The hacker who stole nude photographs of female celebrities two years ago in a massive data breach — famous as “The Fappening” or “Celebgate” scandal — has finally been sentenced to 18 months in federal prison, authorities said on Thursday.
36-year-old Lancaster, Pennsylvania man Ryan Collins was arrested in March and charged with hacking into “at least 50 iCloud accounts and 72 Gmail
Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced
Update Support and Red Hat Enterprise Linux 6.5 Telco Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2016-5195
Red Hat Enterprise Linux: Updated Red Hat Enterprise MRG Realtime packages that add one enhancement are
now available for Red Hat Enterprise MRG 2.5.
27th October, 2016
A security issue affects these releases of Ubuntu and its
derivatives:
USN-3114-1 introduced a regression in nginx packaging.
USN-3114-1 fixed a vulnerability in nginx. A packaging issue prevented
nginx from being reinstalled or upgraded to a subsequent release. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Dawid Golunski discovered that the nginx package incorrectly handled log
file permissions. A remote attacker could possibly use this issue to obtain
root privileges.
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
27th October, 2016
A security issue affects these releases of Ubuntu and its
derivatives:
Several security issues were fixed in Firefox.
A use-after-free was discovered in service workers. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via program crash, or execute
arbitrary code. (CVE-2016-5287)
It was discovered that web content could access information in the HTTP
cache in some circumstances. An attacker could potentially exploit this
to obtain sensitive information. (CVE-2016-5288)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Firefox to make
all the necessary changes.
27th October, 2016
A security issue affects these releases of Ubuntu and its
derivatives:
Several security issues were fixed in Thunderbird.
Catalin Dumitru discovered that URLs of resources loaded after a
navigation start could be leaked to the following page via the Resource
Timing API. If a user were tricked in to opening a specially crafted
website in a browsing context, an attacker could potentially exploit this
to obtain sensitive information. (CVE-2016-5250)
Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard,
Steve Fink, Tyson Smith, and Carsten Book discovered multiple memory
safety issues in Thunderbird. If a user were tricked in to opening a
specially crafted message, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-5257)
Atte Kettunen discovered a heap buffer overflow during text conversion
with some unicode characters. If a user were tricked in to opening a
specially crafted message, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-5270)
Abhishek Arya discovered a bad cast when processing layout with input
elements in some circumstances. If a user were tricked in to opening a
specially crafted website in a browsing context, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code. (CVE-2016-5272)
A use-after-free was discovered in web animations during restyling. If a
user were tricked in to opening a specially crafted website in a browsing
context, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-5274)
A use-after-free was discovered in accessibility. If a user were tricked
in to opening a specially crafted website in a browsing context, an
attacker could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code. (CVE-2016-5276)
A use-after-free was discovered in web animations when destroying a
timeline. If a user were tricked in to opening a specially crafted
website in a browsing context, an attacker could potentially exploit this
to cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-5277)
A buffer overflow was discovered when encoding image frames to images in
some circumstances. If a user were tricked in to opening a specially
crafted message, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code.
(CVE-2016-5278)
Mei Wang discovered a use-after-free when changing text direction. If a
user were tricked in to opening a specially crafted website in a browsing
context, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-5280)
Brian Carpenter discovered a use-after-free when manipulating SVG content
in some circumstances. If a user were tricked in to opening a specially
crafted website in a browsing context, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code. (CVE-2016-5281)
An issue was discovered with the preloaded Public Key Pinning (HPKP). If
a man-in-the-middle (MITM) attacker was able to obtain a fraudulent
certificate for a Mozilla site, they could exploit this by providing
malicious addon updates. (CVE-2016-5284)
The problem can be corrected by updating your system to the following
package version:
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
Knock knock! Trick or treat! Companies and cybercriminals play the same game. You could be opening back doors to cybercriminals this year, without even knowing it. You’ll lose this game if you don’t fight back. Ransomware attacks will capture your documents and the attackers will be expecting a big juicy reward (if you want your files back, that is). This Halloween, beware!
An insider could already be hiding within company walls, brewing up trouble. A recent study shows that 60% of attacks perpetrated in businesses were carried out from inside the workplace. From undercover spies to terrorism gangs to disgruntled employees that steal top-secret information. Double, double toil and trouble…
Attacks by staff with privileged access represents one of the greatest threats for the security of the corporate information and data of your customers. Research conducted by Ponemon Institute indicate that hackers and criminal insiders are the main culprits of the security holes and data breaches. Three quarters of these attacks are ill intended, and one quarter of them are accidently carried out by employees without bad intention.
This year, the global cost of the infractions carried out by insiders with bad intentions is 154 euros per capita, much higher than the cost of infractions caused by system errors and involuntary offenses (about 125 euros and 120 euros per capita).
At the beginning of this month, an employee from the US government, Harold Thomas Martin, was accused of stealing classified information related to the NSA (National Security Agency). Let’s not forget the Edward Snowden leak from three years ago.
Shalom Bilik, who was subcontracted for computer system maintenance for Israel’s Ministry of Social Security and Welfare, accessed a database and stole information pertaining to 9 million Israeli citizens so he could sell it later on the black market.
Even Dropbox couldn’t escape from the insiders, when a cybercriminal stole data pertaining to more than 500 million users thanks to a negligence of an employee. It happened this time because of the carelessness of a Dropbox employee. The cybercriminals were able to obtain his LinkedIn password, which was the same one he used for saving files in the Dropbox Cloud. Stored in the cloud was a work document that contained a long list of email addresses. Access to more than 500 million users? What a treat for criminals who want to trick users with massive same campaigns.
Start using a cybersecurity solution that has advanced protection features, and that also has the capacity to detect and remedy possible threats.Make sure that Halloween only comes once a year. Manage, control and protect your information against advanced threats with Panda Solutions for Companies.
The post Insiders, their costumes are so good you won’t even recognize them. appeared first on Panda Security Mediacenter.
Juniper Junos ‘udp6_ctlinput()’ Function Denial of Service Vulnerability
Adobe Flash Player CVE-2016-7855 Use After Free Remote Code Execution Vulnerability
Citrix NetScaler ADC CVE-2016-9028 Open Redirection Vulnerability
