Several issues have been discovered in the MariaDB database server. The
vulnerabilities are addressed by upgrading MariaDB to the new upstream
version 10.0.22. Please see the MariaDB 10.0 Release Notes for further
details:
Monthly Archives: October 2015
DSA-3386 unzip – security update
Two vulnerabilities have been found in unzip, a de-archiver for .zip
files. The Common Vulnerabilities and Exposures project identifies the
following problems:
You have 1 new fax, document 00724866
New incoming fax document. To view it please open the attachment. Date of scan: Fri, 30 Oct 2015 08:32:44 +0300 File size: 226 Kb Author: Floyd Hebert Pages: 9 Resolution: 400 DPI Scan time: 14 seconds Document name: task-00724866.doc Thank you for using Interfax!
Cybercriminals Look for a World Series Home Run – InfoSecurity Magazine
TalkTalk Cyberattack Updates: What Affected Customers Should Do – iTech Post
Emerging Data Infrastructure: Better, but Still Problematic – IT Business Edge
How the Avast ‘Lost Phone’ experiment worked
We trust our free app Avast Anti-Theft to track down lost phones, but we wanted to put it to the test in a real-world situation. So five months ago, we bought 20 Android smartphones and installed three security apps on all the phones: Our free Avast Anti-Theft app, Lookout Mobile Security, and Clean Master. Each phone was marked with contact information on where to return the device if found. After all was prepared, Avast security analysts traveled to New York City and San Francisco to randomly “lose” them in public places.
Here’s a video that shows what happened.
Over the months, the analysts used the Avast Anti-Theft app to track the lost devices and observed the following:
- 15 phones were wiped clean using the factory reset feature
- 11 phones stayed online for more than 24 hours after losing them
- 7 phones we were able to track for several months
- 4 phones were returned
- 4 phones are currently online and used
- 2 phones ended up abroad
- 1 phone was never factory data reset
The majority of lost devices were wiped clean using the factory reset feature, but only the Avast Anti-Theft app survived the factory reset.
You can track your missing mobile phones and tablets with Avast Anti-Theft. Get it for free from the Google Play Store.
Follow Avast on Facebook, Twitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.
CVE-2015-8028
Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file.
CVE-2015-8029
SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted Filmbox document, which triggers memory corruption.
CVE-2015-8030
SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka “Out-Of-Bounds Indexing” vulnerabilities.