Electronic Army.
On Tuesday, the DoJ unsealed charges against three suspected members of the
Onboard in 5 clicks, not 50 steps
Most managed service providers (MSPs) follow a similar process for onboarding new customers for managed services. This typically starts with understanding your customer’s true business needs and then reflecting those needs and the required services into your service delivery platform.
Sounds like a straightforward approach, yet the reality is often not so easy or quick. Customers have unique needs based on the nature of their organization and current IT infrastructure. This can transform onboarding into a complicated, multi-step process.
For example, how much of a priority is the stability and uptime of one group of devices versus another group or what security precautions need to be put in place to protect your customers? How will the answers to these questions and others effect which aspects of the remote monitoring and management (RMM) solution you turn on and which you leave off?
Today’s RMM solutions are extremely powerful, but all too often it is that power that breeds complexity. This requires MSPs to commit a lot of time to configuring, tweaking, twisting and covering the necessary checkboxes at exactly the right stage.
One MSP recently told me that he has a 35-40 item checklist to complete in order to onboard a customer and begin delivering services. Managed services platforms are meant to simplify your lives and make it easy to deliver service to your customers – 40 steps toward implementation isn’t a simplified experience.
With so many checkboxes and onboarding steps, one moment’s distraction is all it takes for a step to be missed and suddenly your RMM solution isn’t fulfilling the necessary criteria. Complicating this, as the IT provider, you are still on the hook with the customer to deliver the services you committed to initially. And now you need to rely on manual processes to satisfy those needs. This starts an endless cycle of firefighting as customers’ IT needs grow and more and more manual processes pile up.
We have a plan to change this.
Next month, AVG Business will release a next generation RMM platform focused on a new service delivery model that allows you to standardize the configuration and onboarding of multiple customer sites. This will dramatically minimize the implementation steps required for the customer onboarding process as well as achieve a standardized service delivery model.
For the first time, the channel will have access to an innovative RMM solution that will give them a centrally planned and automated mechanism to cover those checkboxes and implement services, upgrades or changes in simple, applied way.
This type of centralized automation delivers amazing benefits. Imagine the ability to deliver unique service offerings within one standardized service delivery platform. Your clients will gain a scalable solution to address their security challenges. You will gain the tools to retain new clients, onboard those clients quickly and grow your revenue.
Tune in next month to find out more about the new platform and how you can add it to your security product portfolio.
APTs flutter false flags – SC Magazine
Fingerprint sensors: Are they really secure? – Kim Komando
Red Hat Security Advisory 2016-0492-01
Red Hat Security Advisory 2016-0492-01 – Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. Previously, using a New I/O connector in the Apache Tomcat 6 servlet resulted in a large memory leak. An upstream patch has been applied to fix this bug, and the memory leak no longer occurs.
Red Hat Security Advisory 2016-0493-01
Red Hat Security Advisory 2016-0493-01 – Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure.
Red Hat Security Advisory 2016-0494-01
Red Hat Security Advisory 2016-0494-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space. The security impact of this issue was discovered by Red Hat.
Red Hat Security Advisory 2016-0490-01
Red Hat Security Advisory 2016-0490-01 – Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.