Monthly Archives: October 2014
Millions Of Websites Hit By Drupal Hack Attack
Two recently patched Adobe Flash vulnerabilities now used in Exploit Kits
Two Flash vulnerabilities that were fixed by Adobe 2 weeks ago are now being used in exploit kits. This is in addition to a third vulnerability, CVE-2014-0556, that was patched in September and that has also been added to Nuclear EK last week.
The post Two recently patched Adobe Flash vulnerabilities now used in Exploit Kits appeared first on We Live Security.
Police can make you unlock your phone with a fingerprint – judge
A judge in Virginia has ruled that the police can require you to unlock your smartphone with a fingerprint, but not with a passcode, Mashable reports. The seeming inconsistency here comes from the different ways passwords and physical authentication are treated. While a fingerprint is “like handing in a DNA sample or a physical key,
The post Police can make you unlock your phone with a fingerprint – judge appeared first on We Live Security.
CVE-2014-3473
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template.
CVE-2014-3475
Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578.
CVE-2014-3474
Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name.
CVE-2014-8578
Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475.
How to make sure Flash is up-to-date and enabling it on-demand
Learn how to update Adobe Flash Player, to help protect against malware attacks.
The post How to make sure Flash is up-to-date and enabling it on-demand appeared first on We Live Security.
Facebook Creates .Onion Site; Now Accessible Via Tor Network
Facebook has entered the hidden services with a new .onion site that will let Tor Network users sign into the world’s (second) most populace social network.