Ubuntu Security Notice 2991-1 – It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.
Monthly Archives: June 2016
Ubuntu Security Notice USN-2990-1
Ubuntu Security Notice 2990-1 – Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to execute arbitrary code. These issues are known as “ImageTragick”. This update disables problematic coders via the /etc/ImageMagick-6/policy.xml configuration file. In certain environments the coders may need to be manually re-enabled after making sure that ImageMagick does not process untrusted input. Various other issues were also addressed.
HP Security Bulletin HPSBMU03607 1
HP Security Bulletin HPSBMU03607 1 – Multiple potential security vulnerabilities have been identified in HPE BladeSystem c-Class Virtual Connect (VC) firmware. These vulnerabilities include: The SSLv3 vulnerability known as “Padding Oracle on Downgraded Legacy Encryption” also known as “POODLE”, which could be exploited remotely resulting in disclosure of information. The Cross-protocol Attack on TLS using SSLv2 also known as “DROWN”, which could be exploited remotely resulting in disclosure of information. Additional OpenSSL and OpenSSH vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS), disclosure of information, or Cross-site Request Forgery (CSRF). Revision 1 of this advisory.
TeamViewer Denies Hack, Blames Password Reuse for Compromises
TeamViewer continues to refute claims this week it was hacked and instead claims that password reuse and careless user actions may have led to a scourge of hacks.
Google Releases Security Update for Chrome
Original release date: June 02, 2016
Google has released Chrome version 51.0.2704.79 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
Russia Launches Raids Over Sberbank Heist
Investigatory Powers Bill: Privacy Concerns 'Could Be Met'
Marcher Mobile Malware Adds Nine UK Banks To Target List
Microsoft Fixes Spam Problem Affecting Hotmail And Outlook
Knock-off FIFA apps on Google Play
Fake football apps appear on the Google Play Store in time for Copa America and Euro Cup.
Copa America Centenario and Euro Cup start this Friday and next Friday respectively, and everyone across the Americas and Europe are in the football/soccer spirit.
I found four soccer/football apps on the Google Play Store, all with the same or similar names, that are pretty bad knock-offs of the popular FIFA app. All four apps have negative reviews claiming the apps do practically nothing but display ads. Clearly, the person or people behind these apps only intention is to make money and not to deliver quality apps.
I dug a little deeper and despite the fact that these four apps were uploaded under different developer names, they seem to be developed by one developer. All four apps have the same dex files and manifests. Each developer name has only uploaded one app and there are no links to any developer homepages.
I decided to test each app to see if the negative reviews regarding the ads were true and unfortunately, they are.
