Chinese Hackers have taken Smishing attack to the next level, using rogue cell phone towers to distribute Android banking malware via spoofed SMS messages.
SMiShing — phishing attacks sent via SMS — is a type of attack wherein fraudsters use number spoofing attack to send conceiving bogus messages to trick mobile users into downloading a malware app onto their smartphones or lures victims
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.
The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.
The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.
The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.
GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of ” termination of a name field in ldlex.l.
Linkit provides an easy interface for internal and external linking with WYSIWYG editors by using an autocomplete field.
When searching for entities, this module doesn’t always enforce the access restrictions and users may see information about entities they should not be able to access.
This is mitigated by the fact that a user must have access to a text format that uses Linkit.
Drupal core is not affected. If you do not use the contributed Linkit- Enriched linking experience module, there is nothing you need to do.
Install the latest version:
Also see the Linkit- Enriched linking experience project page.
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
This module enables you to show the office hours of a location to the public.
The module doesn’t sufficiently filter user input for malicious Cross Site Scripting (xss).
This vulnerability is mitigated by the fact that an attacker must have a role with a permission to add fields to an entity.
Drupal core is not affected. If you do not use the contributed Office Hours module, there is nothing you need to do.
Install the latest version:
Also see the Office Hours project page.
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
“HackITAll” is hackathon held each year by the LSAC (Automatic Control & Computers Student’s League). 2017 was the second edition of this event and Avira was happy to be the sole sponsor. HackITAll took place on March 18-19, 2017, and was a classical 24-hour hackathon. It brought together 60 IT students, most of which are […]
The post HackITAll hackathon – 60 students, 20 teams, 3 winners, 1 Polly appeared first on Avira Blog.
Pretty much every day, you accept a few new cookie warnings without actually reading them. Websites are required to inform you that they’re storing cookie files that gather data about your preferences on your own computer. The European Commission has just proposed to simplify these warnings. In addition to cookies that websites create, the memory cached on your browser stores temporary files so that pages load more quickly.
All those cookies start to pile up, believe it or not. Your computer can actually end up getting sluggish after gorging on all those digital cookies. Now that I’ve put it into perspective for you, you can appreciate the seriousness of the situation.
Sometimes what we chalk up to possible malware is actually just an information overload slowing down your browser. That’s why it is recommendable that you do a little bit of tidying up every now and again and clean out the cookie cache. And if you use a shared computer, this could have the additional benefit of protecting your privacy.
In the case of Chrome, the most popular browser, you have the option in the icon of the three vertical points located at the top right of the window. Just click the icon and go to More tools and Clear browsing data. Chrome allows you to select the exact information you want to delete: you can delete cookies, files and cached images, browsing history or passwords, and specify a date range. It also offers an alternative path from Settings, Show Advanced Settings and Privacy.
To remove your little trail of crumbs in Mozilla Firefox, click on the icon of the three horizontal stripes and select History and Clear recent history. You’ll see a window that allows you to decide the time period for which you’d like to do the cleaning. From the Details tab, you can choose the information you want to delete. And from the same menu, you can access Options, Privacy and History. There you will find the option “Use a custom configuration” for the history, which allows you to decide which browsing data will be cleared when Firefox closes.
For their part, users of Apple computers can clean out the Safari browser from the Preferences and Privacy menus. Among the available options are to change the configuration of cookies and accepted data from certain websites, delete information of specific pages individually or all at the same time, and see which sites store that data in Details.
If you’ve already installed Windows 10 on your computer, you’re sure to have saved personal information on Microsoft Edge. To clean it, select More, Settings (the little gear), Clear scan data and check the boxes of the data you want to delete in Choose what to delete. From Advanced Settings you can tell Edge to stop collecting or storing certain information.
Finally, Opera users remove cookies and clear the cache much like users of Chrome. By clicking on the icon at the top right of the window, you can click Delete browsing data and select the items you want to delete and from when you want to delete them.
Now you know where to find the virtual duster on your personal or corporate computer, so go and do some spring cleaning!
The post Spring Cleaning: Get Rid of Those Cookies from Your Browser! appeared first on Panda Security Mediacenter.