The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.
Monthly Archives: March 2017
CVE-2016-10152
The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the “.athena.mit.edu” default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.
Breaking Boundaries in the Connected World
Scouting for technology trends, I attended the Mobile World Congress (MWC) exhibition 2017. Even though Barcelona, Spain is itself an amazing place to visit, this event, with over 2,000 exhibitors, really pulls you in. Whilst the media usually focuses on latest smartphone presentations and a bit about connected driving, I wanted to see how consumers will live in tomorrow’s […]
The post Breaking Boundaries in the Connected World appeared first on Avira Blog.
The worst passwords ever created
For many online services, the only thing keeping your personal data safe from hackers is a password. If a hacker can get hold of that password, they immediately gain access to the account.
Your choice of password is absolutely vital
Your choice of password is absolutely vital which is why most services force you to use a combination of letters and numbers to make it harder to guess. Despite this, many people continue to choose the same, easily-guessed passwords year after year.
Every year mobile app developer SplashData publishes a list of the 25 most common passwords worldwide. Not only are these passwords extremely simple to hack using automated cracking tools, but the fact they are so popular means that cybercriminals will try this list first.
The top 5 passwords
According to SplashData the top 5 passwords are:
- 123456
- password
- 12345
- 12345678
- qwerty
If any of these passwords look familiar, you could be in trouble.
Most people choose passwords very easy to remember
Most people choose these passwords because they are very easy to remember, and only take a second to type in. The fact that they are all letters or numbers, and all in lower case means that they require the minimum number of keypresses to enter – perfect for the small keyboards on smartphones.
Ignoring password best practice
When you first set up a new account online, you will be encouraged to choose a memorable word of phrase – preferably one that contains upper and lower case letters and numbers to make it harder to guess. But as we discussed on the Panda Security blog previously, these measures are not enough to fully protect yourself.
To increase security, upper and lower case letters need to be used in the middle of the password. They should also include special characters, like !?*(), making them almost impossible to guess. Not unbreakable, but certainly much more difficult.
Reusing passwords
The other major problem with SplashData’s list of most common passwords is that people tend to reuse them for all their accounts. So if cybercriminals gain access to your Facebook account using an easily-guessed password, they can then log into your email, online bank account, and virtually any other system.
More worrying still, if you use these same passwords at work, you place their systems and data at risk too. If the breach is significant, you could even lose your job.
Get creative with your passwords
Although you must include specific characters in your password, you can choose any word you like. Better still, you can string several words together to make very long, very complex password that is almost impossible to guess.
And if you must use the top 25 most popular passwords, try stringing several of them together instead. It’s not a perfect solution, but your password will be more secure.
Use a Password Manager
There are great security solutions that offer a larger degree of protection and include a password manager… all you need is a master password to access all of your favourite internet services. This way, you will only have to remember one password and, as you don’t have to memorize all of them, you can set different, more complex passwords for each service. It maintains your online privacy… at all times!
The post The worst passwords ever created appeared first on Panda Security Mediacenter.
Apple iOS 10.3 Fixes Safari Flaw Used in JavaScript-based Ransomware Campaign
If you own an iPhone or iPad, it’s possible you could see popup windows in a sort of endless cycle on your Safari browser, revealing your browser has been locked and asking you to pay a fee to unlock it. Just do not pay any ransom.
A new ransomware campaign has been found exploiting a flaw in Apple’s iOS Safari browser in order to extort money from users who view pornography content on their
9 out of 10 Americans value the data in their online accounts, yet don’t do much to protect it
Most of us have countless online accounts; and without even realizing it, we spread our personal information throughout the World Wide Web. We therefore wanted to find out how people not only value the information they store in their online accounts, but how they protect their information to prevent it from falling into the wrong hands.
Creepy? Maybe, but Employee Monitoring is Saving Companies Money
The practice of employee monitoring in the workplace has been evolving and is increasingly present in companies. As of this writing, 15% of companies on the prestigious Fortune 500 list have equipped their offices with tiny sensors created by the company Enlighted, which are used to find out how much time a worker spends at his or her desk, and also the time of first activity on their computers (used to determine when they begin the workday).
However, these aren’t the only companies to use this type of technology. Others have used biometric sensors manufactured by Humanyze to know exactly what their employees do in their working hours. The objective is to increase productivity and thereby achieve a more efficient use of resources. Hidden in the lights, walls, desks or even card readers, these sensors are installed with the intention of knowing as much as possible about what’s happening in the company.
One of benefits of this technology is knowing if the office space you use is inferior to its capacity. This would help companies decide whether or not it would be worth it to relocate to a smaller space. Other benefits include knowing when workers are most productive so as to readjust their schedules accordingly, knowing what time the office starts to fill up (and programming the power to turn on at that moment — some companies have already managed to save 25% on energy costs), or even having knowledge about which applications are being run on employee computers. On this last point, it could be possible to know if employees are accessing confidential data and whether, therefore, there is a potential risk to the company’s security.
Some companies have already managed to save 25% on energy costs with this technology.
Security and Confidentiality
When installing one of these employee monitoring systems, it is essential to have the best protection possible. For starters, any vulnerability in the new system could be exploited by cybercriminals to gain access to a great deal of information about the operation of your company, not to mention the possibility of manipulating said data.
Another major concern about having hidden sensors scattered throughout the office is the privacy of employees. Although in some countries it is allowed by law to install any type of sensor regardless of employee privacy, ideally employees will have given their consent. In fact, some companies and institutions, such as the British National Health Service, are already doing this with the consent of their workforce. Their employees are monitored voluntarily to measure, among other things, their movement or their location.
The post Creepy? Maybe, but Employee Monitoring is Saving Companies Money appeared first on Panda Security Mediacenter.
Close to 1.4 billion data records compromised in 2016
Over a billion data records were compromised globally in 2016, according to Gemalto’s latest Breach Level Index.
The post Close to 1.4 billion data records compromised in 2016 appeared first on WeLiveSecurity
Seven brief ways not to hang your virtual underwear out in public
Taking a few steps in the right direction will significantly increase your online privacy and security.
The post Seven brief ways not to hang your virtual underwear out in public appeared first on Avira Blog.
Almost 40% of Industrial Computers Faced a Cyberattack in the Second Half of 2016
Today, Kaspersky Lab ICS CERT experts have revealed new research that shows on average, two-in-five computers related to the technological infrastructure of industrial enterprises faced cyberattacks in the second half of 2016.