Over 30 million Twitter account details are put up for sale on the computer underground.
The post 32 million Twitter account credentials up for grabs – but site says it wasn’t hacked appeared first on We Live Security.
Monthly Archives: June 2016
Twitter Forces Password Reset on Some Exposed Accounts
Twitter has forced a password reset on an unnamed number of accounts exposed this week in a dump of 32.8 million account names and credentials.
From a drip to a flood: The impact of a data leak
Data leaks, especially from an organization’s point of view, are a huge and growing problem. The impact can be severe, as this feature highlights.
The post From a drip to a flood: The impact of a data leak appeared first on We Live Security.
Stay calm and don’t worry about false alarms
No false positives for Avira after 14 months, 7,000 websites, and 7.7 million files checked.
The post Stay calm and don’t worry about false alarms appeared first on Avira Blog.
Hours before Euro 2016, fake websites are still offering overpriced tickets
Online scammers are trying to take advantage of fans desperately scouring the web for the last few tickets to Euro 2016 via newly created fake websites.
The post Hours before Euro 2016, fake websites are still offering overpriced tickets appeared first on We Live Security.
Comment on They’ll hack your Android in T Minus 10 seconds by Suncode
Hackers are getting more and more advanced and its companies like panda security who do a fantastic job keeping ahead of the game protecting us.
Are Your Passwords For Sale On The Black Market?
Myspace is joining the list of 2016’s data breach victims, alongside Tumblr and LinkedIn. Yes, Myspace still exists and in fact, if you registered for the social media site prior to 2013, your old log-in information could have been compromised.
360 million emails and passwords were leaked in what is being called one of the largest mass data breaches in internet history. A few days ago, LeakedSource—a search-engine capable of searching leaked records—claimed to have learned account log-in information for a massive number of MySpace users.
Myspace acknowledged in its blog that cyber-criminals have gained access to log-in information from those who registered prior to June 2013. Until that date, passwords were protected by the hashing algorithm “cryptographic SHA1”, which is an outdated and insecure system which is no longer recommended.
The black hat, Peace, recently put the leaked data up for sale on the dark side of the net for six bitcoin (approx. $2,800 US or €2,400). This cyber-delinquent is also behind the Tumblr leak, where 65 million accounts were compromised, and the LinkedIn data breach (117 million leaked). As with Myspace, Peace attempted to sell the stolen information from Tumblr and LinkedIn on the black market.
Remember the Ashley Madison scandal? Well, the number of passwords stolen in this data breach is higher than those stolen in the Ashley Madison leak. If we take into account that the number of stolen passwords is higher than those stolen during the Ashley Madison scandal (39 million passwords leaked), it is particularly worrying.
Prevention is Better Than Cure
Recently, LinkedIn required a password change for users whose personal data may have been compromised in the breach. Tumblr has done the same. For now, the former friend-network has ensured users that the matter is being investigated and that the company is implementing new security measures.
Nevertheless, internet users and social-network fiends should not wait for a big leak before they take steps to protect their privacy. One of the commandments of Internet safety is to periodically change passwords and to register different passwords with different services so if your data is compromised it only effects one set of log-in credentials.
One of the commandments of Internet safety is to periodically change passwords
With all those constantly-changing passwords, how can we remember them while remaining secure? It’s easy. You can use password managers like Dashlane, which allows you to determine a password’s level of security and control them from the same page.
There are also great security solutions that offer a larger degree of protection and include a password manager… all you need is a master password to access all of your favorite internet services. It maintains your online privacy… at all times!
The post Are Your Passwords For Sale On The Black Market? appeared first on Panda Security Mediacenter.
A Russian Cybersleuth Battles the ‘Dark Ages’ of the Internet – The New York Times
A Russian Cybersleuth Battles the ‘Dark Ages’ of the Internet – The New York Times
New VMSA-2016-0008 VMware vRealize Log Insight addresses important and moderate security issues
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2016-0008
Synopsis: VMware vRealize Log Insight addresses important and
moderate security issues.
Issue date: 2016-06-09
Updated on: 2016-06-09 (Initial Advisory)
CVE number: CVE-2016-2081, CVE-2016-2082
1. Summary
VMware vRealize Log Insight addresses important and moderate security
issues.
2. Relevant Releases
VMware vRealize Log Insight prior to 3.3.2
3. Problem Description
a. Important stored cross-site scripting issue in VMware vRealize Log
Insight
VMware vRealize Log Insight contains a vulnerability that may
allow for a stored cross-site scripting attack. Exploitation of this
issue may lead to the hijack of an authenticated user's session.
