… but don’t miss the forest for the trees! The latest Locky variant appropriates Nordic mythology with a vacuum-cleaner approach to encrypting victims’ files.
The post Locky ransomware goes Nordic with Odin… appeared first on Avira Blog.
Monthly Archives: September 2016
Are you willing to gamble your company’s security with the new iPhone 7?
Apple has taken the world by storm once again with the release of the latest version of its top-of-the-range smartphone. Two new iPhones, the 7 and the 7 Plus, are on the Smartphone market with some standout novelties: the absence of the classic headphone Jack and the addition of two new and improved cameras. Unfortunately, the topic of cybersecurity was absent from the keynote presentation, in fact, Tim Cook and his team did not devote a single minute to this important issue.
This isn’t to say that the lack of conversation regarding security in the brand new iPhones makes them a danger to your business or your employees. In fact, if businesses decide to use it as a corporate phone, users could actually benefit in regards to security thanks to some of its new standout characteristics and changes.
Novelties in Apple Mobile Security
The new Home button, for example, is not a button at all. On the new version the Home button is actually a touchpad with a Haptic system that permits users to perform various functions—from exiting applications to using the multitasking function—while some of the other features were designed specifically for user convenience, security and privacy such as the Apple Pay or Touch ID.
Unlike the original iPhone button, the new Haptic button is designed to last over time.
In addition to the physical iPhones, a new operating system is also added to the new 7. The iOS 10 is presumed to be more robust in terms of cybersecurity (this is great news, especially after discovering various faults in the beta operating system).
It also permits users to respond to messages without introducing a security code or having to use Touch ID to unblock the device.
In conclusion, although Apple has given little or no attention to cybersecurity in their keynote, the combination of the iPhone 7 with the new operating system continues to be an excellent option for preventing IT risks in the corporate mobile sphere. If these devices become a growing danger for your company, make sure to combine them with the best advanced security solution.
The post Are you willing to gamble your company’s security with the new iPhone 7? appeared first on Panda Security Mediacenter.
CVE-2016-5061 (aternity)
Multiple cross-site scripting (XSS) vulnerabilities in the web server in Aternity 9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) HTTPAgent, (2) MacAgent, (3) getExternalURL, or (4) retrieveTrustedUrl page.
CVE-2016-5062 (aternity)
The web server in Aternity 9 and earlier does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.
CVE-2016-5176 (chrome)
Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.
CVE-2016-7090 (scalance_m-800_firmware, scalance_s615_firmware)
The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Multiple Backdoors found in D-Link DWR-932 B LTE Router
If you own a D-Link wireless router, especially DWR-932 B LTE router, you should get rid of it, rather than wait for a firmware upgrade that never lands soon.
D-Link DWR-932B LTE router is allegedly vulnerable to over 20 issues, including backdoor accounts, default credentials, leaky credentials, firmware upgrade vulnerabilities and insecure UPnP (Universal Plug-and-Play) configuration.
If
Improve Your Online Privacy And Security Using NordVPN
Today, most users surf the web unaware of the fact that websites collect their data and track their locations – and if this is not enough, then there are hackers and cyber criminals who can easily steal sensitive data from the ill-equipped.
In short, the simple truth is that you have no or very little privacy when you’re online.
So, if you’re worried about identity thieves, or ISPs spying on or
SQL Injection in extension "Events" (jp_events)
Release Date: September 29, 2016
Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
Affected Versions: version 0.0.2 and below
Vulnerability Type: SQL Injection
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:O/RC:C (What’s that?)
Problem Description: The extension fails to properly sanitize user input and is vulnerable to SQL Injection.
Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The extension is no longer maintained and the author will not provide a security fix for the reported vulnerability. Please uninstall and delete the extension from your installation.
Credits: Credits go to Ingo Schmitt who discovered and reported the vulnerability.
General advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.
SQL Injection in extension "GN Tactics Planner" (sf_gntactics)
Release Date: September 29, 2016
Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
Affected Versions: version 0.2.8 and below
Vulnerability Type: SQL Injection
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:O/RC:C (What’s that?)
Problem Description: The extension fails to properly sanitize user input and is vulnerable to SQL Injection.
Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The extension is no longer maintained and the author will not provide a security fix for the reported vulnerability. Please uninstall and delete the extension from your installation.
Credits: Credits go to Ingo Schmitt who discovered and reported the vulnerability.
General advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.