Monthly Archives: October 2015

AVG

AVG boosts Bugcrowd bounty

One of the ways we proactively improve our security is through participation in the AVG bug bounty program on Bugcrowd.  We have recently reviewed the rewards offered as part of this program and now offer up to USD$1,000 per bug.

We appreciate and reward the efforts of security researchers who, within the strict terms of the bounty program, are able to responsibly disclose vulnerabilities found in our nominated PC based client side applications.

If you have skills and experience reverse engineering binary code, or you like breaking AntiVirus engines in your spare time, then this could be the stimulating and rewarding challenge you’ve been looking for.

Bugcrowd is a great community of like-minded security geeks who get to pentest, hack and crack great companies like AVG, Fitbit, Dropbox and even Tesla Motors – all in the name of responsible disclosure for rewards and kudos!

So, if you’re a 1337 h4x0r then start finding bugs today by signing up to Bugcrowd as a researcher, and then join the AVG program.

We look forward to seeing what juicy vulnerabilities you’ll uncover, and in return get rewarded for helping us keep over 200 million friends safe and secure.

Get cracking! And until next time, stay safe out there.

Security

Red Hat Security Advisory 2015-1929-01

Red Hat Security Advisory 2015-1929-01 – Ironic provides bare metal provisioning for OpenStack nodes. It was discovered that enabling debug mode in openstack-ironic-discoverd also enables debug mode in the underlying Flask framework. If errors are encountered while Flask is in debug mode, a user experiencing an error may be able to access the debug console. All openstack-ironic-discoverd users are advised to upgrade to these updated packages, which correct this issue.

Security

Red Hat Security Advisory 2015-1927-01

Red Hat Security Advisory 2015-1927-01 – Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

Security

Red Hat Security Advisory 2015-1928-01

Red Hat Security Advisory 2015-1928-01 – Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

Security

Red Hat Security Advisory 2015-1926-01

Red Hat Security Advisory 2015-1926-01 – Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

Avast

Government and misuse of technology are most feared by Americans

Americans don’t trust that technology will be kept out of the hands of bad guys.

Forget about zombies, vampires, and ghosts. Americans don’t fear things that go bump-in-the-night as much as they do their own government. The annual Survey of Fear conducted by Chapman University asked Americans about their level of fear in 88 different topics ranging from crime, the government, disasters, personal anxieties, technology, and others.  The majority of Americans said that they are “afraid” or “very afraid” of the corruption of government officials.

Hacker stealing password

One of American’s greatest fears is government-sponsored spying

The misuse of technology, financial crime, and privacy-related issues took up half of the Top 10 fears of 2015. After two years of high-profile data breaches and the revelations of government spying from the Edward Snowden leaks, it’s not too surprising. Here’s the list:

  • Corruption of government officials (58.0%)
  • Cyber-terrorism (44.8%)
  • Corporate tracking of personal information (44.6%)
  • Terrorist attacks (44.4%)
  • Government tracking of personal information (41.4%)
  • Bio-warfare (40.9%)
  • Identity theft (39.6%)
  • Economic collapse (39.2%)
  • Running out of money in the future (37.4%)
  • Credit card fraud (36.9%)

From this survey, it’s apparent that Americans’ awareness and concern about guarding their personal privacy is growing. An interesting topic that was further down the list is “Technology I don’t understand,” feared by 19% of Americans surveyed. At least that is something that individuals can control – just watch some videos or read this blog and you will learn about technology and how you can minimize your risks of these other things happening to you. For example, here’s how to secure your Facebook login and protect your personal privacy and identity.

Facebook announces government spying alert

The fears of government spying don’t go unwarranted. Facebook has reason to believe that it’s an important issue “because these types of attacks tend to be more advanced and dangerous than others.” These are the words of Facebook’s Chief Security Officer, Alex Stamos, in a recent announcement telling if the social media network suspects that a user is being targeted by government-sponsored hackers, they will issue an alert advising them to “take the actions necessary to secure all of their online accounts” such as “rebuild or replace these systems [your computer or mobile device] if possible.”

FB govt intruder warning

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

 

CentOS

CESA-2015:1925 Important CentOS 5 kvm SecurityUpdate

CentOS Errata and Security Advisory 2015:1925 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1925.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 


x86_64:
b0a8d2af276b509ddfb3ef7fa12b7cbd3afba9fb5fa1ae9ae38cfbb422ae0ac7  kmod-kvm-83-274.el5.centos.x86_64.rpm
8d31e38f3292cb236f64936500a7348f72150fce7bb8f06c87d7c14741d47306  kmod-kvm-debug-83-274.el5.centos.x86_64.rpm
ed8834e21ed763ebf75ac6ba8b82a17ddc282b6aa15393e2f46812460f504f50  kvm-83-274.el5.centos.x86_64.rpm
a24df4e5846371f312fd22b26a76b93ab89d9349ee9b82c35273595beef80acd  kvm-qemu-img-83-274.el5.centos.x86_64.rpm
2378ff35f2480ca16be825bb66df4d5ae50773f5e0028a1d4e96410555cc3e1c  kvm-tools-83-274.el5.centos.x86_64.rpm

Source:
c97f9162acf233ce5954dbba68437dfcfc7eb7709abacddf1c25b010d9485757  kvm-83-274.el5.centos.src.rpm
CentOS

CESA-2015:1924 Important CentOS 6 qemu-kvmSecurity Update

CentOS Errata and Security Advisory 2015:1924 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1924.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
d32c5c64f2a0f4022a010d9404e31ef0ac6363eb3cde9b14b7e117d6672c14ec  qemu-guest-agent-0.12.1.2-2.479.el6_7.2.i686.rpm

x86_64:
c535cec05139f127a6d26e2df47c3833524ac81678e61cc8b8958f0d7090c1a5  qemu-guest-agent-0.12.1.2-2.479.el6_7.2.x86_64.rpm
cbfe2c45541f1f5b97780cbd09eb23d4543156e9730c8d09873da706d7388ffe  qemu-img-0.12.1.2-2.479.el6_7.2.x86_64.rpm
4cd10f6b78f67f61f46c43f9bc0cdec759a9eae1abdd3e510627dfef04bacee6  qemu-kvm-0.12.1.2-2.479.el6_7.2.x86_64.rpm
3214261a38e162a356e7f96d45a920243f0b160925bbaf6309b5292601b90f74  qemu-kvm-tools-0.12.1.2-2.479.el6_7.2.x86_64.rpm

Source:
0b2dc5f1be528fe9711582f4bae0092dfe9de8958d39f5d6bff756f838d1767f  qemu-kvm-0.12.1.2-2.479.el6_7.2.src.rpm
Security

Cisco Security Advisory 20150115-asa-dhcp

Cisco Security Advisory – A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance (ASA) software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 packets. Cisco ASA Software is affected by this vulnerability only if the software is configured with the DHCPv6 relay feature. An attacker could exploit this vulnerability by sending crafted DHCPv6 packets to an affected device.

Security

Cisco Security Advisory 20151021-asa-dhcp1

Cisco Security Advisory – A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance (ASA) software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 packets. Cisco ASA Software is affected by this vulnerability only if the software is configured with the DHCPv6 relay feature. An attacker could exploit this vulnerability by sending crafted DHCPv6 packets to an affected device.