WIN-911 version 7.17.00 suffers from incorrect default permissions and plaintext credential storage vulnerabilities.
Monthly Archives: September 2016
glibc getaddrinfo Stack Buffer Overflow
glibc getaddrinfo stack-based buffer overflow exploit that leverages the priorly disclosed issue by Google.
SEC Consult SA-20160906-0 :: Private key for browser-trusted certificate embedded in multiple Aruba Networks / Alcatel-Lucent products
Posted by SEC Consult Vulnerability Lab on Sep 06
This advisory is accompanied by a blog post regarding a recap on our published
“House of Keys” research study on the re-use of cryptographic secrets from
11/2015.
For further information also see
http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html
SEC Consult Vulnerability Lab Security Advisory < 20160906-0 >
=======================================================================
title:…
Kaspersky Lab Security Solutions Earn First Place in all SE Labs Q2 2016 Tests
Kaspersky Lab products were named the best solution for small businesses, enterprises and home users according to the results of security solutions testing conducted by SE Labs in Q2 2016.
Infographic: tips and tricks for smartphone parenting
Lay the groundwork for responsible smartphone use, and manage the challenges and opportunities they bring. Our tips and tricks in the infographic below work best when used openly and honestly in partnership with the children – not as a stealth spying method.
The post Infographic: tips and tricks for smartphone parenting appeared first on Avira Blog.
Gugi Banking Trojan Outsmarts New Android 6 Security
Kaspersky Lab announced today its experts discovered a modification of the Gugi banking Trojan that can bypass Android OS 6 security features designed to block phishing and ransomware attacks.
What you should know about Windows 10
It is reaching the end of its first year and now companies are asking, is it the right moment to update to Windows 10?Now that it’s becoming somewhat mature, should businesses take the plunge and invest time and money to upgrade their software? The general opinion is that yes, companies should upgrade. After all, it takes far less time and resources to plan the transition than to deal with it after problems emerge due to outdated software.
January 2020 may be far away, but that is when Windows 7 will be discontinued, and businesses need a lot of time—months or even years—to complete this type of transition. There are also some companies that have chosen to continue using Windows 8, an operating system which has brought more sorrow than glory to the corporate sector.
In addition to the added benefits offered in Windows 10, the tech company has also tried to fix the Windows 8 problems and has also introduced new elements that are designed to attract more businesses which is a huge market that Microsoft can’t afford to lose to its competitors: Apple Mac and Google Chromebook.
The main focus for Windows 10 is to reinforce security. Some of the improvements include biometric identification support (Hello), improvements for mobile device management (MDM) and a centralized verification center through Azure Active Directory (this prevents unnecessary password duplication).
Panda Security’s antivirus solutions work perfectly with Windows 10
But perhaps the most talked about and significant aspect for businesses is the new update cycle. With the 10th version of their operating system, Microsoft has gotten rid of something that is typical in other companies: constant updates. Until now, security patches were published once a month (the famous “Patch Tuesday”) and most of the improvements were concentrated in large blocks called “Service packs”.
The wait until 2020 is long and not in-rhythm with the current digital economy, but with this new system, Windows 10 will be able to install updates immediately (as long as the people in charge decide so).
The post What you should know about Windows 10 appeared first on Panda Security Mediacenter.
Russia's Largest Portal HACKED; Nearly 100 Million Plaintext Passwords Leaked
Another data breach from 2012, and this time, it’s Russia’s biggest internet portal and email provider Rambler.ru.
Rambler.ru, also known as Russia’s Yahoo, suffered a massive data breach in 2012 in which an unknown hacker or a group of hackers managed to steal nearly 100 Million user accounts, including their unencrypted plaintext passwords.
<!– adsense –>
The copy of the hacked database
CVE-2016-7112
The EN100 Ethernet module before 4.29 for Siemens SIPROTEC 4 and SIPROTEC Compact devices allows remote attackers to bypass authentication and obtain administrative access via unspecified HTTP traffic.
CVE-2016-7113
The EN100 Ethernet module before 4.29 for Siemens SIPROTEC 4 and SIPROTEC Compact devices allows remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets.