Monthly Archives: April 2016
Brits Suffer More Than 2,000 Ransomware Attacks Each Day
Swedish Military Unwittingly Helped Hose US Banks In 2012 / 2013
Security Snapshot Reveals Massive Personal Data Loss
Warning! CCTV Cameras Sold on Amazon Come with Pre-Installed Malware
Be careful while buying any off-brand electronics from Amazon, as they could end up infecting you.
Recently, independent security researcher Mike Olsen discovered that the CCTV surveillance devices sold on Amazon came with pre-installed malware.
Olsen discovered this nasty secret after he bought a set of outdoor CCTV surveillance cameras from Amazon for one of his friends.
He picked
WordPress Robo Gallery v2.0.14 – Code Execution Vulnerability
Posted by Vulnerability Lab on Apr 12
Document Title:
===============
Wordpress Robo Gallery v2.0.14 – Code Execution Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1822
Release Date:
=============
2016-04-12
Vulnerability Laboratory ID (VL-ID):
====================================
1822
Common Vulnerability Scoring System:
====================================
8.9
Product & Service Introduction:…
And how do you protect your webcam?
Recently, FBI director James Comey revealed that he covers his webcam with tape to protect his privacy. It begs the question: How do you protect your webcam?
The post And how do you protect your webcam? appeared first on We Live Security.
Meet The Cryptoworm, The Future of Ransomware
The age of self-propagating ransomware, or cryptoworms, is right around the corner, says Cisco Talos.
Privilege Escalation in TYPO3 CMS
Component Type: TYPO3 CMS
Release Date: April 12, 2016
Vulnerable subcomponent: Version
Vulnerability Type: Privilege Escalation
Affected Versions: Versions 6.2.0 to 6.2.19, 7.6.0 to 7.6.4 and 8.0.0
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:P/RL:O/RC:C
CVE: not assigned yet
Problem Description: The workspace/ version preview link created by a privileged (backend) user could be abused to obtain certain editing permission, if the admin panel is configured to be shown. A valid preview link is required to exploit this vulnerability.
Solution: Update to TYPO3 versions 6.2.20, 7.6.5 or 8.0.1 that fix the problem described.
Credits: Thanks to Helmut Hummel who discovered and reported the issue.
General Advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.
General Note: All security related code changes are tagged so that you can easily look them up on our review system.
Authentication Bypass in TYPO3 CMS
Component Type: TYPO3 CMS
Release Date: April 12, 2016
Vulnerable subcomponent: Authentication
Vulnerability Type: Authentication Bypass
Affected Versions: Versions 6.2.0 to 6.2.19, 7.6.0 to 7.6.4 and 8.0.0
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:P/RL:O/RC:C
CVE: not assigned yet
Problem Description: The default authentication service misses to invalidate empty strings as password. Therefore it is possible to authenticate backend and frontend users without password set in the database.
Solution: Update to TYPO3 versions 6.2.20, 7.6.5 or 8.0.1 that fix the problem described.
Note: TYPO3 does not allow to create user accounts without a password. Your TYPO3 installation might only be affected if there is a third party component creating user accounts without password by directly manipulating the database.
Credits: Thanks to Kevin Ditscheid who discovered and reported the issue.
General Advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.
General Note: All security related code changes are tagged so that you can easily look them up on our review system.