Friday, December 26, 2014

'mailx' security fix for various Linux flavors

'mailx' used for sending and receiving mail - widely used in several Linux distributions get the patch for two security flaws. Both the vulnerabilities occur due to improper parsing of email addresses and rated as "moderate". CVE-2014-7844 covers the execution of arbitrary shell commands locally, whereas CVE-2004-2771 fixes the execution of arbitrary commands by leveraging the fact that mailx interprets shell meta-characters in certain email addresses. BSD mailx and Heirloom mailx implementations are vulnerable to these issues affecting Red Hat Enterprise Linux, CentOS, Debian, Ubuntu, and possibly other distributions. Users are advised to apply the updates on earliest basis. CVE-2004-2771 is almost a decade old vulnerability. <more>

Android Coolpad devices bundled with backdoor

Coolpad - an Android based smartphones are equipped with a backdoor from the manufacturer. Obviously the idea is not only to give user preferences advertisement, but also install applications without the knowledge of users. Coolpad devices have a strong user base in China and Taiwan. Security researchers of Palo Alto Networks, discovers a security flaw in the backend management interface that uncover the backdoor's control system. According to Ryan Olson, intelligence director at Palo Alto, the CoolReaper backdoor is not only responsible for connecting to various C&C servers, but can also download, install and even activate any Android application without the user's permission. <more>

Thursday, December 18, 2014

Microsoft Last Patch Tuesday of 2014

Microsoft released last Patch Tuesday for 2014 year covering fixes for Internet Explorer, Office and Exchange Server. This month Patch Tuesday contains seven security bulletins - addressing twenty four security vulnerabilities. Out of seven, three bulletins are rated 'CRITICAL' i.e.  MS14-080, MS14-081 and MS14-084. Internet Explorer gets fixes for 14 security flaws under MS14-080. Most of the vulnerabilities are related to memory corruption that allows remote code execution. MS14-084 also targets Internet Explorer due to improper rendering of VBScript engine causing memory corruption. MS14-081 addresses remote code execution vulnerabilities in Word and Microsoft Office Web Apps. <more>

Adobe plugs Flash Player 0-day vulnerability

Along with Microsoft, Adobe not only patched six security flaws in Flash but also addresses 20 vulns Reader and Acrobat. Out of six vulns patched in Flash, one is believed to be exploited wild. According to Adobe advisory, all fixes for Flash are rated as 'CRITICAL' allowing intruders to take complete control of the vulnerable system. These vulnerabilities affect Windows, Mac and Linux platforms. Adobe credits security researcher 'bilou' who flagged the issue via Zero Day Initiative (ZDI) owned by HP. Flash versions and earlier, and earlier 13.x versions, and and earlier versions for Linux are vulnerable and urged users to apply the fix on earliest basis, Adobe stated in the advisory. <more>

Monday, December 8, 2014

OOPS!! Another Flash Player update

This month is quite worrisome for Adobe Systems as it issues out-of-cycle Flash Player update. The reason is to fix a highly critical security flaw that allows cybercriminals to take complete control of vulnerable system. This issue was already covered under CVE-2014-8439 - released on 14th October'14 and further restriction being made on 25th November. Adobe credits Sebastien Duquette of ESET, Timo Hirvonen of F-Secure and cyber security researcher Kafeine for finding the vulnerability. According to Timo Hirvonen that they received the Flash exploit from Kafeine and analyzed the exploit by using Angler exploit kit. The result reveals that the issue is different from vulnerabilities patched in APSB14-22 advisory. We contacted the Adobe Product Security Incident Response Team about the issue. They acknowledges it and released an emergency update. <more>

Google's Dashboard leverages users about devices accessibility

Google rolls out new tools targeting enterprise apps customers to provide more control over the devices. According to post on Google work blog, this new dashboard shows all the devices that have accessed Google accounts during the last 4 weeks period. It will aid users to figure out unsolicited access at a glance. A guide for managing Google for Work security is also released so that end user will not face any issue during the setup and usage. The dashboard also provide an opportunity of IT managers to have a comprehensive view of device activity and can remotely alter security settings. Google believes that security is a shared responsibility in the cloud environment, so we all should make every step to ensure corporate information is secure. <more>