Monthly Archives: March 2017
Online Shops Plundered By Aptos Hack
Previously Unseen Malware Behind Attack On UK Hospital Group
How An Illegal Canadian Spy Program Sailed Through Checks
Google reCaptcha Bypass Technique Uses Google’s Own Tools
A proof of concept bypass of Google’s CAPTCHA verification system uses Google’s own web-based tools to pull off the skirting of the system.
Google Employees Help Thousands Of Open Source Projects Patch Critical ‘Mad Gadget Bug’
Last year Google employees took an initiative to help thousands of Open Source Projects patch a critical remote code execution vulnerability in a widely used Apache Commons Collections (ACC) library.
Dubbed Operation Rosehub, the initiative was volunteered by some 50 Google employees, who utilized 20 percent of their work time to patch thousands of open source projects on Github, those were
Major internet safety strategy to ‘bolster online safety’ for children in the UK
The UK is developing an internet safety strategy in an attempt to secure a position as “the safest place in the world for young people to go online”.
The post Major internet safety strategy to ‘bolster online safety’ for children in the UK appeared first on WeLiveSecurity
When cyber-security becomes an affair of state
http://www.pandasecurity.com/mediacenter/src/uploads/2017/03/IMG-MC-elecciones-300×225.jpg
The Netherlands, France and Germany will hold presidential elections in the coming months. A series of electoral processes that take place in the wake of the U.S. elections, during which, Russian cyber-attackers leaked thousands of Democratic National Committee emails which some claim may have affected the election result – a possibility ruled out by President Trump despite finally admitting the existence of said attacks.
Dutch authorities will count all
election ballots by hand to stop hackers.
Following the events on the other side of the pond, some European leaders are now worried that Russian cyber-espionage groups may try to influence their elections in order to help far-right candidates. European Security Commissioner Julian King has admitted that cyber-attacks could be used “to manipulate democratic processes.” More specifically, cyber-security experts fear the possibility that phishing attacks may be used to extract confidential information that tarnishes the reputation of certain candidates, as was the case with Hillary Clinton.
Growing cyber-security fears ahead of coming European elections
The first elections will take place in the Netherlands, where voters will go to the polls on March 15. The Dutch government has resorted to extreme measures to combat cyber-attacks aimed at manipulating the general election. In fact, Dutch authorities have announced that they will count all ballots cast by hand, and will communicate the election results by phone to avoid any risk of hackers messing with the results. This announcement was made after a cyber-security expert stated that the software used at Dutch polling stations is vulnerable to hacking.
The two rounds of France’s 2017 presidential elections will take place on April 23 and May 7, and French authorities are warning political parties about the increased threat of cyber-attacks. French Defense Minister Jean-Yves Le Drian recently said that in 2016 about 24,000 external attacks against his ministry were blocked by security, and warned of a real risk of cyber-attacks on French civil infrastructure such as electricity, telecommunications and transport.
Germany will hold its federal election on September 24. According to Stefan Soesanto, cyber-security expert at the European Council on Foreign Relations, the German federal system could lead to communication failures among security teams. Just a few months ago, German Chancellor Angela Merkel expressed her concern that Russia could try to influence Germany’s general elections, and recently indicated that security will be a key issue in the election campaign.
Taking all of this into account, it seems clear that cyber-security will play a key role in order to stop cyber-attacks from having an impact on Europe’s upcoming elections. However, it is not only political parties that must step up their defenses. The best way for your organization to protect itself against cyber-attaks, including phishing emails, is to have an advanced cyber-security solution in place, such as Panda’s Security Adaptive Defense 360. Prevention, detection, response and remediation becomes an affair of state.
The post When cyber-security becomes an affair of state appeared first on Panda Security Mediacenter.
Yahoo Reveals 32 Million Accounts Were Hacked Using 'Cookie Forging Attack'
Yahoo has just revealed that around 32 million user accounts were accessed by hackers in the last two years using a sophisticated cookie forging attack without any password.
These compromised accounts are in addition to the Yahoo accounts affected by the two massive data breaches that the company disclosed in last few months.
The former tech giant said that in a regulatory filing Wednesday
php-pear-PHP-CodeSniffer-2.8.1-1.fc25
**Version 2.8.1**
* This release contains a fix for a security advisory related to the improper handling of shell commands
* Uses of shell_exec() and exec() were not escaping filenames and configuration settings in most cases
* A properly crafted filename or configuration option would allow for arbitrary code execution when using some features
* All users are encouraged to upgrade to this version, especially if you are checking 3rd-party code
* e.g., you run PHPCS over libraries that you did not write
* e.g., you provide a web service that runs PHPCS over user-uploaded files or 3rd-party repositories
* e.g., you allow external tool paths to be set by user-defined values
* If you are unable to upgrade but you check 3rd-party code, ensure you are not using the following features:
* The diff report
* The notify-send report
* The Generic.PHP.Syntax sniff
* The Generic.Debug.CSSLint sniff
* The Generic.Debug.ClosureLinter sniff
* The Generic.Debug.JSHint sniff
* The Squiz.Debug.JSLint sniff
* The Squiz.Debug.JavaScriptLint sniff
* The Zend.Debug.CodeAnalyzer sniff
* Thanks to Klaus Purer for the report
* The PHP-supplied T_COALESCE_EQUAL token has been replicated for PHP versions before 7.2
* PEAR.Functions.FunctionDeclaration now reports an error for blank lines found inside a function declaration
* PEAR.Functions.FunctionDeclaration no longer reports indent errors for blank lines in a function declaration
* Squiz.Functions.MultiLineFunctionDeclaration no longer reports errors for blank lines in a function declaration
* It would previously report that only one argument is allowed per line
* Squiz.Commenting.FunctionComment now corrects multi-line param comment padding more accurately
* Squiz.Commenting.FunctionComment now properly fixes pipe-separated param types
* Squiz.Commenting.FunctionComment now works correctly when function return types also contain a comment
* Thanks to Juliette Reinders Folmer for the patch
* Squiz.ControlStructures.InlineIfDeclaration now supports the elvis operator
* As this is not a real PHP operator, it enforces no spaces between ? and : when the THEN statement is empty
* Squiz.ControlStructures.InlineIfDeclaration is now able to fix the spacing errors it reports
* Fixed bug #1340 : STDIN file contents not being populated in some cases
* Thanks to David Bi?ovec for the patch
* Fixed bug #1344 : PEAR.Functions.FunctionCallSignatureSniff throws error for blank comment lines
* Fixed bug #1347 : PSR2.Methods.FunctionCallSignature strips some comments during fixing
* Thanks to Algirdas Gurevicius for the patch
* Fixed bug #1349 : Squiz.Strings.DoubleQuoteUsage.NotRequired message is badly formatted when string contains a CR newline char
* Thanks to Algirdas Gurevicius for the patch
* Fixed bug #1350 : Invalid Squiz.Formatting.OperatorBracket error when using namespaces
* Fixed bug #1369 : Empty line in multi-line function declaration cause infinite loop