VMware would like to thank Lukasz Plonka for reporting this issue to
us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2016-2081 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
=========================== ======= ======= =================
VMware vRealize Log Insight 3.x Virtual 3.3.2
Appliance
VMware vRealize Log Insight 2.x Virtual 3.3.2
Appliance
b. Moderate cross-site request forgery issue in VMware vRealize Log
Insight
VMware vRealize Log Insight contains a vulnerability that may
allow for a cross-site request forgery attack. Exploitation of this
issue may lead to an attacker replacing trusted content in the Log
Insight UI without the user's authorization.
VMware would like to thank Lukasz Plonka for reporting this issue to
us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2016-2082 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
=========================== ======= ======= =================
VMware vRealize Log Insight 3.x Virtual 3.3.2
Appliance
VMware vRealize Log Insight 2.x Virtual 3.3.2
Appliance
4. Solution
Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.
VMware vRealize Log Insight 3.3.2
Downloads and Documentation:
https://my.vmware.com/en/web/vmware/info/slug/infrastructure_operations_man
agement/vmware_vrealize_log_insight/3_3
5. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2082
- ------------------------------------------------------------------------
6. Change log
2016-06-09 VMSA-2016-0008 Initial security advisory in conjunction
with the release of VMware vRealize Log Insight 3.3.2 on 2016-06-09.
- ------------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com
PGP key at: https://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
Consolidated list of VMware Security Advisories
http://kb.vmware.com/kb/2078735
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
Twitter
https://twitter.com/VMwareSRC
Copyright 2016 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 21165)
Charset: utf-8
wj8DBQFXWj/PDEcm8Vbi9kMRAnAIAJ41gvMcGGXT4455eNmt7tR48d8pmgCgun/W
uMHWtNOrpA7NINIY+E8ASpo=
=QmsU
-----END PGP SIGNATURE-----
_______________________________________________
Security-announce mailing list
Security-announce-xEzmwC/hc7si8rCdYzckzA< at >public.gmane.org
http://lists.vmware.com/mailman/listinfo/security-announce
New VMSA-2016-0007 VMware NSX and vCNS product updates address a critical information disclosure vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ------------------------------------------------------------------------
Advisory ID: VMSA-2016-0007
Synopsis: VMware NSX and vCNS product updates address a critical
information disclosure vulnerability
Issue date: 2016-06-09
Updated on: 2016-06-09 (Initial Advisory)
CVE number: CVE-2016-2079
1. Summary
VMware NSX and vCNS product updates address a critical information
disclosure vulnerability.
2. Relevant Releases
NSX 6.2 prior to 6.2.3
NSX 6.1 prior to 6.1.7
vCNS 5.5.4 prior to 5.5.4.3
3. Problem Description
a. VMware NSX and vCNS critical information disclosure vulnerability
VMware NSX and vCNS with SSL-VPN enabled contain a critical input
validation vulnerability. This issue may allow a remote attacker
to gain access to sensitive information.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2016-2079 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============ ========== ========== =============
NSX Edge 6.2 Any 6.2.3
NSX Edge 6.1 Any 6.1.7
vCNS Edge 5.5 Any 5.5.4.3
4. Solution
Please review the patch/release notes for your product and version and
verify
the checksum of your downloaded file.
VMware NSX
Downloads:
https://www.vmware.com/go/download-nsx-vsphere
Documentation:
https://www.vmware.com/support/pubs/nsx_pubs.html
vCNS
Downloads:
https://www.vmware.com/go/download-vcd-ns
Documentation:
https://www.vmware.com/support/pubs/vshield_pubs.html
5. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2079
- - - -
- - ------------------------------------------------------------------------
6. Change log
2016-06-09 VMSA-2016-0007
Initial security advisory in conjunction with the release of VMware
NSX 6.2.3, 6.1.7 and vCNS 5.5.4.3 on 2016-06-09.
- - - -
- - ------------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com
PGP key at: https://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
Consolidated list of VMware Security Advisories
http://kb.vmware.com/kb/2078735
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
Twitter
https://twitter.com/VMwareSRC
Copyright 2016 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 21165)
Charset: utf-8
wj8DBQFXWj8bDEcm8Vbi9kMRAstiAKC5ejIGTYxy1cyZICirCBe7ZZ0qHwCg3ohk
/WKIK9nNhceGenKdZBakL04=
=VsXF
-----END PGP SIGNATURE-----?
_______________________________________________
Security-announce mailing list
Security-announce-xEzmwC/hc7si8rCdYzckzA< at >public.gmane.org
http://lists.vmware.com/mailman/listinfo/security-announce