Privacy Groups Release ‘Detekt’ Tool to Spot Spyware

Privacy advocates have joined together to release a tool for identifying cyber espionage malware.

Privacy advocates jointly announced the release of a free malware detection tool meant to help human rights activists, journalists, and others thwart surveillance malware.

The tool, known as Detekt, was developed by Claudio Guarnieri.… Read the rest


FTC Shutters $120 Million Tech Support, Bogus Software Scam

Earlier this week a federal court in Florida issued a temporary restraining order shutting down a series of organizations in the business of peddling fake software and nonexistent tech support services, temporarily freezing the assets of those companies’ and placing them under the control of a court-appointed receiver.… Read the rest

SSDP DDoS attacks driving up average DDoS sizes

New research shows the average size of a distributed denial-of-service attack continued to grow last quarter as more attackers targeted the Simple Service Discovery Protocol (SSDP), and generally, more enterprises can be expected to be targeted by DDoS attacks.

For its third quarter Distributed Denial of Service Trends Report, DDoS mitigation services provider Verisign Inc., which is based in Reston, Virginia, collected data from enterprise customers that the company helped fend off DDoS attacks.… Read the rest

Bugtraq: [security bulletin] HPSBUX03087 SSRT101413 rev.2 – HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code,…

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04396638

SUPPORT COMMUNICATION – SECURITY BULLETIN

Document ID: c04396638
Version: 2

HPSBUX03087 SSRT101413 rev.2 – HP-UX CIFS Server (Samba), Remote Denial of
Service (DoS), Execution of Arbitrary Code, Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.… Read the rest

Bugtraq: [ MDVSA-2014:223 ] wireshark

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:223
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : wireshark
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated wireshark packages fix security vulnerabilities:

SigComp UDVM buffer overflow (CVE-2014-8710).

AMQP crash (CVE-2014-8711).… Read the rest

Bugtraq: [ MDVSA-2014:224 ] krb5

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:224
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : krb5
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated krb5 packages fix security vulnerability:

The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c
in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys
in a response to a -randkey -keepold request, which allows remote
authenticated users to forge tickets by leveraging administrative
access (CVE-2014-5351).… Read the rest

Cloud Security By The Numbers

Cloud Security By The Numbers

Quantifying the perceptions around cloud security practices.

Previous

1 of 10

Next

As IT executives and business leaders finally get their arms around analyses of the business opportunities versus the security risks of cloud adoption, the industry is increasingly quantifying the friction between the two.… Read the rest

Bugtraq: [ MDVSA-2014:219 ] srtp

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:219
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : srtp
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated srtp package fixes security vulnerability:

Fernando Russ from Groundworks Technologies reported a buffer
overflow flaw in srtp, Cisco’s reference implementation
of the Secure Real-time Transport Protocol (SRTP), in how
the crypto_policy_set_from_profile_for_rtp() function applies
cryptographic profiles to an srtp_policy.… Read the rest

Bugtraq: [ MDVSA-2014:220 ] qemu

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:220
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : qemu
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated qemu packages fix security vulnerabilities:

Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3
devices.… Read the rest

Bugtraq: [ MDVSA-2014:221 ] php-smarty

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:221
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : php-smarty
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8350
http://advisories.mageia.org/MGASA-2014-0468.html
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
38a8116d38c6a5e28253eb661efb95fe mbs1/x86_64/php-smarty-3.1.21-1.mbs1.noarch.rpm
11a6b6429cce35fe9f6b6c621eff5ef9 mbs1/x86_64/php-smarty-doc-3.1.21-1.mbs1.noarch.rpm
b193233fb2a189c10e77c530801e210f mbs1/SRPMS/php-smarty-3.1.21-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi.… Read the rest