Monthly Archives: November 2015

Panda Security

Black Friday and Cyber Monday: How to shop safely online

shopping online

As the year draws to a close, many retailers take the opportunity to slash the prices on goods, allowing us to take advantage of some great offers. With Christmas just around the corner, events such as Black Friday are great ways to get gifts for friends and family at significantly lower prices.

However, the if the idea of being surrounded by hundreds of frantic shoppers, worn out sales assistants, and long queues fills you with dread, then perhaps Cyber Monday is the shopping event for you. This term, which was coined in 2005 and falls on the Monday following Thanksgiving in the USA, was thought up by marketers to promote online shopping, with special deals that aren’t available in-store.

So, now that you don’t have to worry about the stressful experience of going to the store, we’ve put together a few tips to ensure you won’t have any stressful experiences after shopping online. Take a look below and make sure your Cyber Monday is a safe and stress-free one!

Black Friday and Cyber Monday: How to shop safely online

  1. Stick to well-known websites

The first thing you can do to be safe while shopping online is to only use trusted, official websites. Start your shopping by going directly to the store’s website as opposed to using a search engine to find what you need. Also, only continue if you see that the website is secure by checking that the URL begins with HTTP and that the lock symbol is present. 

  1. Only use a secure Wi-Fi connection

This is a fundamental one, yet people continue to ignore it. Public Wi-Fi may be convenient, especially if you are relaxing at a café and spot a bargain online which you can’t resist. However, it’s best to carry out purchases from the safety of your home, where you have control over who else is connected to your network.

  1. Check your statements

Keep up to date with all transactions carried out with your bank account as the sooner you spot something unusual, the quicker and easier it will be to avoid bigger problems. If you spot something suspicious, contact your bank immediately.

  1. Be aware of the returns policy

When shopping online, remember that the returns or exchange policy may be different to that in store. Also, some stores may only offer store credit on reduced goods, so always check before you buy.

  1. Keep your computer updated and protected

Giving out your bank details online involves an element of trust, so the best way to ensure that nobody else gets their hands on you sensitive information is to have a protected and up-to-date computer. Keep your operating system updated and always use a trusted antivirus that best fits your needs.

  1. Be wary of email offers

It’s common to be bombarded with emails offering you great discounts or offers, but treat them with suspicion. Avoid clicking on links sent via email and verify that the offers are valid on the official website instead.

The post Black Friday and Cyber Monday: How to shop safely online appeared first on MediaCenter Panda Security.

Full Disclosure

[ERPSCAN-15-018] SAP NetWeaver 7.4 – XXE

Posted by ERPScan inc on Nov 24

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver 7.4, probably others
Vendor URL: http://SAP.com
Bugs: XML External Entity
Send: 16.04.2015
Reported: 16.04.2015
Vendor response: 16.04.2015
Date of Public Advisory: 11.08.2015
Reference: SAP Security Note 2168485
Author: Roman Bezhan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver 7.4
Advisory ID: [ERPSCAN-15-018]…

Full Disclosure

[ERPSCAN-15-019] SAP Afaria – Stored XSS

Posted by ERPScan inc on Nov 24

Application: SAP Afaria
Versions Affected: SAP Afaria 7, probably others
Vendor URL: http://SAP.com
Bugs: Stored XSS
Send: 18.02.2015
Reported: 18.02.2015
Vendor response: 18.02.2015
Date of Public Advisory: 11.08.2015
Reference: SAP Security Note 2152669
Author: Dmitry Chastukhin (ERPScan)

Description

1. ADVISORY INFORMATION
Title: SAP Afaria – Stored XSS
Advisory ID: [ERPSCAN-15-019]
Risk:…

Full Disclosure

[ERPSCAN-15-020] SAP Mobile Platform 2.3 – XXE in application import

Posted by ERPScan inc on Nov 24

Application: SAP Mobile Platform 2.3
Versions Affected: SAP Mobile Platform 2.3, probably others
Vendor URL: http://SAP.com
Bugs: XML External Entity
Send: 25.02.2015
Reported: 25.02.2015
Vendor response: 25.02.2015
Date of Public Advisory: 11.08.2015
Reference: SAP Security Note 2152227
Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION
Title: SAP Mobile Platform 2.3
Advisory…

Full Disclosure

Celoxis <= 9.5 – Cross Site Scripting (XSS)

Posted by Manuel Mancera on Nov 24

================================================================
Celoxis <= 9.5 – Cross Site Scripting (XSS)
================================================================

Information
——————–
Name: Celoxis <= 9.5 – Cross Site Scripting (XSS)
Affected Software : Celoxis
Affected Versions: <= 9.5
Vendor Homepage : celoxis.com
Vulnerability Type : Cross Site Scripting
Severity : Low
CVE: n/a

Product…

Full Disclosure

Leak information on Huawei HG253s v2, Comtrend VG 8050 and ADB P.DGA4001N (HomeStation)

Posted by Daniel Díez on Nov 24

Huawei HG253s v2
Vodafone-Spain is starting to rent a new Huawei HG253v2 router to the
spanish costumers. This new router is coming with a new firmware version.
This bug has been found by @VicenDominguez

Vulnerability

Basically, it is not validating the session cookie in some administration
webpages. So, It is possible to get direct information from those urls in
any router open to internet.

http://IPhtml_253s/api/ntwk/WlanBasic

Full Disclosure

CVE-2015-8300: Polycom BToE Connector v2.3.0 Privilege Escalation Vulnerability

Posted by SBA Research Advisory on Nov 24

#### Title:
Polycom BToE Connector up to version 2.3.0 allows unprivileged windows
users to execute arbitrary code with SYSTEM privileges.

#### Type of vulnerability:
Privilege Escalation
##### Exploitation vector:
local
##### Attack outcome:
Code execution with SYSTEM privileges.
#### Impact:
CVSS Base Score 6,2
CVSS v2 Vector (AV:L/AC:L/Au:S/C:C/I:C/A:N)
#### Software/Product name:
Polycom BToE Connector
#### Affected versions:
All Versions…

Full Disclosure

: CVE-2015-8299 RCE Vulnerability in the KNX management software ETS

Posted by SBA Research Advisory on Nov 24

#### Title: Remote code execution vulnerability in the KNX management software ETS
#### Category/Abstract: Buffer overflow vulnerability
#### Product: ETS (Engineering Tool Software)
#### Affected versions: * ETS 4.1.5 (Build 3246)

*no other versions tested* #### Fixed in version: *unknown* #### Vendor: KNX Association
#### Impact: Critical
#### CVE number: CVE-2015-8299
#### Timeline * `2013-10-11` identification of vulnerability
*…