The topic of fake news is at the forefront of our political debate, now more than ever. What gave rise to its ubiquity? How do we combat it? Is this just an inevitable outcome of the Internet opening up a wider space for communication?
When we moved the Prague headquarters of Avast to the beautiful new Enterprise Office Center in January 2016, we strived to create a Silicon Valley-style working environment. Popular design ideas, conceived to foster collaboration among individuals and teams, were built into the 15,000 square meter office space. At the opening of the new building, Avast CEO, Vince Steckler said, “Avast has chosen a building that reflects its open, innovative, and inspirational company culture.”
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
You may be aware of the fact that a local Windows user with system rights and permissions can reset the password for other users, but did you know that a local user can also hijack other users’ session, including domain admin/system user, without knowing their passwords?
Alexander Korznikov, an Israeli security researcher, has recently demonstrated that a local privileged user can even hijack
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.