Netgear Genie version 2.4.32 suffers from an unquoted service path elevation of privilege vulnerability.
Monthly Archives: September 2016
Summer Internship @Avira: A dream come true
Summer is over and so is one of our internship programs: besides enjoying ice cream and great barbecues on the terrace with the Avirans, four young students spent their summer developing a very cool IT project.
The post Summer Internship @Avira: A dream come true appeared first on Avira Blog.
Sophos UTM 9.405-5 / 9.404-5 Information Disclosure
Sophos UTM versions 9.405-5 and 9.404-5 suffer from information disclosure vulnerabilities.
Apple Macs – more secure, but not invulnerable
Over the years, Apple computers have developed a reputation for exceptional security. In fact, many people believe that Macs are completely invulnerable to malware, like viruses and ransomware.
But in an age where cybercriminals are using increasingly sophisticated attacks to break into computers, Apple owners need to know the truth.
No computer is 100% secure
The first thing to realise is that Apple computers are not completely hack proof. No computer is completely hack proof. It is completely untrue to say that Apple Macs cannot be hacked, or be infected with malware.
In fact, one of the first viruses ever created was targeted at the Apple II computer back in 1982. The virus was relatively harmless – it simply displayed a rather childish poem on screen. But the reality was that the computer’s built-in security had been breached.
More malware followed over the years, each becoming more serious as time went on.
OS X significantly improves security
With the release of OS X in 2001, Apple significantly improved the security of their operating system. The core of the operating system made it much harder for malware to install itself – and it was around this time that Apple began to attract a reputation for being 100% secure – one they did little to dispel.
Interestingly, there has been roughly one significant item of Mac malware released every year since 2004. But the fact that there are less viruses targeting OS X than Windows, helped drive the legend of invulnerability. In most cases the only way to “catch” one of these viruses was to install illegal software from a “warez” website.
Ransomware – a true game-changer
Like its Windows-based relatives, most Mac malware was designed to steal personal information. However these viruses were relatively easy to identify and remove – often before any real damage was caused.
The emergence of ransomware has completely changed the game however. These malware infections encrypt the files stored on your Apple computer so that you can no longer read or use them. The only way to decrypt them is by paying a ransom to the cybercriminal behind the infection.
Eventually the ransomware infection will make all of your files unreadable.
There’s still worse to come
Cybercriminals are also creating new attacks that use a number of different techniques to trick you installing their malware. An infected email may be followed by an official-sounding phone call for instance, encouraging you to download and install an application to assist with internet banking, or to troubleshoot a technical issue.
Hackers are also becoming more patient, sometimes spending days and weeks building trust with their victims, using a technique known as “social engineering”. Which makes these attacks all the more subtle and effective.
Mac anti-virus software is no longer optional
When Mac malware was relatively rare, the chances of your computer becoming infected were slim. Mac malware is becoming more common and sophisticated – so all of your computers need to be protected with a comprehensive security package.
Panda Antivirus help to block malware and ransomware before it can be installed on your computer. It will also help to protect against social engineering attacks – you won’t be able to install dodgy software, even by accident.
To learn more about how to protect your Mac, download a free trial of Panda Mac Antivirus now.
The post Apple Macs – more secure, but not invulnerable appeared first on Panda Security Mediacenter.
“Securing a business involves so much more than plugging in various pieces of computer technologyâ€, Simon Edwards
I met Simon Edwards in January 2007 at the first AMTSO meeting in Bilbao. For many years, Simon dedicated himself to testing security products for Dennis Publishing and, at the time, he was also the technical director of Dennis Technology Labs. The prestige gained over the years has made him a recognized authority in this sector. Less than a year ago he began a new career path when he started his own business, SE Labs.
1 – Since your time as the editor of the Computer Shopper magazine, your life has been linked with computer security. What has your experience been like in such a changing and innovative industry?
I have always approached the security business from an ethical position because we genuinely want to make a bad situation better. We do much more than testing anti-malware products. We provide threat intelligence to very large companies and, in the UK, the insurance industry uses our information to make important decisions. That is a new diversion from testing, but we do still test security products and that feeds back into the threat intelligence information we provide. We didn’t set out to create a security testing business from day one, though.
When I was first asked to write an anti-virus group test I thought about how to do it, but without any input from other testers or even the companies that made anti-virus programs. In complete isolation from the experts I came up with a method of testing and found that some well-known threats could bypass anti-virus, particularly those that were more like Trojans and hacking attacks rather than standard self-replicating ‘viruses’. That was interesting.
The response from the readers was fantastic and every time we published such a test we sold more magazines than in a usual month. The anti-virus industry was less pleased and I received aggressive phone calls from some people who, today, I actually count as very good friends. We just had to get to know each other and develop trust.
I think that the default position the security industries take, when confronted by challenging results from a new face, is to attack. “We don’t know this guy and he’s saying our product sucks? He must be an idiot, or corrupt!” Nothing much has changed on that front. At least now people know SE Labs creates useful tests and works ethically. Well, most people do. There are some companies, particularly new ones, who are still working out what’s what. They assume that if you don’t support their marketing message then you are an enemy with a biased agenda.
The default position the security industries take, when confronted by challenging results from a new face, is to attack.
One big change is that vendors are starting to see the usefulness of testers really attacking systems, rather than just scanning regular malware that exists on the general internet. We were running hacking attacks in tests back in the days of Back Orifice 2000 and we also used other tools that the bad guys had access to. At the time that was extremely controversial, as the industry had a general view that creating threats was taboo. Many still feel that way, but we’ve been crafting targeted attacks for testing purposes ever since, and it seems fair considering how many products claim to prevent such things.
