Netwave IP camera suffers from a password disclosure vulnerability.
Monthly Archives: February 2017
Microsoft Waits for Patch Tuesday to Fix SMB Zero Day
Microsoft said a Windows SMB zero day, which has a public proof-of-concept exploit available, is low risk and won’t be patched until an upcoming Patch Tuesday.
CUPS Remote Code Execution
CUPS versions prior to 2.0.3 reference count over decrement remote code execution exploit.
Kaspersky Lab’s Targeted Attacks Detection Solution is Now Certified by ICSA Labs
Kaspersky Lab’s Kaspersky Anti Targeted Attack (KATA) Platform has successfully passed independent testing by ICSA Labs, in a test rarely performed, which focuses on the efficiency of specialized solutions to protect businesses from advanced and targeted threats.
Copenhagen CyberCrime Conference Call For Speakers
The Copenhagen CyberCrime conference has announced its call for speakers. It will take play May 24th, 2017 in Copenhagen, Denmark.
Radio Stations Hacked to Play "F**k Donald Trump" on Repeat Across the Country
It’s just two weeks into the Trump presidency, but his decisions have caused utter chaos around the country.
One such order signed by the president was banning both refugees and visa holders from seven Muslim-majority countries (Iraq, Iran, Libya, Yemen, Somalia, Syria, and Sudan) from entering the United States, resulting in unexpectedly arrest of some travelers at airports.
Now, it seems
Android and Linux, the Technologies with the Most Security Holes in 2016
The latest version of Google’s mobile operating system, Android Nougat, has quite a few security improvements over older versions and, in fact, its arrival on the market is more than necessary. Not for nothing, Android has managed to win the dubious honor of being the product with the most security vulnerabilities discovered in 2016.
According to the ranking carried out by the CVE Details digital platform, more than five hundred holes in Google’s mobile operating system over the past year have been found. To be exact, there were 523 security errors that put its more than 1.5 billion users at risk.
So Android has overtaken Apple. In 2015, the operating system of Apple computers, Mac OS X, had the greatest amount of vulnerabilities to their credit. However, this year Cupertino seems to have done their homework. They’ve gone from leading last year’s ranking with more than 400 vulnerabilities to closing out 2016 at number eleven on the list, with little more than 200 holes identified throughout the year.
So it turns out having a mobile fleet in your company comprised of Android phones can pose a real risk if you don’t have the right protection. In addition, it is important to update the terminal with the latest version possible, which ultimately will depend on the manufacturer (some are quicker than others, and all are abandoning their older models completely). It’s no wonder there are more than 300 million Android devices that no longer even receive security patches.
Two Linux distributers, Debian and Ubuntu, are the technological products that join Android on the podium of the most error-riddled software. Throughout 2016 over 300 vulnerabilities were found in Debian, while the other distributer came in third place with almost 280 errors.
Choosing your company’s technological tools can be key to preserving both your safety and that of your customers. However, not many are able to escape vulnerabilities: operating systems like Windows 10, browsers such as Google Chrome, or software giants like Adobe are also among the twenty products with the most vulnerabilities discovered in 2016.
The post Android and Linux, the Technologies with the Most Security Holes in 2016 appeared first on Panda Security Mediacenter.
CVE-2016-8212
An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the lack of a nextUpdate as indicating that the OCSP response is valid indefinitely instead of restricting its validity for a brief period surrounding the thisUpdate time. This vulnerability is similar to the issue described in CVE-2015-4748.
CVE-2017-3824
A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco cBR-8 Converged Broadband Routers running vulnerable versions of Cisco IOS XE are affected. More Information: CSCux40637. Known Affected Releases: 15.5(3)S 15.6(1)S. Known Fixed Releases: 15.5(3)S2 15.6(1)S1 15.6(2)S 15.6(2)SP 16.4(1).
CVE-2017-3810
A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected system. More Information: CSCvb21745. Known Affected Releases: 10.0_R2_tanggula.