Posted by Pierre Kim on Sep 28
## Advisory Information
Title: Multiple vulnerabilities found in the Dlink DWR-932B (backdoor,
backdoor accounts, weak WPS, RCE …)
Advisory URL: https://pierrekim.github.io/advisories/2016-dlink-0x00.txt
Blog URL: https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
Date published: 2016-09-28
Vendors contacted: Dlink
Release mode: Released
CVE: no current CVE
DWF: no current DWF
## Product Description…
Posted by Rio Sherri on Sep 28
# Title : Symantec Messaging Gateway <= 10.6.1 Directory Traversal
# Date : 28/09/2016
# Author : R-73eN
# Tested on : Symantec Messaging Gateway 10.6.1 (Latest)
# Software :
https://www.symantec.com/products/threat-protection/messaging-gateway
# Vendor : Symantec
# CVE : CVE-2016-5312
# DESCRIPTION:
# A charting component in the Symantec Messaging Gateway control center
does not properly sanitize user input submitted for charting requests.
#…
Posted by Vulnerability Lab on Sep 28
Award 2016 “Glas of Reason” (Glas der Vernunft) for Edward Snowden
(10.000€) @snowden
–
Security Press Articles
http://www.mirror.co.uk/news/world-news/german-city-gives-nsa-whistleblower-8913033
http://www.bild.de/wa/ll/bild-de/unangemeldet-42925516.bild.html
http://www.stern.de/panorama/kasseler-buergerpreis-geht-an-edward-snowden-7073662.html
http://www.zdnet.de/88272377/glas-der-vernunft-kasseler-buerger-ehren-edward-snowden/…
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
Cybercrime has established itself as a permanent fixture in 21st century life, with the number of incidents and victims continuing to rise with dogged determination.
The post Growth of cybercrime is ‘ruthless’ appeared first on WeLiveSecurity.
Do you know — Your Smart Devices may have inadvertently participated in a record-breaking largest cyber attack that Internet has just witnessed.
If you own a smart device like Internet-connected televisions, cars, refrigerators or thermostats, you might already be part of a botnet of millions of infected devices that was used to launch the biggest DDoS attack known to date, with peaks of over
Downloading torrents is certainly not as popular as it used to be but people still do it. The fact you may be able to watch a movie free of charge before it is even available in your town’s movie theatre may sound appealing, we wanted to highlight that this is illegal and your actions will have consequences.
In this blog post we are not going to focus on the consequences, we are sure you already know what happens to the bad guys. We want to stress on the type of information you are sharing with the world while downloading torrents;
Very often torrent websites require you to create a profile before you are able to download a torrent. Therefore you are forced to come up with a username and password. Having in mind people don’t enjoy using multiple passwords some folks end up literally giving their username and password without a fight. Imagine what hackers who crack software for fun could do with your personal information. It feels like getting a wolf pack to guard your sheep.
You are sharing your IP address with both seeders and leechers. Almost every torrent client has the option to see details about the peers you are connecting with. Sharing your personal IP address with complete strangers is not the safest thing. Not all peers are there to help you, hackers masked as seeders/leechers are lurking around harvesting IP addresses.
Your ISP knows what you are doing. Even though it is NOT in their interest, sometimes they are forced to share information with the law enforcement. Your ISP provider will not hesitate to share information about you when pressured by the authorities. After all torrents can be heavy and ISP providers are certainly not very happy when they see you abusing the unlimited data stream they offer you.
Getting to download an actual torrent is not an easy task. You have to go through a whole bunch of shady websites so you can get to the point where you will download the torrent you want. There are a whole lot of ‘download’ buttons that download everything else to your device but the desired torrent. Even if the content you want to download may not be illegal, you share all your traffic information with the website admins. Remember what we discussed about the wolf packs.
Torrent websites sometimes offer you perks when following them on social media. This immediately gives an idea to everyone interested about the type of people that support those websites. Even if you are not downloading or distributing any illegal content, engaging with them on social media channels and being active on torrent forums may drag you towards a group of people you don’t want to be in.
Peer to peer file sharing is not always illegal but you have to keep in mind that very often cheap things end up being expensive. You should be fully aware about what you exposing to the world on your journey to the next episode of the Big Bang Theory.
If you are in store you don’t just go and grab a DVD and walk out, you pay for it. The reason why you don’t steal is not only because you are a good person but also because you are afraid that your action may ruin your life. Nowadays, being on internet is similar to walking on the street or in the store, your actions are being monitored – let’s make sure you don’t embarrass yourself before the whole world.
The post Top 5 things you are revealing to the world when downloading torrents appeared first on Panda Security Mediacenter.
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
Debian Linux Security Advisory 3680-1 – Two vulnerabilities were reported in BIND, a DNS server.
Ubuntu Security Notice 3090-1 – It was discovered that a flaw in processing a compressed text chunk in a PNG image could cause the image to have a large size when decompressed, potentially leading to a denial of service. Andrew Drake discovered that Pillow incorrectly validated input. A remote attacker could use this to cause Pillow to crash, resulting in a denial of service. Eric Soroos discovered that Pillow incorrectly handled certain malformed FLI, Tiff, and PhotoCD files. A remote attacker could use this issue to cause Pillow to crash, resulting in a denial of service. Various other issues were also addressed.
