Monthly Archives: December 2016
Stop Calling Everything A Hack
Android Trojan Switcher Infects Routers Via DNS Hijacking
libpng10-1.0.67-1.fc24
This update fixes an old NULL pointer dereference bug in png_set_text_2() discovered and patched by Patrick Keshishian. The potential “NULL dereference” bug has existed in libpng since version 0.71 of June 26, 1995. To be vulnerable, an application has to load a text chunk into the png structure, then delete all text, then add another text chunk to the same png structure, which seems to be an unlikely sequence, but it has happened.
The update also fixes some documentation typos and an instance of undefined behavior.
libpng10-1.0.67-1.el6
This update fixes an old NULL pointer dereference bug in png_set_text_2() discovered and patched by Patrick Keshishian. The potential “NULL dereference” bug has existed in libpng since version 0.71 of June 26, 1995. To be vulnerable, an application has to load a text chunk into the png structure, then delete all text, then add another text chunk to the same png structure, which seems to be an unlikely sequence, but it has happened.
The update also fixes some documentation typos and an instance of undefined behavior.
libpng10-1.0.67-1.fc25
This update fixes an old NULL pointer dereference bug in png_set_text_2() discovered and patched by Patrick Keshishian. The potential “NULL dereference” bug has existed in libpng since version 0.71 of June 26, 1995. To be vulnerable, an application has to load a text chunk into the png structure, then delete all text, then add another text chunk to the same png structure, which seems to be an unlikely sequence, but it has happened.
The update also fixes some documentation typos and an instance of undefined behavior.
The 10 biggest security incidents of 2016
In 2016, companies have had their security solutions tested by increasingly sophisticated cybercriminals. We look at the year’s biggest security incidents.
The post The 10 biggest security incidents of 2016 appeared first on WeLiveSecurity
Obama Expels 35 Russian Spies Over Election Hacking; Russia Responds With Duck Meme
The United States has expelled 35 Russian spies in response to Russia’s alleged interference in last month’s presidential election, further escalating tensions between the countries.
The US state department has declared 35 diplomatic intelligence officials from the Russian embassy in Washington DC and the consulate in San Francisco “persona non grata,” giving them and their families 72 hours
Top 5 Google Searches of 2016
It’s been a long year, with many unexpected incidents – be it good or bad ones. One thing remains a constant though: People are still using Google to search for … yes, for what? Google was nice enough to put together a list with the top searches of 2016 – and since it’s fun to […]
The post Top 5 Google Searches of 2016 appeared first on Avira Blog.
How Fraudulent Advertising Could Be Costly to Your Company
Your company may be losing money because of online advertising. Beyond the success of advertisements when it comes to converting marketing budgets into sales, a singular type of cyberattack threatens to directly affect your company’s accounts.
Namely, there exist networks of bots that are used to inflate the number of clicks that ads receive. These botnets enable fraudsters to manipulate web advertising metrics, which in turn leads advertisers to pay more than what they should for legitimate clicks.
A recent study reveals the worrying consequences of this subtle kind of fraud. All over the world it has already cost businesses more than $7 billion, bloating advertising figures spectacularly and making up 11% of banner impressions and 23% of video advertisement impressions.
The main problem of this cyberattack in relation to other threats on the web — such as phishing and ransomware — is that it goes completely unnoticed. After infecting devices, cybercriminals are able to discreetly redirect traffic to simulate ad clicks. Since these are real devices owned by real people, advertisers are unaware that behind their ads’ success lies an army of bots.
So, it seems like nipping the problem in the bud may be complicated (at least from the advertiser’s perspective, who is billed according to these metrics, rigged as they may be). However, there are several things that companies can do, such as using quality advertising platforms that offer certain guarantees and that have demonstrated their willingness to persecute those responsible for these botnets.
Beyond that, it’s important to use ad metrics to check the duration of the visit to the webpage and the geographic location from which the supposed clicks are originating. This could be used to expose the fraud. Visitors that enter the page for only a fraction of a second or that do so from a faraway country that has little reason to be interested in the product will, most likely, be infected devices in the botnet.
The same thing happens with botnets used to make social network ad campaigns more expensive. These campaigns are likely orchestrated by a competitor with the intention of making advertising more expensive. In fact, they are relatively easy to track. If a wave of phantom followers appears out of the blue (without profile photo and with strange names), it most likely fraudulent.
The post How Fraudulent Advertising Could Be Costly to Your Company appeared first on Panda Security Mediacenter.