A new survey has estimated that British businesses spend around £34bn a year ($52.5bn) protecting the country from cyberattacks,
The post British businesses spend £34bn a year defending cyberattacks, limiting growth appeared first on We Live Security.
The Duqu attackers, who are considered by researchers to be at the top of the food chain of APT groups and are responsible for attacking certificate authorities and perhaps spying on Iran’s nuclear program, have resurfaced with a new platform that was used to compromise high-profile victims, including some related to the Iran nuclear talks […]
Posted by Vulnerability Lab on Jun 10
Document Title:
===============
Heroku Bug Bounty #2 – (API) Re Auth Session Bypass Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1323
Video: http://www.vulnerability-lab.com/get_content.php?id=1336
Vulnerability Magazine:
http://magazine.vulnerability-db.com/?q=articles/2015/06/09/heroku-bug-bounty-2015-api-re-auth-session-token-bypass-vulnerability
Release Date:
=============…
Posted by RedTeam Pentesting GmbH on Jun 10
Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery
During a penetration test, RedTeam Pentesting discovered a vulnerability
in the management web interface of an Alcatel-Lucent OmniSwitch 6450.
The management web interface has no protection against cross-site
request forgery attacks. This allows specially crafted web pages to
change the switch configuration and create users, if an administrator
accesses the website…
Posted by RedTeam Pentesting GmbH on Jun 10
Advisory: Alcatel-Lucent OmniSwitch Web Interface Weak Session ID
During a penetration test, RedTeam Pentesting discovered a vulnerability
in the management web interface of an Alcatel-Lucent OmniSwitch 6450.
This interface uses easily guessable session IDs, which allows attackers
to authenticate as a currently logged-in user and perform administrative
tasks.
Details
=======
Product: Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400,…
CentOS Errata and Security Advisory 2015:1081 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1081.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: d5c1966620f84ccab7edaf66f6afb22f9ecd6e04a7984fe7219c6de5cccb58e1 kernel-2.6.32-504.23.4.el6.i686.rpm 498332d60af7984457d4625079eee39610b34430a867abd438041ae0cd14e536 kernel-abi-whitelists-2.6.32-504.23.4.el6.noarch.rpm 3a23bda2a131224c3cddfff1277808eca907e2ddee3b4bf8a30e2a4be21336e7 kernel-debug-2.6.32-504.23.4.el6.i686.rpm fe25ad53f16867495982b7434251123ef2cc56062ea68ac84cb108d598f47f1a kernel-debug-devel-2.6.32-504.23.4.el6.i686.rpm cb44e984932ba7cb6347177725720792a8bfc8a21d8321769d389c2afa25f015 kernel-devel-2.6.32-504.23.4.el6.i686.rpm 5befd5a8f9fc10dbcdbb0727a3b655f7ede6dc3dad56035fcd16b4b807f23178 kernel-doc-2.6.32-504.23.4.el6.noarch.rpm 7a9ac9ee5fd79d7c0132caab23bfe9b6fd997251058a7785848e00b849f438b4 kernel-firmware-2.6.32-504.23.4.el6.noarch.rpm 334c58dc74f19c6b7b2454d0cee3e1926649faf8ba72f2d9f9ac458b3cad6b9b kernel-headers-2.6.32-504.23.4.el6.i686.rpm 6345191d4908522508bbeff9b551a7af54808ff040c67b7ea1bdd19b5b0c9f80 perf-2.6.32-504.23.4.el6.i686.rpm 3c2d06c4e149ce2171819d59b6b469e52ac147d8fcc948174b4a11c2991af4e7 python-perf-2.6.32-504.23.4.el6.i686.rpm x86_64: d224bbd26a640dbc315324a5f1ad6efa2bddecf598dca0b0597be5cd4923f2e3 kernel-2.6.32-504.23.4.el6.x86_64.rpm 498332d60af7984457d4625079eee39610b34430a867abd438041ae0cd14e536 kernel-abi-whitelists-2.6.32-504.23.4.el6.noarch.rpm 0b4496b3ae0e491e52becda9be5a63723cc656e4a333fda21fa8d3db593641c1 kernel-debug-2.6.32-504.23.4.el6.x86_64.rpm 00890e79590caab4726eb27da4bdfce1a3460c2865bc3378f33236e59d077d4e kernel-debug-devel-2.6.32-504.23.4.el6.x86_64.rpm 8fe850b0d0760a9648e5baac6883355ed2d46461d48b225158f943542adc25d9 kernel-devel-2.6.32-504.23.4.el6.x86_64.rpm 5befd5a8f9fc10dbcdbb0727a3b655f7ede6dc3dad56035fcd16b4b807f23178 kernel-doc-2.6.32-504.23.4.el6.noarch.rpm 7a9ac9ee5fd79d7c0132caab23bfe9b6fd997251058a7785848e00b849f438b4 kernel-firmware-2.6.32-504.23.4.el6.noarch.rpm 2b1b840d6743ecf0f5f1085a2ba1103e38231e249932cb4c0a3ee75dabdede1f kernel-headers-2.6.32-504.23.4.el6.x86_64.rpm 5da5546aed626186ffa91d3523ae6cfad18a5e5123d73e3cf022625f199673c7 perf-2.6.32-504.23.4.el6.x86_64.rpm e1b6d439abab6929a60c8081352a6c727d8cba235fcd8cda5b0bb7f27085eb74 python-perf-2.6.32-504.23.4.el6.x86_64.rpm Source: 81ef629cac158b5efac57e713db8e6995c8a5eb2f8a53e0e09b133889045c9e0 kernel-2.6.32-504.23.4.el6.src.rpm
You are rarely separate from the device which is with you day and night. Sending it to the technical service because it has been giving you problems for the last few weeks, giving it away because you want to buy the next model or giving it a second life by recycling it or donating it through the numerous web pages are some of the many situations in which you will have to say goodbye to your phone, temporally or forever.
