Make sure you are running a half-decent browser, don’t ignore browser security warnings, and enable two-factor authentication.
That appears to be the lesson to learn from the latest attack on Chinese internet users.
The post iCloud users in China under attack. But who could be after their passwords? appeared first on We Live Security.
Law makers in Britain are discussing a dramatic increase in sentencing for serious hacking offences, according to The Register. Currently in discussion in the country’s upper house, The House of Lords, the move looks to overhaul the Computer Misuse Act 1990, and includes a possible life sentence for serious hackers.
The post UK takes aim at serious hacking offenses with planned life sentences appeared first on We Live Security.
Document module is a basic Document Management System for Drupal.
The module wasn’t sanitizing user input sufficiently in a few use cases.
This vulnerability is mitigated by the the fact that a user must have permissions to add or edit documents to be able to exploit the vulnerability.
Drupal core is not affected. If you do not use the contributed Document module,
there is nothing you need to do.
Install the latest version:
Also see the Document project page.
The Drupal security team can be reached at security at drupal.org or via the contact form at
https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies,
writing secure code for Drupal, and
securing your site.
The Ubercart module provides a shopping cart and e-commerce features for Drupal.
The country administration links are not properly protected. A malicious user could trick a store administrator into enabling or disabling a country by getting them to visit a specially-crafted URL.
Drupal core is not affected. If you do not use the contributed Ubercart module,
there is nothing you need to do.
Install the latest version:
Also see the Ubercart project page.
The Drupal security team can be reached at security at drupal.org or via the contact form at
https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies,
writing secure code for Drupal, and
securing your site.
This module enables you to to target any malicious software directed at a Web site, whether it be a spambot, ill-designed search engine bot, or system crackers. It blocks such access and then logs their attempts.
The module doesn’t sufficiently sanitize log data, allowing usernames and passwords to get included in its logs.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission “administer bad behavior”.
Drupal core is not affected. If you do not use the contributed Bad Behavior module,
there is nothing you need to do.
Install the latest version:
Also see the Bad Behavior project page.
The Drupal security team can be reached at security at drupal.org or via the contact form at
https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies,
writing secure code for Drupal, and
securing your site.
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.
Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING.
Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in an (1) edit_poly, (2) edit_polyline, or (3) edit_marker action in the wp-google-maps-menu page to wp-admin/admin.php.
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the “tftp:// DHCPv6 boot option.”
gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.