Posted by Williams, Ken on Nov 10
CA20161109-01: Security Notice for CA Unified Infrastructure Management
Issued: November 09, 2016
CA Technologies Support is alerting customers to three vulnerabilities in
CA Unified Infrastructure Management (formerly CA Nimsoft). The first
vulnerability, CVE-2016-9165, involves insecure handling of sessions IDs.
A remote attacker can potentially acquire a session ID and bypass
authentication or elevate privileges. The second…
Posted by eov eov on Nov 10
Features:
Process hiding
User hiding
Network hiding
LXC container
Anti-Debug
Anti-Forensics
Persistent (re)installation & Anti-Detection
Dynamic linker modifications
Backdoors
accept() backdoor (derived from Jynx2)
PAM backdoor
PAM auth logger
vlany-exclusive commands
Download: https://github.com/mempodippy/vlany
Posted by Berend-Jan Wever on Nov 10
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the
seventh entry in that series.
The below information is available in more detail on my blog at
http://blog.skylined.nl/20161109001.html. There you can find a repro
that triggered this issue in addition to the information below.
Follow me on http://twitter.com/berendjanwever for daily browser bugs.
MSIE 9-11…
Posted by Berend-Jan Wever on Nov 10
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the
eight entry in that series, although this particular vulnerability does
not just affect web-browsers, but all applications that use WININET to
make HTTP requests.
The below information is available in more detail on my blog at
http://blog.skylined.nl/20161110001.html. There you can find a repro
that triggered…
Posted by Berend-Jan Wever on Nov 10
Some additional information:
It was pointed out to me that I did not adequately explain that WININET
is widely used by Microsoft applications to handle HTTP requests,
*AND* probably be all third-party applications that use Windows APIs to
make HTTP requests. All these applications may be vulnerable to the
issue, though it may be hard to exploit in most (if not all).
According to Microsoft this issue affected MSIE and Edge and was fixed
through…
Original release date: November 10, 2016
Google has released Chrome version 54.0.2840.99 for Windows and version 54.0.2840.98 for Linux. These new versions address multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.
US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Computers are a big mystery for many people, especially for those who just want to use the device and not think about certificates, cookies, PUA, and malware. They just want to turn it on, connect to the closest WiFi, and get to work.
The post No, your computer (probably) does not contain child porn appeared first on Avira Blog.
Warning – the following article may contain spoilers
Charlton Brooker’s Black Mirror television series has become something of a phenomenon thanks to its almost prophetic predictions about society and technology. Set in the very near future, Black Mirror borrows technology stories from the media, and imagines the worst possible outcomes to create a bleak view of the world that we are creating today.
What makes Black Mirror so compelling is that the storylines are simultaneously outlandish and plausible. More impressive is the fact that some of the predictions have actually come true.
As the third season of Black Mirror airs on Netflix, it’s time to consider how close to reality the latest round of predictions really are.
Hackers take control of a Kenny’s laptop, and use the webcam to secretly film him in a compromising situation. Kenny then receives a string of ransom texts to his phone, demanding he follow the supplied instructions or risk the embarrassing video being leaked to his friends, family and the rest of the world online.
The reality is that malware already exists to hack into computers, activating the web cam remotely. And like most malware, you probably won’t even notice anything is wrong until you receive a ransom demand or similar.
To prevent being spied on, some people take the extreme step of taping over their webcam – a method favoured by Facebook CEO Mark Zuckerberg.
Just as effective (and much easier to manage) is to protect your computer with a robust antivirus application like Panda Security that can detect and block malware before it can install itself.
The Metropolitan Police investigate the brutal murder of a journalist in London. All the evidence seems to point to the woman’s husband, but of the detectives assigned to the case suspects that social media may also play a part.
As more deaths follow, it is discovered that a swarm of robot bees has been programmed to kill anyone trending online with the hashtag #DeathTo. The mob mentality of social media users is unwittingly singling out individuals for death.
The robot bees may not yet exist, but the vicious hashtags that accompany each attack in Black Mirror certainly do. Cyberbullying is widespread, and really does cause lasting damage to the victim, leading to stress, depression and, in extreme cases, suicide.
Online bots that respond to trending hashtags already exist, helping to spread viral messages, or trigger specific actions for companies that monitor social media. The artificial “intelligence” to drive a swarm of robot bees is ready, even if the technology is not.
To avoid attracting the attention of trolls online, parents should consider installing a comprehensive internet security package like Panda Gold Protection (you can download a free trial here). This will allow you to block access to sensitive sites – including social media – protecting your family against simple, unintentional mistakes becoming headline (life-threatening) news.
Black Mirror makes for uncomfortable viewing – mainly because it is so close to the reality we know. The dire outcomes of each episode are just realistic enough to create a terrifying view of the future. Fortunately you can avoid starting some of these chains of events with some effective internet security software.
For more help and advice about staying safe online, please get in touch.
The post Black Mirror – How much is already real? appeared first on Panda Security Mediacenter.
Vlany is a Linux rootkit that provides process hiding, user hiding, network hiding, LXC container, anti-debug, anti-forensics, persistent reinstalls, dynamic linker modifications, backdoors, and more.
Google has announced new measures that resolve a security loophole that allows certain websites to circumnavigate its Safe Browsing service.
The post Google fixes Safe Browsing security loophole appeared first on WeLiveSecurity.