This is when you should think about the amount of private information your smartphone stores, so the best thing to do is to erase every single detail of your life and leave no trace suggesting that this mobile phone used to be yours.
You should not only erase your photos, but preferably you should restore your Android’s original settings, with the original data so that your memories are eliminated from your mobile phone, before you send it to the technical service, to someone else or to a recycling service. You just have to do a backup first and then reset your phone selecting the option for reestablishing the original data which you can access from the settings option.
A simple way for the millions of Android users around the world (in 2014 alone more than one billion devices with this operating system were sold) to make sure their phone is like it was on the first day. Or so we thought until now…
Two researchers from Cambridge University, Laurent Simon and Ross Anderson, have just published a study which shows that our data remains in the phone even if we have restored the original settings. These experts estimate that between 500 and 630 million Android devices in the planet are not able to erase completely the data stored in their internal disks and SD cards, which poses without a doubt a threat to their owners’ privacy.
To conduct the research, they tested 21 devices from five different manufacturers (Samsung, HTC, LG, Motorola and Google) with different versions of the Android operating system, in particular from the 2.3 to the 4.3, and they were able to recover most of the data stored on these supposedly empty devices.
Contacts, pictures, videos, texts, emails and even Facebook or WhatsApp logins were some of the data the researchers were able to recover. In fact, the study shows that the data could be easily reestablished even when the owners had activated the full restoration of the disk.
In 80% of the cases the researchers managed to access the users’ private information and Google services like Gmail and Calendar. The study suggests that it could be the responsibility of the manufacturers, who might not have included the software drivers necessary to clean the non-volatile memory of the phone. Of course, it is still not known what Google and the electronic brands involved will do to fix the problem.
So, if you are thinking of separating yourself from your phone soon and don’t want anyone else to recover the information it contains, you have two options: accept this and think that no cybercriminal will be interested in the details of your virtual life (bad idea) or partly destroy the phone and recycle it part by part (not very advisable, either). It will almost be better to wait for it to be fixed.
The post Be careful when restoring your Android! WhatsApp and Facebook logins may survive and end up in the wrong hands appeared first on MediaCenter Panda Security.
Panda Security today announced the launch of Panda Adaptive Defense, a cloud-based solution that ensures endpoint protection against Advanced Persistent Threats (APTs), the ransomware trojan CryptoLocker, and targeted attacks in enterprise environments. Adaptive Defense offers a disruptive approach compared to traditional blacklist-, whitelist- and sandbox-based approaches. Adaptive Defense also detected the recently publicized “Phantom Menace” that was reported by PandaLabs.
Advanced Persistent Threats are next generation malware that use sophisticated strategies, such as multiple simultaneous attacks over an extended period of time with the primary objectives of industrial espionage or data theft. Traditional antivirus solutions are not capable of detecting these types of attacks, nor of disinfecting the computers that become compromised. Adaptive Defense, however, delivers an industry-first security model based on automated monitoring, investigation and classification of the behavior and nature of every application. This provides robust and complete protection, only allowing legitimate applications (goodware) to run.
Additionally, Adaptive Defense’s remediation services and ability to incorporate into the customer’s existing security infrastructure provides a complete enterprise solution against all types of malware.
“No other security developer provides the full classification or attestation of all processes, making Adaptive Defense a significant innovation in this field, and the ideal solution for companies looking to fill the gap of existing approaches”, said Josu Franco, Vice President of Corporate Development at Panda Security. “Panda has leveraged its storied 25-year history in the security industry to bring this kind of innovation to the security market, and now offers a solution to address the increasingly insidious malware environment companies are facing”.
Adaptive Defense automatically and continuously classifies all running processes using a combination of local intelligence, big data in the cloud and Panda Labs Research. This approach enables:
Security professionals responsible for enterprises around the world can view the status of hundreds, even thousands of endpoints in real-time, as well as manage all settings from a single Web console.
Panda Security will be showcasing Adaptive Defense at the Gartner Security & Risk Management Summit, Booth 1127 for which Panda is a Silver Sponsor, in National Harbor, MD from June 8 – 11, 2015.
The post Panda Security Launches Adaptive Defense; Industry-First Solution for Endpoint Security Offering Automated Prevention, Detection and Remediation of Advanced Malware appeared first on MediaCenter Panda Security.
CFP The 2nd International Conference on Information Systems Security and Privacy ICISSP 2016