The TERASOLUNA Framework Development Team discovered a denial of service
vulnerability in Apache Commons FileUpload, a package to make it
easy to add robust, high-performance, file upload capability to servlets
and web applications. A remote attacker can take advantage of this flaw
by sending file upload requests that cause the HTTP server using the
Apache Commons Fileupload library to become unresponsive, preventing the
server from servicing other requests.
Monthly Archives: June 2016
Cisco Security Advisory 20160629-piauthbypass
Cisco Security Advisory – A vulnerability in the application programming interface (API) of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to access and control the API resources. The vulnerability is due to improper input validation of HTTP requests for unauthenticated URIs. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected URIs. Successful exploitation of this vulnerability could allow the attacker to upload malicious code to the application server or read unauthorized management data, such as credentials of devices managed by Cisco Prime Infrastructure or EPNM. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Cisco Security Advisory 20160629-cpcpauthbypass
Cisco Security Advisory – A vulnerability in the Lightweight Directory Access Protocol (LDAP) authentication for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to an improper implementation of LDAP authentication. An attacker could exploit this vulnerability by logging into a targeted device that is configured for LDAP authentication. Successful exploitation of this vulnerability could grant the attacker full administrator privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Cisco Security Advisory 20160629-fp
Cisco Security Advisory – A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to log in to the device with a default account. This account does not have full administrator privileges. The vulnerability is due to a user account that has a default and static password. This account is created during installation. An attacker could exploit this vulnerability by connecting either locally or remotely to the affected system. A successful exploit could allow the attacker to log in to the device using the default account. The default account allows the execution of a subset of command-line interface (CLI) commands that would allow the attacker to partially compromise the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Apache Xerces-C XML Parser Crash
The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker. Apache Xerces-C XML Parser library versions prior to 3.1.4 are affected.
Jigsaw Deletes Files Every Hour: Upgrade Your AVG Software Today!
Jigsaw is a fast-growing ransomware threat on the web, posing new danger for businesses. It is also the first ransomware to actually delete files hourly until the ransom is paid.
In April and May, our AVG Virus Lab team detected and blocked nearly 3,000 instances of Jigsaw across 25 countries. This recent detection report showed the malware being most active in the United States, Germany and South Africa.
Though the number of instances is alarming, our AVG 2016 AntiVirus engine and LinkScanner feature – integrated across all of our AVG Business products – is proactively detecting and blocking Jigsaw.
It is still critical that you understand how Jigsaw works, how to identify it and best steps for protection.
How does Jigsaw work?
- You typically have 72 hours to pay the ransom, usually in Bitcoin.
- Every hour after that, Jigsaw deletes files to pressure victims into paying.
- The rate at which files are deleted is exponential, from a single file to a thousand files at a time.
How does Jigsaw spread?
- Email – malicious or spammed emails are common entry points.
- Be on alert for malicious links and attachments with malicious code inside disguised as a pdf, Word, Excel or .Zip file. Don’t open email with suspicious or vague email subject lines.
- Websites – visiting web pages can be an entry point.
- Simply visiting an infected web site, you could be at risk.
- Many websites are legitimate and you have no way of knowing if they have been infected.
- Don’t click on popups or banner ads, if the product/service is of interest, then visit the site directly
- The only defense is ensuring all software is updated, and using advanced antivirus software protection (Our AVG Business products provide this defense.)
How can a business stay protected?
- Backup files to an external drive (local drives can become encrypted)
- Even better, disconnect the external drive after the backup and do a cloud backup.
- Educate employees
- Employees should know what to watch for and what to avoid.
- Implement policies to prepare for and manage ransomware
- Antivirus software must always be on and up to date (AVG Business products detect and protect against ransomware and other malware. Be sure you have the latest AVG software running!)
- Update all software to the latest versions, from within the product or directly from the vendor web site
- Put processes in place and train users on what to do if an ‘event’ occurs (Examples: Notify IT or MSP, shut down, pull network cable).
- Use multi-level AV protection
- At AVG, we use a multi-layered security approach with multiple layers of inspection and testing to identify and eliminate a wide variety of malware.
