Independent – Page 168 – Computer Security Articles

Credit to Author: Sharky| Date: Fri, 05 Oct 2018 03:00:00 -0700

IT security has laptops at this company really locked down, and that includes only limited admin rights, reports a road warrior pilot fish.

“On a recent trip, at my hotel I had to make an internet connection and open a web page to log into the hotel’s internet service before I could get a connection to the real internet,” fish says.

“Problem was, the work laptop was not going to let me use the browsers until I had established a VPN connection, which of course I could not do without the web page login.

“In a way, that was good — I took some real vacation time.

“In another way, it was bad, I have big hands and fingers, so using an iPhone and those stupid virtual keyboards is a one-finger, error-prone task. An email that could take seconds to type on a full-size keyboard takes minutes on the phone.

To read this article in full, please click here

Independent Securiteam

October 4, 2018 admin

SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation

Credit to Author: SSD / Ori Nimron| Date: Thu, 04 Oct 2018 05:12:22 +0000

Vulnerabilities Summary Cisco Prime Infrastructure (CPI) contains two vulnerabilities that when exploited allow an unauthenticated attacker to achieve root privileges and execute code remotely. The first vulnerability is a file upload vulnerability that allows the attacker to upload and execute JSP files as the Apache Tomcat user. The second vulnerability is a privilege escalation to … Continue reading SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation

Independent Krebs

October 2, 2018 admin

When Security Researchers Pose as Cybercrooks, Who Can Tell the Difference?

Credit to Author: BrianKrebs| Date: Tue, 02 Oct 2018 23:42:24 +0000

A ridiculous number of companies are exposing some or all of their proprietary and customer data by putting it in the cloud without any kind of authentication needed to read, alter or destroy it. When cybercriminals are the first to discover these missteps, usually the outcome is a demand for money in return for the stolen data. But when these screw-ups are unearthed by security professionals seeking to make a name for themselves, the resulting publicity often can leave the breached organization wishing they’d instead been quietly extorted by anonymous crooks.

Independent Securiteam

October 2, 2018 admin

SSD Advisory – Android Printing Man in the Middle Attack

Credit to Author: SSD / Ori Nimron| Date: Tue, 02 Oct 2018 10:03:44 +0000

Vulnerabilities Summary Android 8.1 has introduced the new feature of a default printing service. This service, based on the very similar, freely available Mopria Alliance Print Service on the Google Play Store, suffers from a lack of validation which can lead to both man in the middle attacks and subsequent interception of print jobs, as … Continue reading SSD Advisory – Android Printing Man in the Middle Attack

Independent Krebs

October 1, 2018 admin

Voice Phishing Scams Are Getting More Clever

Credit to Author: BrianKrebs| Date: Mon, 01 Oct 2018 14:02:27 +0000

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? Think again: Even technology experts are getting taken in by some of the more recent schemes (or very nearly).

ComputerWorld Independent

October 1, 2018 admin

Open door policy

Credit to Author: Sharky| Date: Mon, 01 Oct 2018 03:00:00 -0700

This server room is getting keycard access to make sure only those on the approved list are allowed to enter, reports a pilot fish on the scene.

“A card reader is installed on the outside of the door to get in,” fish says. “But how to handle exiting the room? Someone has the bright idea that a system administrator inside the server room might have their hands full when they’re trying to leave.

“So a motion sensor is installed on the inside, looking down on the doorway. That way, if someone walks up to the door from the inside, it will automatically unlock.

“But whoever created this system is a much more trusting soul than one of the sysadmins, who looks over the already installed system and sees the flaw.

To read this article in full, please click here

Independent Krebs

September 28, 2018 admin

Facebook Security Bug Affects 90M Users

Credit to Author: BrianKrebs| Date: Fri, 28 Sep 2018 19:36:45 +0000

Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles. In a short blog post published this afternoon, Facebook said hackers have been exploiting a vulnerability in […]

Independent Securiteam

September 27, 2018 admin

SSD Advisory – IRDA Linux Driver UAF

Credit to Author: SSD / Ori Nimron| Date: Thu, 27 Sep 2018 11:23:40 +0000

Vulnerabilities Summary The following advisory describes two vulnerabilities in the Linux Kernel. By combining these two vulnerabilities a privilege escalation can be achieved. The two vulnerabilities are quite old and have been around for at least 17 years, quite a few Long Term releases of Linux have them in their kernel. While the assessment of … Continue reading SSD Advisory – IRDA Linux Driver UAF