Monthly Archives: March 2016

Ubuntu

USN-2935-3: PAM regression

Ubuntu Security Notice USN-2935-3

17th March, 2016

pam regression

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

USN-2935-1 introduced a regression in PAM.

Software description

  • pam
    – Pluggable Authentication Modules

Details

USN-2935-1 fixed vulnerabilities in PAM. The updates contained a packaging
change that prevented upgrades in certain multiarch environments. USN-2935-2
intended to fix the problem but was incomplete for Ubuntu 12.04 LTS. This
update fixes the problem in Ubuntu 12.04 LTS.

We apologize for the inconvenience.

Original advisory details:

It was discovered that the PAM pam_userdb module incorrectly used a
case-insensitive method when comparing hashed passwords. A local attacker
could possibly use this issue to make brute force attacks easier. This
issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2013-7041)

Sebastian Krahmer discovered that the PAM pam_timestamp module incorrectly
performed filtering. A local attacker could use this issue to create
arbitrary files, or possibly bypass authentication. This issue only
affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-2583)

Sebastien Macke discovered that the PAM pam_unix module incorrectly handled
large passwords. A local attacker could possibly use this issue in certain
environments to enumerate usernames or cause a denial of service.
(CVE-2015-3238)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
libpam-modules

1.1.3-7ubuntu2.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

LP: 1558597,

http://www.ubuntu.com/usn/usn-2935-2

Avast

Locky’s JavaScript downloader

Locky is a considerable security threat that is now widely spread.

It seems that Locky’s authors are now predominately using one campaign to spread the ransomware. Last week, we published a blog post about Locky Ransomware, the ransomware that is most likely being spread by the infamous Dridex botnet. In our last blog post, we described three campaigns the Locky authors are using to spread their malware. Now Locky’s authors are mainly using the campaign with javascript packed into a zip file sent to people through phishing emails.

Hackers News

Malvertising Campaign Hits Top Websites to Spread Ransomware

Hackers are always in search for an elite method to create loopholes in the cyberspace to implement the dark rules in the form of vulnerability exploitation.

Top Trustworthy sites such as The New York Times, BBC, MSN, AOL and many more are on the verge of losing their face value as a malwertized advertisement campaign are looming around the websites, according to SpiderLabs.

Here’s

Avira

Contactless cards: keep an eye on the threat just a hands’ width away

Whenever we are going shopping for groceries or clothing, we often choose to pay with a card. If it’s a contactless one, the better. But the luxury of not having to punch in a PIN code could be really expensive if we are in the wrong place, at the wrong time.

The post Contactless cards: keep an eye on the threat just a hands’ width away appeared first on Avira Blog.

Hackers News

Anonymous claims they Hacked Donald Trump …Really?

The ‘Hacktivist’ collective group Anonymous claimed to have leaked personal details of the controversial US presidential candidate Donald Trump, including his Mobile Phone Number and Social Security Number (SSN).

Donald Trump

SSN: 086-38-5955
DOB: 06/14/1946
Phone Number: 212-832-2000
Cell/Mobile Phone Number: (917) 756-8000

The hacktivist group has declared war against Trump under a

NVD

CVE-2015-5968

Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.