Ubuntu Security Notice 2952-1 – It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. It was discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
Monthly Archives: April 2016
Exponent CMS 2.3.5 Cross Site Scripting
Exponent CMS version 2.3.5 suffers from multiple cross site scripting vulnerabilities.
Australia Admits To Running Offensive Cyber-Ops Team
US Bank Hackers Get Long Jail Term
Privacy International Unleashes Huge Dump Of Dirt On GCHQ Surveillance
European Commission To Consult Of Review Of Cookie Law
ImpressCMS 1.3.9 SQL Injection
ImpressCMS versions 1.3.9 and below suffer from a remote SQL injection vulnerability.
Misunderstanding Indicators of Compromise
In this Threatpost op-ed, Dave Dittrich and Katherine Carpenter explain the dangers of conflating measurable events, or observables, with indicators of compromise, which require context and other constructs to provide true threat intelligence.
your smartphone is no longer the “smartest†option
Synching your smartphone and computer might increase your chances of being hacked
A classic piece of advice that helps keep email, social networks and other online services safe is by enabling something called two-step verification. This security mechanism makes it more difficult for a cyber-delinquent to access your account through two-step verification. When a different device from the “usual” one (different computer or smartphone) tries to access your account, they must enter a code that is sent to the mobile phone associated with the account in order to continue.
If a cyber-criminal is trying to get into your account, who in theory cannot access your smartphone, this two-step process makes it very complicated for him. Or so we thought. A group of researchers from the Free University of Amsterdam showed us that this type of protection is becoming more and more flawed the better we communicate with each other using our different devices. This means that the more computers, smartphones or devices that have access to your account and passwords, the higher your chances are of getting an account hijacked by a cyber-criminal.
The two-step verification is one of
the most popular security measures
In other words, because we are able to synchronize applications between two devices, like your computer and smartphone (and what you do in one can affect the other), the effectiveness of two-step verification decreases.
Android and iOS, equally vulnerable
The study’s authors have showed us the possibility of installing apps offered through Android onto your smartphone remotely through the computer (accessing Google Play with the browser) or installing remotely through iTunes.
In both of the above cases, following slightly different strategies, they have managed to intercept the verification code that websites send to your smartphone through SMS when there is a two-step verification, so it is very possible that a hypothetical cyber-criminal could access your Facebook, Google or Amazon accounts—to cite just a few.
The verification code that websites
send you through SMS can be intercepted
Don’t stop doing what you’ve been doing
Just because you have found out about this vulnerability does not mean it is no longer advisable to activate this safety measure in all the services that offer it. There will always be a few obstacles that you can put between the attackers and your personal information.
The post your smartphone is no longer the “smartest” option appeared first on Panda Security Mediacenter.
Encrypt – or face a huge fine
The ICO, the UK’s independent authority that oversees data privacy, recently released a new guidance on encryption best practices. The key message – encrypt or face a big fine.
The post Encrypt – or face a huge fine appeared first on We Live Security.