2- What is like to be an entrepreneur? Are you still able to perform the tests yourself or has management become the main part of your day-to-day?
I personally review every set of data that powers the tests that we publish, and I also develop the test methodologies used by the talented testers who actually sit in front of the systems and put the products through their paces. The ongoing testing and general office tasks are managed by the SE Labs team in London. Once a test is up and running I trust the team and spend most of my time doing one of a million other things. What’s really cool about setting up a company from scratch is that there are so many creative tasks to carry out. But, as we’ll see, there’s also a load of nonsense to contend with too.
When you are running a company on your own you make decisions about literally everything. One day I would be negotiating six-figure finance deals and then I’d be fielding questions about teaspoons. I spent literally half a day in Ikea arguing with colleagues about which cutlery sets to buy.
There is a lot of emotion and some immaturity in this emerging ‘next-gen’ industry.
Back to testing, I have spent a large amount of time trying to work with the newer companies in the industry. Some of them can be reluctant and I understand why. Startups are vulnerable and a poor result could kill a business before it even starts. That said, some of the aggressive marketing we’ve seen very much invites testing to challenge quite extraordinary claims. There is a lot of emotion and some immaturity in this emerging ‘next-gen’ industry. That needs to stop, because it does not serve the customers.
3- As Director of SE Labs, does your work continue to surprise you on a daily basis? Do you have to adapt your tests to the type of attacks that appear frequently?
A fundamental part of what we do is to seek out and use prevalent threats. Theoretically every product should score 100 per cent in our tests because we’re not using threats from the edges of the internet or zero day threats. So it’s always been quite surprising to me that most vendors don’t score 100 per cent. It’s well-known in the security world that a test in which everyone scores 100 per cent is useless. I don’t think that’s true, as long as the test comes with a good explanation of what it’s trying to achieve.
But regardless, if I throw 100 well-known threats at the leading anti-malware products I know there will be compromises. And that still surprises me. We work with many vendors to help them fix these issues.
4- In addition to traditional security solutions, in the past few years several new solutions have appeared on the market with names like “Next Gen AV” that use a different approach to protect businesses. Have you had the opportunity to try one of these solutions? What has your experience been like?
We have managed to gain access to some so-called ‘next-gen’ products and I know what you’re expecting me to say! But they are not the snake oil that their crazy marketing suggests. They are proving to be competent solutions. I don’t think I’d want to run many on my systems without some other form of anti-malware, but they are not the ‘smoke and mirrors’ fake solution I think many people assume. They are not perfect but neither are they rubbish.
It’s always been quite surprising to me that most vendors don’t score 100 per cent.
5- There are also solutions from “traditional” manufacturers within the EDR category (Endpoint Detection and Response). Have you had the opportunity to try out any of them?
Indeed we have, and we even run one on these products alongside so-called ‘traditional’ AV on our own systems. Being able to track a breach if/when it happens could be useful. Although we’re a relatively small company, it would be naïve to think that no-one would ever mess with us. We take security seriously, especially considering the nature of some of our clients (we don’t just test anti-malware products, but also provide security advice to some of the largest companies in the world). Our influence extends beyond the basic ‘AV test’ world and, as such, we need to be very careful.
6- You have been involved in AMTSO since the very beginning, and in fact you are currently a member of the Board of Director. In your opinion, what are the major accomplishments AMTSO has achieved since its inception?
The relationship between testers of anti-malware products and the developers of those products is a million times better today than it was. This is important because a good relationship means a productive development cycle of the software that we all use to protect our computers. Once it was the case that vendors hated testers and treated their results as something to work around, rather than use to improve products. I think that AMTSO has largely fixed that problem.
7- What are the challenges that AMTSO has to face in the near future in the testing landscape?
The next-generation companies are opposed to testing. They might claim otherwise, but in my opinion they don’t want to be challenged. Their focus is investment and growth. AMTSO needs to bring these companies into the fold and help them understand that there is something more important than just raising investment funding. Customers count and they need to be protected. Testing actually plays a crucial part in that. They can’t expect to succeed if they operate in a vacuum.
8- In your opinion, what is the biggest challenge that institutions and corporations are up against today in regards to cybersecurity? Does that time lag really exist between adopting new technologies in businesses and applying the proper security measures?
I think the biggest challenge is that securing a business involves so much more than plugging in various pieces of computer technology. Users are potentially the strongest link in the chain, whereas often they are accused of being the weakest. Training can help a lot here. Going back to fundamentals and really understanding what security is would help. It’s easier to spend a few millions on some new types of firewalls, but that’s not going to do the job. CISOs need to understand that.
The post “Securing a business involves so much more than plugging in various pieces of computer technology”, Simon Edwards appeared first on Panda Security Mediacenter.
Flashback Friday: SQL Slammer
Within a few hours of being released in the winter of 2003, SQL Slammer had brought the internet to something of a standstill. We look back at this notable worm.
The post Flashback Friday: SQL Slammer appeared first on WeLiveSecurity.
Logitech M520 Y-R0012 Spoof Attack
The Logitech M520 Y-R0012 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.
Avast and AVG become one
Joomla Huge-IT Portfolio Gallery 1.0.6 SQL Injection
Joomla Huge-IT Portfolio Gallery plugin version 1.0.6 suffers from a remote SQL injection vulnerability.
Apache MyFaces Trinidad Information Disclosure
Apache MyFaces Trinidad versions 1.0.0 to 1.0.13, 1.2.1 to 1.2.14, 2.0.0 to 2.0.1, and 2.1.0 to 2.1.1 suffer from an information disclosure vulnerability.