Posted by Portcullis Advisories on Jul 13
Vulnerability title: SQL Injection In Pimcore CMS
CVE: CVE-2015-4426
Vendor: Pimcore
Product: Pimcore CMS
Affected version: Build 3450
Fixed version: Build 3473
Reported by: Josh Foote
Details:
It was possible to inject arbitrary SQL into the application provided an administrative account with the ‘assets’
privilege.
Further details at:…
Posted by Portcullis Advisories on Jul 13
Vulnerability title: Directory Traversal/Configuration Update In Pimcore CMS
CVE: CVE-2015-4425
Vendor: Pimcore
Product: Pimcore CMS
Affected version: Build 3450
Fixed version: Build 3473
Reported by: Josh Foote
Details:
It is possible for an administrative user with the ‘assets’ permission to overwrite system configuration files via
exploiting a directory traversal vulnerability.
Further details at:…
Several hundred employees and their families gathered Friday evening for this year’s Schrebergarten-themed event. (‘Schrebergarten’ is a garden style named after the late Dr. Daniel Gottlob Moritz Schreber.) Live music, wafting aromas of grilled meats and vegetables, an open bar, gnome-themed photo opportunities, table tennis, a play area for the children, and other mini-gatherings made sure that there was something for everyone.
Not only did the party warmly welcome all of our ‘newbies’ hired within the last few months, but it was also a special treat to have so many of our Avira colleagues join us from the Romania office. Normally, they celebrate with their own summer party in Bucharest, but this year brought a couple dozen folks to Tettnang for a long-awaited Avira vs. Avira football game that occurred the day before.
Founded i
n Tettnang (first mentioned in 882 AD), Avira’s headquarters is surrounded by hundreds of acres of rolling hills that produce a very fine beer hop. Less than 10 kilometers away, Lake Constance (German: Bodensee) offers sunbathing, swimming, boating, and other water sports (which more than a few Avira employees took advantage of the next day after the party). And Friedrichshafen, beside the lake, offers shops and creative art displays, with enough cultural presence that a Russian ballet company from Moscow is on the schedule in coming weeks. It’s no wonder that Avira is one of the region’s biggest employers … I mean, who wouldn’t want to live and party here?!
Check Avira job postings for Tettnang and other locations.
The post Avirans know how to party appeared first on Avira Blog.
Barclays bank is to pay out around £500,000 in compensation to 2,000 customers whose personal data was found on a USB stick in a flat on the south coast.
The post Barclays compensates customers after personal data trove uncovered appeared first on We Live Security.
Several new versions of PHP have been released, all of which contain a number of bug fixes, most notably a patch for the so-called BACKRONYM vulnerability in MySQL. That bug in MySQL is caused by a problem with the way that the database software handles requests for secure connections. Researchers at Duo Security disclosed the […]
With over 3 million smartphones stolen annually in the USA, and more than 300 each day on the streets of London, smartphone theft is sadly now an everyday occurrence.
These days, losing a smartphone means costs us so much more than the device itself. Our personal information, messages, emails, contacts and social networking profiles are all at stake. When you add banking and shopping apps, the financial costs can also escalate.
One of the most effective defenses against stealing and misusing your device and data is a killswitch functionality with reports suggesting killswitches can halve the number of smartphone thefts. It is so effective, that starting on July 1 2015, the state of California has ruled that all new smartphones must be shipped with killswitch functionality.
Once activated, a killswitch prevents a smartphone from being used or reprogrammed through a factory reset, making it very difficult for phone thieves to sell-on a working device.
The good news is that both Google and Apple rolled integrated killswitches for their smartphones in 2014, meaning that most smartphone users have access to basic level of protection.
Working with Qualcomm, AVG is developing a much more robust solution that is integrated directly into the hardware making it resistant to any number of attacks including factory resets or a SIM swap.
Step One: Set up remote access
Step Two:
If your device is lost or stolen, go to any web enable device, log into Google and access the Android Device Manager Panel.
You will now see your device location on a map and have options to ring, lock and erase.
Step One: Enable Find My iPhone
Step Two: Enabling Lost Mode
If you believe your device is lost or stolen you can activate the killswitch known as “Lost Mode”.
To do this, go to icloud.com/find from a Mac or PC, or alternatively you can use the Find My iPhone iOS app from another device.
This will bring up the Lost Mode dashboard which should pinpoint where your device is on a map and also give you the option to make it ring, lock it down or erase the data.
There is an option to customise the lock with a contact number for the safe return of your device. If you retrieve the device, you can safely return it to normal using your Apple ID login.
