Monday, November 30, 2015

Bugtraq: Huawei Wimax routers vulnerable to multiple threats

Huawei Wimax routers vulnerable to multiple threats

from SecurityFocus Vulnerabilities http://ift.tt/1Tq1Q7J

Kaspersky: 1 in 7 people use one password

Security firm Kaspersky has found that one in seven people are leaving themselves open to attack by having the one password for multiple accounts.










from Latest topics for ZDNet in Security http://ift.tt/1QQR9Nd

Google denies Israeli YouTube monitoring deal

The Israeli government has corrected its statement on Google agreeing to help monitor YouTube content after the tech giant denied an agreement had been reached.










from Latest topics for ZDNet in Security http://ift.tt/1Qa5Wke

BlackBerry to exit Pakistan over privacy concerns

The Canadian former giant BlackBerry has ended speculation by announcing on Monday that it will exit the Pakistani market before the end of 2015.










from Latest topics for ZDNet in Security http://ift.tt/1YEGV3P

Data Breach Trends to Evolve in 2016

For one, Experian predicts that consumers and businesses will be collateral damage in cyber-conflicts among countries.

from http://ift.tt/1l3MOJv

A Third of Businesses Use Online Banking

The growing use of mobile devices for corporate banking could put company funds at risk.

from http://ift.tt/1PptOSE

Consumers Confused By Chip-and-PIN Cards

Only two in five US consumers know what the benefits of having a chip card are.

from http://ift.tt/1XD7l3E

Datacom and MBIE resolve Immigration NZ project dispute

A report from NZ Treasury reveals a disagreement on scope between the government super-ministry and ICT services provider Datacom.










from Latest topics for ZDNet in Security http://ift.tt/1IxseGw

Armada Collective makes ransom demands on Greek banks: Report

Banking sources say hackers have disrupted internet services and made bitcoin ransom demands against three Greek banks, but have not accessed client details.










from Latest topics for ZDNet in Security http://ift.tt/1OANS1a

Cisco Cloud Services Router 1000V Command Injection Vulnerability

A vulnerability in the event manager environment and publish-event function of the Cisco Cloud Services Router 1000V Series could allow an authenticated, local attacker to perform a command injection attack with root-level privileges.

The vulnerability is due to a lack of proper input validation of event manager environment variables that are configured on the affected device. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges, modifying the configuration of the device, and then invoking a crafted event manager script. A successful exploit could allow the attacker to compromise the affected system using commands that are executed with root-level privileges.

Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is available at the following link: http://ift.tt/1QQiUW6

from Cisco Security Advisory http://ift.tt/1QQiUW6

Cisco Web Security Appliance Native FTP Denial of Service Vulnerability

A vulnerability in the native passthrough FTP functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to high CPU utilization.

The vulnerability occurs when the FTP client terminates the FTP control connection when the data transfer is complete. An attacker could exploit this vulnerability by initiating FTP connections through the WSA. An exploit could allow the attacker to cause high CPU utilization of the Cisco WSA proxy process, causing a partial DoS condition. The attacker's choice of FTP client and how that client closes the FTP control connection will affect the attacker's ability to exploit this vulnerability.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is available at the following link: http://ift.tt/1Q9oMYQ

from Cisco Security Advisory http://ift.tt/1Q9oMYQ

5 Must-do Steps for Practicing Your Data Breach Response Plan

Remember how you felt as a kid when the fire alarm rang in school? Your heart raced, adrenaline surged through your body … and you left your seat, got in line and filed out of the building calmly and efficiently because you’d practiced, practiced, practiced what to do in such an emergency. Even as an […]

The post 5 Must-do Steps for Practicing Your Data Breach Response Plan appeared first on Data Breach Resolution.



from Data Breach Resolution http://ift.tt/1ToVZ2o

USN-2821-1: GnuTLS vulnerability

Ubuntu Security Notice USN-2821-1

30th November, 2015

gnutls26 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

GnuTLS could be made to expose sensitive information over the network.

Software description

  • gnutls26 - GNU TLS library

Details

It was discovered that GnuTLS incorrectly validated the first byte of
padding in CBC modes. A remote attacker could possibly use this issue to
perform a padding oracle attack.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 14.04 LTS:
libgnutls26 2.12.23-12ubuntu2.3
Ubuntu 12.04 LTS:
libgnutls26 2.12.14-5ubuntu3.10

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

In general, a standard system update will make all the necessary changes.

References

LP: 1510163



from Ubuntu Security Notices http://ift.tt/21pqQkW

VTech hack gets worse: Chat logs, kids' photos taken in breach

One security expert questioned why some data was collected by VTech in the first place.










from Latest topics for ZDNet in Security http://ift.tt/1XszKi5

Bugtraq: [SE-2014-02] Errata document for Issue 42 (CVE-2015-4871 affecting Java SE 7)

[SE-2014-02] Errata document for Issue 42 (CVE-2015-4871 affecting Java SE 7)

from SecurityFocus Vulnerabilities http://ift.tt/1Rhc4Z1

VTech data breach update: 5 millions accounts affected

VTech is also shutting its app store temporarily and has suspended 13 of its associated websites as a precautionary measure.










from Latest topics for ZDNet in Security http://ift.tt/1PWoNks

NSA's phone records program ends, but loopholes could revive it

Analysis: "Backup" laws exist in forms of executive orders that can keep the program alive.










from Latest topics for ZDNet in Security http://ift.tt/1l2xU6q