Posted by Vulnerability Lab on Mar 31
Document Title:
===============
Hi Technology & Services CMS – SQL Injection Vulnerabilities
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1785
Release Date:
=============
2016-03-22
Vulnerability Laboratory ID (VL-ID):
====================================
1785
Common Vulnerability Scoring System:
====================================
7.4
Product & Service Introduction:…
At least once in your lifetime, you’ve broken into a cold sweat trying to find your smartphone and your first reaction was “Have I lost it or it was stolen?”. At Avira, we know how this feels and we’ve made these situations less stressful for you.
The post Lost your mobile device? “Yell” or catch the thief in his nest appeared first on Avira Blog.
Posted by Vulnerability Lab on Mar 31
Document Title:
===============
Patron Info System – SQL Injection Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1784
Release Date:
=============
2016-03-21
Vulnerability Laboratory ID (VL-ID):
====================================
1784
Common Vulnerability Scoring System:
====================================
7.6
Product & Service Introduction:
===============================…
(Image via Enterprise Security Today)
Last summer, it was nearly impossible to avoid the news about the Stagefright vulnerability. At the time of its unveiling, security researchers believed Stagefright to be the worst Android vulnerability to be discovered. Nearly a year after its discovery, Metaphor is the most recent embodiment of the vulnerability to rear its ugly head.
Social engineering, a popular technique used to lure victims into becoming infected with malware, can also play a key role in encouraging victims to open web pages that allow the exploit to take place and for Metaphor to be fully effective.
This whole FBI-Apple debate has the technology world up in a frenzy about national security vs. personal security. Apple’s refusal to give up classified information to a government agency tells us something about the current state of our online safety, and lots of tech companies are stepping up to fight for our privacy.
Recently, Google conducted a study to see if the most-popular websites follow something called HTTPS Protocol. HTTPS (the added ‘S’ for secure) provides authentication of a website, ensuring its credibility for its users by encrypting the communication on its server. This makes it so that important data like our usernames, passwords, or personal messages cannot be intercepted; kind of like having our own online-bodyguard who lets us know when we are browsing a trusted site.
The results of the study could not be more discouraging.
From the one hundred sites studied, 79 do not use HTTPS by default and 67 use an obsolete encryption technology, aka no security method at all. “According to our calculations, the list of web sites that we have presented constitute about 25% of all global traffic”, a Google spokesperson stated. Does this mean that these ultra-popular sites don’t worry about our online security? It sure seems that way.
What’s even more shocking is the prestige of these sites; among them are pages like The New York Times or CNN, e-commerce platforms like eBay or Aliexpress, and well-known industry leaders such as Softonic. Google has declared war with these non-users (it searches index sites that use HTTPS and crosses out the rest with a red x in the Chrome address bar) and offers tools so that any developer can easily implement this protocol. This Mountain View company believes in “[making] the Web a safer place not only for Google users, but for everyone in general.”
Implementing this technology to add that ‘additional layer’ of security is extremely easy. Maybe the reason companies aren’t using this protocol is due to a lack of interest rather than a technical issue. Until recently, it took time and effort to develop a site with HTTPS but now there are platforms that facilitate the necessary certificates, for free.
Thankfully we have Google leading the crusade in making the Internet a safer place. Let’s continue to do what we do from the comfort of our laptop, like filling up that online shopping cart or making that bank transfer, but make sure to protect yourself. Always check for that extra ‘S’ and use a dependable antivirus service, like Panda, who will help you do it safely and smoothly.
The post Your favorite sites don’t use a secure connection appeared first on Panda Security Mediacenter.
Anything connected to the Internet could be hacked and so is the Internet of Things (IoTs).
The market fragmentation of IoTs or Internet-connected devices is a security nightmare, due to poor security measures implemented by their vendors.
Now, the researchers at security firm ESET have discovered a piece of Malware that is targeting embedded devices such as routers, and other
‘Microsoft loves Linux’ so much that now the company is bringing the popular Bash shell, alongside the entire Linux command environment, to its newest Windows 10 OS in the upcoming ‘Anniversary Update,’ Redstone.
The rumours before the Microsoft’s Build 2016 developer conference were true. Microsoft has just confirmed that it is going to enable its users to run Bash (Bourne Again Shell) natively
Do you deal with MS Word files on the daily basis?
If yes, then are you aware that even opening a simple doc file could compromise your system?
It is a matter to think that the virus does not directly affect you, but it is you who let the virus carry out the attack by enabling deadly “Macros” to view the doc contents that are generally on eye-catching subjects like bank invoice.
How
Patron Info System suffers from a remote SQL injection vulnerability.
Share your papers! Students are invited to submit their abstract for the 10th international CARO workshop.
The post War of the Machines: Call for Abstracts appeared first on Avira Blog.