Monthly Archives: April 2017

AVG

AVG Business by Avast awarded ‘Security Vendor of the Year’

AVG Business by Avast proudly accepted the “Security Vendor of the Year” award at the European IT & Software Excellence Awards held in London on March 30.

The annual awards is the leading pan-European awards for resellers, ISVs, Solution Providers and Systems Integrators, and their vendor and distributor partners. Avast’s PR Director, Stephanie Kane, accepted the award on behalf of the AVG Business team.

Run by top European channel publication, IT Europa, the awards are in their ninth year. More than 500 entries were received this year with 154 finalists vying for just 26 trophies, so the competition was fierce. The Security Vendor of the Year award recognizes best practices in customer solutions, as well as service excellence from vendors and distributors.

“This category is voted for exclusively by readers of the magazine,” said Kevin Chapman, Senior Vice President and General Manager for Avast’s SMB business. “This award is a great testament to our products and to our people who work with our channel partners every day. We should be very proud of winning this well-deserved accolade for the second year in a row.”

“The investments we have begun to make this year in rigorously improving our products and expanding our partner program offerings will lay the foundation for another year of joint success that we believe will enable us to win more such industry awards in the future,” said Chapman.

“We look forward to maintaining a strong relationship with IT Europa, a publication that has been instrumental in keeping AVG Business by Avast in the minds of our channel partners and end users.”

Security

SolarWind LEM Default SSH Password Remote Code Execution

This Metasploit module exploits the default credentials of SolarWind LEM. A menu system is encountered when the SSH service is accessed with the default username and password which is “cmc” and “password”. By exploiting a vulnerability that exist on the menuing script, an attacker can escape from restricted shell. This Metasploit module was tested against SolarWinds LEM v6.3.1.

Security

Trump Signs Repeal of ISP Privacy Rules

President Trump signed a resolution to complete the overturning of internet privacy protections that would have prevented ISPs from tracking you online without first asking users to opt-in.

NVD

CVE-2016-3740

Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value in a crafted TIFF image that is mishandled during PDF conversion. This is fixed in 8.0.

NVD

CVE-2017-5649

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cluster.

NVD

CVE-2016-5870

The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact by triggering failure of an accept system call for an AF_MSM_IPC socket.

Hackers News

Update Your Apple Devices to iOS 10.3.1 to Avoid Being Hacked Over Wi-Fi

Less than a week after Apple released iOS 10.3 with over 100 bug fixes and security enhancements; the company has just pushed an emergency patch update – iOS 10.3.1 – to addresses a few critical vulnerabilities, one of which could allow hackers to “execute arbitrary code on the Wi-Fi chip.”

The vulnerability, identified as CVE-2017-6975, was discovered by Google’s Project Zero staffer Gal