- AVG’s 2016 security engine leverages sophisticated technologies – including artificial intelligence, advanced algorithms and cloud-based outbreak detection to detect and protect in real-time. AVG Business products are powered by these technologies with features that also include an advanced scanning engine, LinkScanner for safe web surfing, online shield, identity protection and more.
- We regularly submit our security software to independent test labs and have receive high industry-leading results across protection, performance and usability categories.
Don’t let your business or client’s business be held for ransom. AVG partners and distributors can find out more about our AVG Business solutions with integrated AV 2016 at www.avg.com/service-provider-solutions.
Should all Facebook users follow your example, Mr. Zuckerberg?
Sticky tape – is it really secure by design? Mark Zuckerberg the founder of the high tech company Facebook uses everyday sticky tape to help protect his laptop and identity.
Facebook founder and advocate of social media was recently pictured celebrating reaching the 500 million active users per month milestone for Instagram, a Facebook company. The achievements of Mr. Zuckerberg are indeed remarkable; the way in which the world communicates today would be very different without Facebook.
In the celebratory photo, Mr. Zuckerberg is seated at his desk holding a cutout of Instagram’s feed in Facebook’s Silicon Valley headquarters. Eagle-eyed Twitter user Chris Olson spotted that Mr. Zuckerberg, like many of us, had put tape over the webcam and microphone of his laptop.
We’ve all heard the stories of web cams being turned on in homes by malicious hackers, TVs that listen to us, and toys that record our voices, so it wouldn’t be surprising if many of us already do the same. Protecting devices with physical security helps ensure that if a hacker accesses your device, they do not see or hear much.
You might, however, expect the billionaire founder of Facebook to have a more sophisticated solution though, especially when there has been so much written about Facebook apps asking for permissions that seem somewhat sensitive or intrusive for some users. For example, Facebook asking for permission to access the user’s microphone and camera has generated speculation about whether such access could be used in ways that are not transparent to the user.
There have been several articles written with explanations on why the permissions are needed and assurances by Facebook that it will not abuse them. So, if all of this is true, why is the CEO and founder of Facebook putting tape over his webcam? Should we also be putting tape over our webcams?
We know that the CEO and Founder of Facebook does, and in a recent interview, James Comey, Director of the FBI also admitted to using this technique. Either they are making a statement or this method actually works. My personal opinion is – it’s the latter.
It might of course be because both of these personalities have such a high public profile that they are more likely to be targets for hackers. Considering malware like the remote access trojan (RAT) that can access a camera, maybe a piece of tape is a practical if not wholly elegant solution. Naturally, having up to date antivirus software and a fully updated/patched machine will make it less likely that such malware will ever reach your machine.
There’s also human error, although I am not sure this has been given an official ‘name’. Have you ever accidently started a video call on your laptop or phone? Most of us know that it is all too easy to click the wrong button to make the call and the next thing you know you are broadcasting video … and let’s hope it’s nothing confidential or embarrassing.
Given the risk of a mistake and the risk of malware, and two high profile examples … on balance, it probably is time to tape over your PC’s camera and microphone to minimize the risk that you share something inadvertently via your camera.
And for the fans of duct tape, that’s probably overkill when covering up a cam, I’d suggest using something a bit more easily removable!
Locky is back with a twist of COM
Locky is continuing to evolve after its return to the marketplace last week. The new June 28 variant uses Windows COM objects to erase old copies, resulting in more difficult behavior-based detection by security programs.
The post Locky is back with a twist of COM appeared first on Avira Blog.
Global Terrorism Database Leaked! Reveals 2.2 Million Suspected Terrorists
A massive database of terrorists and “heightened-risk individuals and entities” containing more than 2.2 Million records has reportedly leaked online.
Researcher Chris Vickery claimed on Reddit that he had managed to obtain a copy of 2014 version of the World-Check confidential database, which is being used by banks, governments, and intelligence agencies worldwide to scope out risks
Symantec Releases Security Updates
Original release date: June 29, 2016
Symantec has released security updates to address vulnerabilities in multiple products. Exploitation of some of these vulnerabilities may allow an attacker to take control of an affected system and cause a denial-of-service condition.
Users and administrators are encouraged to review Symantec Security Advisories SYM16-010 and SYM16-011 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.