Two-factor authentication (2FA) is to be added to the PlayStation Network, offering members even greater security.
The post Two-factor authentication coming to PlayStation Network appeared first on We Live Security.
Monthly Archives: April 2016
SEC Consult SA-20160422-1 :: Multiple vulnerabilities in Digitalstrom Konfigurator
Posted by SEC Consult Vulnerability Lab on Apr 22
SEC Consult Vulnerability Lab Security Advisory < publishing date 20160422-1 >
=======================================================================
title: Multiple vulnerabilities in Digitalstrom Konfigurator
product: Digitalstrom Konfigurator
vulnerable version: 1.10.0
fixed version: 1.10.4
CVE number: –
impact: High
homepage: http://www.digitalstrom.com/…
SEC Consult SA-20160422-0 :: Insecure credential storage in my devolo Android app
Posted by SEC Consult Vulnerability Lab on Apr 22
SEC Consult Vulnerability Lab Security Advisory < 20160422-0 >
=======================================================================
title: Insecure data storage
product: my devolo – android application – air.de.devolo.my.devolo
vulnerable version: 1.2.8
fixed version:
CVE number:
impact: High
homepage: http://www.devolo.com/
found: 2015-10-30…
FBI paid Hacker $1.3 Million to Unlock San Bernardino Shooter's iPhone
In Brief
Guess how much the FBI has paid an unknown grey-hat hacker to break into San Bernardino Shooter’s iPhone?
FBI Director James Comey hinted during an interview that the FBI spent more than $1.3 Million for breaking into the iPhone of a suspected terrorist and found nothing useful on it.
Apple’s legal battle with the Federal Bureau of Investigation (FBI) ended following the bureau’s
Tips to help shield your reading devices
Today, April 23rd, we celebrate World Book Day. Literature has evolved greatly in recent times, both in the way we enjoy it and the way we consume it. How we read, in the digital realm, has changed. In today’s on-the-go society, it is becoming less and less common for people to use paperbacks or hardcovers, and is becoming more and more common that we use many different platforms to enjoy reading. Now we read from our smartphones, tablets, eBooks … Electronic ink has been imprinted in our lives. We read everything and anything from short stories to novels, the news to blogs… we turn them into trending topics. We even share excerpts from the books we read on social media. Stories become viral thanks to transmedia storytelling and techniques.
Not only are we seduced with words, but audiovisual content plays a very important role in grabbing our attention. New technology enriches our reading, using videos or photos to interact with the reader. We live in the era of Branded Content. Struggling brands position themselves in a way that seems “organic” in the minds of consumers by offering unique and high-quality content. Now we are fluent in a new language, digital language, and the language in which today’s literature is based on. We write simpler and add hyperlinks. Digital writing is intended to be enjoyed only on-screen, 100%.
Tips to safeguard your reading device
We often forget that a computer virus in Windows can be passed to a smartphone whether it’s an iOS or Android, and a lot of these viruses can even infect our eReaders. To prevent malware from damaging our reading device, whatever it is, we must follow these guidelines:
1- Beware of USB ports: we must first analyze anything that can be inserted into a computer or electronic device. This is the simplest and most popular way cybercriminals can infect our devices.
2- Only buy or download eBooks from legitimate online stores or known editorial pages.
3- Beware of file size: if we introduce some eBook DRM we must be wary if it occupies more than 2Mb, as it could possibly be a virus that could damage the device.
4- Install an eBooks library manager: if the eBook is a virus or has one, the manager will alert us.
Like always, prevention continues to be the best option to help us enjoy our reading (or browsing) safely. Happy World Book Day!
The post Tips to help shield your reading devices appeared first on Panda Security Mediacenter.
Advantech WebAccess 8.0 Dashboard Viewer Arbitrary File Upload
This Metasploit module exploits an arbitrary file upload vulnerability found in Advantech WebAccess 8.0. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the uploadImageCommon function in the UploadAjaxAction script allows unauthenticated callers to upload arbitrary code (instead of an image) to the server, which will then be executed under the high-privilege context of the IIS AppPool.
Pcapteller 1.0
Pcapteller is a tool designed for simple traffic manipulation and replay. The tool allows you to recreate a recorded network traffic scenario that occurred in a foreign network, as it really happened in yours. Basically, the tool reads network packets from a PCAP file, and it replaces a given IP address with one that fits your needs. Afterwards, the manipulated packets are injected into the network. The tool is useful if you want to recreate scenarios where computer attacks or malware infections occurred. Using such scenarios as a base, Pcapteller will make it look like everything is really happening in your network. Pcapteller can help you improving your blue team’s network security monitoring skills, or creating network decoys during red team operations.
Ubuntu Security Notice USN-2953-1
Ubuntu Security Notice 2953-1 – Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.49 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.10 has been updated to MySQL 5.6.30. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
Red Hat Security Advisory 2016-0679-01
Red Hat Security Advisory 2016-0679-01 – Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 115. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
phpLiteAdmin 1.9.6 Cross Site Request Forgery / Cross Site Scripting
phpLiteadmin version 1.9.6 suffers from cross site request forgery and cross site scripting vulnerabilities.