Monthly Archives: October 2016
Yahoo Built a Secret Tool to Scan Your Email Content for US Spy Agency
Users are still dealing with the Yahoo’s massive data breach that exposed over 1 Billion Yahoo accounts and there’s another shocking news about the company that, I bet, will blow your mind.
Yahoo might have provided your personal data to United States intelligence agency when required.
Yahoo reportedly built a custom software programmed to secretly scan all of its users’ emails for specific
Red Hat Security Advisory 2016-2006-01
Red Hat Security Advisory 2016-2006-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the Linux kernel’s keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. A heap-based buffer overflow vulnerability was found in the Linux kernel’s hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system.
Red Hat Security Advisory 2016-1996-01
Red Hat Security Advisory 2016-1996-01 – Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. An input validation flaw was found in the way CloudForms regular expressions were passed to the expression engine via the JSON API and the web-based UI. A user with the ability to view collections and filter them could use this flaw to execute arbitrary shell commands on the host with the privileges of the CloudForms process.
Red Hat Security Advisory 2016-1994-01
Red Hat Security Advisory 2016-1994-01 – In accordance with the Red Hat OpenShift Enterprise Support Life Cycle Policy, support for OpenShift Enterprise 2.x will end on December 31, 2016. Red Hat will not provide extended support for this product. Customers are requested to migrate to a supported Red Hat OpenShift Enterprise product prior to the end of the life cycle for OpenShift Enterprise 2.x. After December 31, 2016, technical support through Red Hat’s Global Support Services will no longer be provided. We encourage customers to plan their migration from Red Hat OpenShift Enterprise 2.x to the latest version of Red Hat OpenShift Enterprise. Please contact your Red Hat account representative if you have questions and/or concerns on this matter.
Cloud, IoT Big Factors in Annual BSIMM 7 Report
In Cigital’s seventh annual Building Security in Maturity Model report, cloud, agile software development and IoT factor into maturing secure software movement.
Signal is Most Secure Messenger, 'Useless Data' Obtained by FBI Proves It All
Do you trust your messaging app even though it uses end-to-end encryption?
As I previously said end-to-end encryption doesn’t mean that your messages are secure enough to hide your trace.
It’s because most of the messaging apps still record and store a lot of metadata on your calls and messages that could reveal some of your personal information including dates and durations of communication
Disk Pulse Enterprise 9.0.34 Buffer Overflow
Disk Pulse Enterprise version 9.0.34 suffers from a buffer overflow vulnerability.
Your IoT toy vs. my freedom
Insecure IoT devices come with a whopper of a price tag.
The post Your IoT toy vs. my freedom appeared first on Avira Blog.
Serimux SSH Console Switch 2.4 Cross Site Scripting
Serimux SSH Console Switch version 2.4 suffers from client cross site scripting vulnerabilities.