Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a “DoubleAgent” attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack.
Protect Your Instagram Account From Spambots
Comments that have nothing to do with the photo you’ve posted, followers that don’t seem completely human despite their profile picture, messages from unknown accounts containing suspicious links or offering to help you get followers… It’s likely that you or some of your friends and maybe even the social media manager at your company have run up against this kind of thing on Instagram.
Spambots continue to be a major headache for the Facebook-owned social network that has over 600 million users. According to a study carried out by Italian researchers, 8% of Instagram accounts are false.
This is a blight on the company’s image, and has led to some embarrassing occurrences, like the time when spammers inundated feeds with a multitude of pornography. Apart from that, there are plenty of brands that use bots to swell the numbers of their followers, a practice that Instagram prohibits. So what can you do about this?
Instagram offers its users a few tools to report spam. The user can delete a comment that she considers offensive and report it, block a user or inform the social network that a profile or a publication is potentially suspicious. For example, if you see that a user does not share photos, follows hundreds of people and only posts comments with links, it could well be a ‘spammer’, although generally try to hide it using an attractive profile photo.
Recently, the social network has included new options to protect privacy. If you’ve decided to make your account private (which is advisable if you don’t want strangers browsing through your photos), then you can now remove followers without having to block them.
Also, all Instagram users can now use an automatic filter that eliminates comments which include a word considered offensive by the community or by the user. Just go to Options, Comments, and Hide inappropriate comments. In fact, you can disable comments on photos and videos altogether.
On the other hand, if an unknown follower sends you a direct message, it is best not to click on the link. It could be a bot sending a malicious ‘link’. It is also possible that its intention is to start a phishing attack.
Improving Instagram account privacy by adding two-step verification, using a strong password, and being careful about sharing content are other tips to avoid running into security problems with your personal or company accounts. And of course, if your using any social network from work computers, Panda Security’s advanced cybersecurity solutions for companies could be a great help in preventing spam from leading to the downloading of malware.
The post Protect Your Instagram Account From Spambots appeared first on Panda Security Mediacenter.
Latest Tax Scams Include Phishing Lures, Malware
Microsoft warns this year’s crop of tax scams use social engineering attacks based on fear to spread banking Trojans and collect personal info.
OpenSCAP Libraries 1.2.14
The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
Ubuntu Security Notice USN-3240-1
Ubuntu Security Notice 3240-1 – It was discovered that the NVIDIA graphics drivers contained a flaw in the kernel mode layer. A local attacker could use this issue to cause a denial of service.
Red Hat Security Advisory 2017-0817-01
Red Hat Security Advisory 2017-0817-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946.
Ubuntu Security Notice USN-3239-1
Ubuntu Security Notice 3239-1 – It was discovered that the GNU C Library incorrectly handled the strxfrm function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that an integer overflow existed in the _IO_wstr_overflow function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.
Red Hat Security Advisory 2017-0564-01
Red Hat Security Advisory 2017-0564-01 – The libguestfs packages contain a library, which is used for accessing and modifying virtual machine disk images. Security Fix: An integer conversion flaw was found in the way OCaml’s String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. Note: The libguestfs packages in this advisory were rebuilt with a fixed version of OCaml to address this issue.
Red Hat Security Advisory 2017-0565-01
Red Hat Security Advisory 2017-0565-01 – OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages. The ocaml packages contain two batch compilers, an interactive top level system, parsing tools, a replay debugger, a documentation generator, and a comprehensive library. Security Fix: An integer conversion flaw was found in the way OCaml’s String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak.
Red Hat Security Advisory 2017-0574-01
Red Hat Security Advisory 2017-0574-01 – The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls. Security Fix: A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients.