Monthly Archives: July 2015

NVD

CVE-2015-5380 (io.js, node.js, v8)

The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence.

Redhat

RHSA-2015:1214-1: Critical: flash-plugin security update

Red Hat Enterprise Linux: An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.

Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2014-0578, CVE-2015-3114, CVE-2015-3115, CVE-2015-3116, CVE-2015-3117, CVE-2015-3118, CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-3123, CVE-2015-3124, CVE-2015-3125, CVE-2015-3126, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3130, CVE-2015-3131, CVE-2015-3132, CVE-2015-3133, CVE-2015-3134, CVE-2015-3135, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4429, CVE-2015-4430, CVE-2015-4431, CVE-2015-4432, CVE-2015-4433, CVE-2015-5116, CVE-2015-5117, CVE-2015-5118, CVE-2015-5119

Avira

United Airlines & New York Stock Exchange Suffer From Tech Issues

At the height of the summer season, the shutdown is upsetting the travel plans of thousands of tourists. United Airlines flies to 235 airports within the US, making one out of every six commercial flights in the country. The shutdown was attributed to “automation information” issues.

Earlier this year something similar had happend to United Airlines already. Back then a passenger, the founder and CTO of the tech firm Cloudstitch, tweeted that his pilot told passengers that the grounding was due to a possible hack of United’s computer network and the flight plan-delivery protocol used by every airline.

What happened yesterday reminds of the May 31 issue of the Polish LOT airline in Warsaw – and the above mentioned earlier hack of the United Airlines system in the US. In the Polish attack, hackers caused the airline’s ground computer systems to issue bogus flight plans.

Just hours later the New York Stock Exchange ran into similar problems. “I have spoken to the CEO of United, Jeff Smisek, myself. It appears from what we know at this stage that the malfunctions at United and the stock exchange were not the result of any nefarious actor,” U.S. Homeland Security Secretary Jeh Johnson says.

But even if no hackers were involved it definitely is a wakeup call: If something like that happens without any involvement of cybercriminals, how much worse would it be once one of them actually manages to screw around with all the tech?

The post United Airlines & New York Stock Exchange Suffer From Tech Issues appeared first on Avira Blog.

Panda Security

Panda’s Security 25th anniversary party

On June 25th, we celebrated the 25th anniversary of Panda Security. It is possible that you may be wondering how the celebration was so… here are some pictures!

diego navarrete

DIEGO NAVARRETE, PANDA SECURITY CEO, WELCOMING THE ATENDEES

 

panda awards

PANDA INNOVATION AWARDS

 

dj

LET’S GET THE PARTY STARTED!

 

party

WE COULD NOT HAVE HAD BETTER COMPANY!

 

brindis

HAPPY 25TH ANNIVERSARY!

If you wish to see more… here is the video!

The post Panda’s Security 25th anniversary party appeared first on MediaCenter Panda Security.

Ubuntu

USN-2670-1: libwmf vulnerabilities

Ubuntu Security Notice USN-2670-1

8th July, 2015

libwmf vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

libwmf could be made to crash or run programs as your login if it opened a
specially crafted file.

Software description

  • libwmf
    – Windows metafile conversion tools

Details

Fernando Muñoz and Stefan Cornelius discovered that libwmf incorrectly
handled certain malformed images. If a user or automated system were
tricked into opening a crafted image file, an attacker could cause a denial
of service or execute arbitrary code with privileges of the user invoking
the program.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
libwmf0.2-7

0.2.8.4-10.3ubuntu1.15.04.1
Ubuntu 14.10:
libwmf0.2-7

0.2.8.4-10.3ubuntu1.14.10.1
Ubuntu 14.04 LTS:
libwmf0.2-7

0.2.8.4-10.3ubuntu1.14.04.1
Ubuntu 12.04 LTS:
libwmf0.2-7

0.2.8.4-10ubuntu1.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-0848,

CVE-2015-4588,

CVE-2015-4695,

CVE-2015-4696

Avast

Top 10 most annoying browser toolbars

It usually happens after you download something free. You go back online and your browser suddenly looks unfamiliar. There’s new buttons and weird icons in the place of what you used to have. A strange search page from a company you have never heard has taken the place of your homepage.

How did I get that annoying toolbar?

 

Avast Browser Cleanup removes annoying toolbars

You have inadvertently downloaded a browser toolbar that came bundled with other software.

Free programs, like Adobe Reader, often include add-ons like toolbars or browser extensions. Most of the time, during the installation of the software, an opt-out option will be presented for the add-on. But, lots of people click through without reading, and when they’re finished they discover they have downloaded something they didn’t intend to.

To keep this from happening in the first place, slow down and read the screens. You could save yourself lots of time and headaches if you do.

What do browser toolbars do to my computer?

  • Change your homepage and your search engine without your permission or awareness
  • Track your browsing activities and searches
  • Display annoying ads and manipulate search results
  • Take up a lot of space inside the browser
  • Slow down your surfing speed
  • Fight against each other and become impossible for the average user to fully uninstall

In some cases, toolbars or add-ons can be quite useful, but Avast users have rated only 4% of toolbars as “good” or “useful”. The rest are “poor” or “very poor”.

The ten most unpopular toolbars are:

TOOLBAR NUMBER OF REMOVALS
Mindspark 18,358,334
Conduit 13,924,453
 Ask.com  11,773,062
 Delta Search  6,136,056
 FastStart  4,862,671
DealPly 4,253,676
 Yontoo Toolbar  4,020,969
SearchTheWeb (Iminent) 3,442,706
 IncrediBar  2,729,797
Sweet 10 packs / SweetIM 1,948,958

How do you get back your normal browser?

Avast Browser Cleanup has identified more than 60 million different browser add-ons and removed more than 650 million from users’ browsers in the past two years. Avast Browser Cleanup can help you remove annoying browser toolbars and regain your normal browser settings.

Avast Browser Cleanup is integrated in all free and premium Avast products. It can also be downloaded by users of other security programs as a standalone version.

Security

Keys Under Doormats

Whitepaper called Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications. Twenty years ago, law enforcement organizations lobbied to require data and communication services to engineer their products to guarantee law enforcement access to all data. After lengthy debate and vigorous predictions of enforcement channels “going dark,” these attempts to regulate the emerging Internet were abandoned. In the intervening years, innovation on the Internet flourished, and law enforcement agencies found new and more effective means of accessing vastly larger quantities of data. Today we are again hearing calls for regulation to mandate the provision of exceptional access mechanisms. In this report, a group of computer scientists and security experts, many of whom participated in a 1997 study of these same topics, has convened to explore the likely effects of imposing extraordinary access mandates. They have found that the damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20 years ago. In the wake of the growing economic and social cost of the fundamental insecurity of today’s Internet environment, any proposals that alter the security dynamics online should be approached with caution. Exceptional access would force Internet system developers to reverse “forward secrecy” design practices that seek to minimize the impact on user privacy when systems are breached. The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws. Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.