Monthly Archives: October 2016
Adobe On Patch Parade To March Out 83 Bugs
IoT Malware Has Apparently Reached Almost All Countries
Elysia Cron – Moderately Critical – Cross Site Scripting (XSS) – SA-CONTRIB-2016-052
- Advisory ID: DRUPAL-SA-CONTRIB-2016-052
- Project: Elysia Cron (third-party module)
- Version: 7.x
- Date: 2016-October-12
- Security risk: 11/25 ( Moderately Critical) AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:Default
- Vulnerability: Cross Site Scripting
Description
This module enables you to manage cron jobs.
The module doesn’t sufficiently sanitize the cron rules which are entered into “Predefined rules” field thereby exposing a Cross Site Scripting vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission “Administer elysia cron”.
CVE identifier(s) issued
- A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Versions affected
- Elysia Cron 7.x-2.x versions prior to 7.x-2.2.
Drupal core is not affected. If you do not use the contributed Elysia Cron module, there is nothing you need to do.
Solution
Install the latest version:
- If you use the Elysia Cron module for Drupal 7.x, upgrade to Elysia Cron 7.x-2.3
Also see the Elysia Cron project page.
Reported by
- Dan Richards
- Michael Hess of the Drupal Security Team
Fixed by
- Kiselev Dmitry the module co-maintainer
Coordinated by
- David Snopek of the Drupal Security Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
Drupal version:
compat-guile18-1.8.8-14.el7
Security fix for CVE-2016-8605
Online safety tips for social media and IM fans
Since October is European Cyber Security Month, it is a good time to recap on social media and IM security. These online safety tips will do you well.
The post Online safety tips for social media and IM fans appeared first on WeLiveSecurity.
compat-guile18-1.8.8-14.fc24
Security fix for CVE-2016-8605
compat-guile18-1.8.8-14.fc25
Security fix for CVE-2016-8605
Facebook, Twitter and Instagram Share Data with Location-based Social Media Surveillance Startup
Facebook, Instagram, Twitter, VK, Google’s Picasa and Youtube were handing over user data access to a Chicago-based Startup — the developer of a social media monitoring tool — which then sold this data to law enforcement agencies for surveillance purposes, the ACLU disclosed Tuesday.
Government records obtained by the American Civil Liberties Union (ACLU) revealed that the big technology
Want to be a top tech company? Use a centralized management tool.
The ship of single-device users sailed long ago. Our desks are covered with technology: desktop PCs, laptops, phones, smartphones, etc. and our technological needs have also changed (in fact, they keep changing!). We can’t just think about what we need to do: we need to take action. But despite this, it is challenging to develop an integrated strategy that that protects multiple devices while adapting to user behavior. Businesses cannot afford to fall behind (and fall victim to cyberattacks!) because they did not implement the right tools and practices for their IT infrastructure.
We use a variety of channels and network-connected devices (and that number is growing exponentially) to communicate in the workplace. Now, we also have to think about a new group that may affect our business’s security that includes both BYOD (Bring Your Own Device) and the Internet of Things (IoT), and they require proper protection, management and control.
Microsoft and Apple Take Control
The growth of connected devices has led to a computer security revolution. IT teams in companies are adapting to new security requirements by implementing monitoring software and management software to control the devices that makeup the IT infrastructure. If the service is hosted in the Cloud, the better. It’s no longer necessary for an additional superstructure since a network connection and console access via browser is sufficient enough.
In 2011, Apple realized the benefit of Cloud-based management, and amplified all of their devices, including mobile phones and tablets, to fit this model. Cloud management reduces support and operation costs. Realizing the benefits of an easy-to-use system that can be used on mobile devices too, the tech giant Microsoft has decided to adopt this strategy with their Windows 10 operating system. , Microsoft is taking advantage of this new system that offers unified management for a variety of devices, whatever they may be.
There is a high rate of protection and remote monitoring for these Cloud-based systems which has also reduced support and operational costs, increased efficiency in the IT infrastructure, and improved employee productivity. To achieve this, proper management of the company’s IT infrastructure is fundamental.
Businesses can easily monitor and offer remote support to all of their corporate devices, regardless of their location, with Panda Systems Management. This tool makes it possible to manage the IT infrastructure and its maintenance from a centralized platform.
Want to be like Microsoft and Apple? Adopt their philosophy and use a centralized management system! Manage your devices with Panda Systems Management, an easy-to-use tool that allows you to yield great benefits with minimal investment.
The post Want to be a top tech company? Use a centralized management tool. appeared first on Panda Security Mediacenter.