Have you ever heard of Authenticode? This article not only explains what’s behind the name but also where its weaknesses lie.
The post Undermining Authenticode appeared first on Avira Blog.
Tag Archives: Threats
What is the core idea behind applying ISO 27001?
This article looks at the core idea behind applying ISO 27001.
The post What is the core idea behind applying ISO 27001? appeared first on We Live Security.
Legit APPS or PUA? Keep your eyes wide open!
Nowadays, our Personal Computers are able to perform a huge amount of tasks as we can find Applications for mostly everything one can imagine. Not to mention, we often have more than one App installed for the same kind of task. When does it become too much?
The post Legit APPS or PUA? Keep your eyes wide open! appeared first on Avira Blog.
Facebook Security Checkup feature now available
Facebook has made a new feature called Security Checkup generally available after testing on an invite-only group, according to SoftPedia.
The post Facebook Security Checkup feature now available appeared first on We Live Security.
United Airlines Breached
You sure remember the big data breach that targeted the U.S. Office of Personnel Management, right? Well, the same group apparently attacked United Airlines.
The post United Airlines Breached appeared first on Avira Blog.
Your Android device is at risk: Protect yourself against Stagefright!
Huge vulnerability disclosed this week for Android devices performing a remote code execution over MMS. Fortunately, there are some things you can do to increase the level of security on your smartphone.
The post Your Android device is at risk: Protect yourself against Stagefright! appeared first on Avira Blog.
Your Android device is at risk: Protect yourself against Stagefright!
Huge vulnerability disclosed this week for Android devices performing a remote code execution over MMS. Fortunately, there are some things you can do to increase the level of security on your smartphone.
The post Your Android device is at risk: Protect yourself against Stagefright! appeared first on Avira Blog.
MD5: The broken algorithm
When you have to work with thousands of files per day, it is generally a good idea to generate a hash of a file that would identify it on a unique way. A hash function is any function that can be used to map digital data of arbitrary size to digital data of fixed size.
The post MD5: The broken algorithm appeared first on Avira Blog.
Steam Account Security Issue Got Fixed
Wow, that sentence sounds rather boring, right? Well, let’s elaborate a bit. If you are an avid PC gamer you most like know Steam, and if you are into playing (or watching) gamers compete in Multiplayer Online Battle Arenas (MOBAs), you also might have noticed that some of the more famous DotA 2 players got their accounts stolen. Of course their accounts were not the only ones affected, but definitely the most noticeable ones.
What happened is that Steam apparently had a rather big loophole in its system: One could access another account with only the username – and it was as simple as eating pie. Just take a look at the video below and be amazed:
The issue is now fixed, after Valve learned of it on July 25th – so if you are a gamer with a lot of games in your steam library (or a professional DotA/CS:GO player) you can relax.
According to Kotaku, Valve release a statement to those affected:
“To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.
Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.
We apologize for any inconvenience.”
The post Steam Account Security Issue Got Fixed appeared first on Avira Blog.
XSS Vulnerability In WordPress – Update Now
The guys from WordPress just released version 4.2.3 of their software, which is mostly a security update. They “strongly encourage you to update your sites immediately.“ To do so just visit your Dashboard, click on ‘Updates’ and then on ‘Update Now’. As mentioned above you’ll only have to update manually if, for whatever reason, you decided to disable the automatic updates.
According to their blog entry the newest version contains fixes for 20 bugs from 4.2. The page also says: “WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was initially reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team, and later reported by Jouko Pynnönen.
We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.“
And don’t forget: Since WordPress is definitely one of the most popular Content Management Systems and blogging platforms out there it remains an attractive target for cybercriminals – especially due to the huge user base. Administrators should always keep their WordPress installations (including addons and themes) updated and patch as soon as there are security updates available.
If you want to find out more about the dangers you could face as a blog administrator and get some advice which might help you to protect your page, take a look at Ange Albertini’s blog article concerning the topic.
The post XSS Vulnerability In WordPress – Update Now appeared first on Avira Blog.