Monthly Archives: May 2016

Panda Security

Even the inventor of the World Wide Web can be hacked. What about us?

contraseñas_FOTO2Even the inventor of the World Wide Web, Mr. Tim Berners-Lee, can have his password stolen. The hackers were able to access IT resources belonging to the organization that governs the Web (W3C). This makes us wonder: Is there a company that isn’t vulnerable to this type of attack?

 

We all face the same problem: We are only as strong as our weakest link. Stealing the password belonging to a single employee, especially if their access level is high (for example, a manager), is sufficient means for a cyber-criminal to sneak into a company’s entire system.

 

According to a recent report by the Cloud Security Alliance (CSA), nearly a quarter (22%) of the IT breaches in companies began with a single password leak. In addition, 65 per cent of the study’s participants believe that there is a medium to high chance that there will be future risks caused by a compromised password.

 

A fourth of IT breaches began with a single password leak

 

contraseñas_FOTO1

Pictured: Tim Berners-Lee, the inventor of the World Wide Web

Like many others, Tim Berners-Lee’s situation could have been easily avoided. If an attacker gained access to the back door of the W3C it was because Berners-Lee repeated passwords. It is possible that he used the same password as the one he used for the IRC chats he used to communicate with his team.

 

The intruder initially got into the system using Berners-Lee’s information, then the same password opened other access points without problem. It was even possible to sneak into the web’s editing area, retouch the founder’s profile, and leave an encryption seal to prove that the cyber-criminal had been there.

 

To avoid being in this situation, there’s a simple and effective measure that should be followed by everyone in your company: use a different password for every service. That way, if one of your passwords is stolen, cyber-criminals will not have access to other resources belonging to your company.

Likewise, it’s also important to have a dependable security solution for your business to fall back on, like Panda Adaptive Defense 360, which is able to combat the theft of corporate information against both external and internal threats.

The post Even the inventor of the World Wide Web can be hacked. What about us? appeared first on Panda Security Mediacenter.

Debian

DSA-3584 librsvg – security update

Gustavo Grieco discovered several flaws in the way librsvg, a SAX-based
renderer library for SVG files, parses SVG files with circular
definitions. A remote attacker can take advantage of these flaws to
cause an application using the librsvg library to crash.

Ubuntu

USN-2983-1: Expat vulnerability

Ubuntu Security Notice USN-2983-1

18th May, 2016

expat vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Expat could be made to crash or run programs as your login if it opened a
specially crafted file.

Software description

  • expat
    – XML parsing C library

Details

Gustavo Grieco discovered that Expat incorrectly handled malformed XML
data. If a user or application linked against Expat were tricked into
opening a crafted XML file, an attacker could cause a denial of service, or
possibly execute arbitrary code. (CVE-2016-0718)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
libexpat1

2.1.0-7ubuntu0.16.04.1
lib64expat1

2.1.0-7ubuntu0.16.04.1
Ubuntu 15.10:
libexpat1

2.1.0-7ubuntu0.15.10.1
lib64expat1

2.1.0-7ubuntu0.15.10.1
Ubuntu 14.04 LTS:
libexpat1

2.1.0-4ubuntu1.2
lib64expat1

2.1.0-4ubuntu1.2
Ubuntu 12.04 LTS:
libexpat1

2.0.1-7.2ubuntu1.3
lib64expat1

2.0.1-7.2ubuntu1.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to restart any applications linked
against Expat to effect the necessary changes.

References

CVE-2016-0718