Today Kaspersky Lab is launching its Kaspersky Cybersecurity Index – the first global index to measure the current cyberthreat levels faced by internet users.
Monthly Archives: September 2016
Denial of Service in extension "Speaking URLs for TYPO3" (realurl)
Release Date: September 8, 2016
Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
Affected Versions: version 2.0.0 to 2.0.14
Vulnerability Type: Denial of Service
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:O/RC:C (What’s that?)
Problem Description: The extension allows an attacker to forge URLs with arbitrary cHash values by regenerating the cHash GET argument. This results in the possibility to create an arbitrary amount of page cache entries. Exceeding database storage limits will eventually lead to the TYPO3 page not responding any more.
Solution: An updated version 2.0.15 is available from the TYPO3 Extension Manager and at https://typo3.org/extensions/repository/download/realurl/2.0.15/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: Thanks to Robert Vock and Timo Pfeffer who discovered and reported the issue.
General advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.
Offerte Back to School – PC Printer Monitor iPad
Non vedi il contenuto di questa email? Clicca qui http://campaign.r20.constantcontact.com/render?m=1103299326490&ca=57ebe50c-4397-4415-bc6b-1d14c74a61c6 Greetings! Inotra questa email http://ui.constantcontact.com/sa/fwtf.jsp?llr=9qmh7qdab&m=1103299326490&ea=broadcast%40simpaticotech.it&a=1125794585745 Questa mail è stata inviata a [email protected], da parte di [email protected] Aggiorna profilo/indirizzo e-mail https://visitor.constantcontact.com/do?p=oo&m=001ppwvHtrFNf1h59YxsVHM6Q%3D%3D&ch=ce81b4a0-be9c-11e4-90fa-d4ae528eb986&ca=57ebe50c-4397-4415-bc6b-1d14c74a61c6 Rimozione istantanea con SafeUnsubscribe(TM) https://visitor.constantcontact.com/do?p=un&m=001ppwvHtrFNf1h59YxsVHM6Q%3D%3D&ch=ce81b4a0-be9c-11e4-90fa-d4ae528eb986&ca=57ebe50c-4397-4415-bc6b-1d14c74a61c6 Informativa sulla privacy: http://ui.constantcontact.com/roving/it/CCPrivacyPolicy.jsp Online Marketing by Constant Contact(R) www.constantcontact.com Simpatico Network srl | Via Volta 7 | BUCCINASCO | 20090 | Italy
Business security: Securing your data weak points
One of the biggest problems to overcome for business security is trying to work out what areas you need to secure, explains ESET’s Mark James.
The post Business security: Securing your data weak points appeared first on WeLiveSecurity.
Warning! This Cross-Platform Malware Can Hack Windows, Linux and OS X Computers
Unlike specially crafted malware specifically developed to take advantage of Windows operating system platform, cyber attackers have started creating cross-platform malware for wider exploitation.
Due to the rise in popularity of Mac OS X and other Windows desktop alternatives, hackers have begun designing cross-platform malware modularly for wide distribution.
Cross-platform malware is
SugarCRM REST Unserialize PHP Code Execution
This Metasploit module exploits a PHP Object Injection vulnerability in SugarCRM CE <= 6.5.23 which could be abused to allow unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. The dangerous unserialize() call exists in the ‘/service/core/REST/SugarRestSerialize.php’ script. The exploit abuses the __destruct() method from the SugarCacheFile class to write arbitrary PHP code into the /custom directory.
Debian Security Advisory 3661-1
Debian Linux Security Advisory 3661-1 – It was discovered that incorrect SASL authentication in the Charybdis IRC server may lead to users impersonating other users.
Red Hat Security Advisory 2016-1820-01
Red Hat Security Advisory 2016-1820-01 – PostgreSQL is an advanced object-relational database management system. A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.
Red Hat Security Advisory 2016-1821-01
Red Hat Security Advisory 2016-1821-01 – PostgreSQL is an advanced object-relational database management system. A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.
Vuln: PHP 'bcmath.c' Multiple Local Heap Overflow Vulnerabilities
PHP ‘bcmath.c’ Multiple Local Heap Overflow Vulnerabilities