Tuesday, March 31, 2015

Windows Server 2003 expires biggest security concern

On 14th July, Microsoft will halt its support operations for Windows 2003 server. This will eventually make a huge impact as security concerns are looming that what will going to happen once the official support is over. Many organizations are still far behind for migration to the latest server platform. Recently a survey has been conducted by Bit9+Carbon Black that reveals quite alarming situation for enterprises. After the deadline expires, organizations will have to pay $600 per server for extended support - so no more free security updates in Patch Tuesday. Bit9+Carbon Black report revealed that one in three enterprises running Windows Server 2003, i.e., 9 million machines still running the outdated OS, an estimated 2.7 million servers will remain at high risk. <more>

FIFTY PERCENT of Android users are vulnerable

Palo Alto Networks security researchers claims that almost 50% Android users are vulnerable to Installer Hijacking that puts devices to malware infection. Researcher Zhi Xu stated in a threat advisory that devices running Android 4.3 and below are all affected by this security flaw and allows an intruder to make modification or replacing a normal application with a malware to meet attacker's objective. The whole process is being done without users consent, so it's a bit scary for many android users. But the good thing about this, only applications downloaded from third-party app stores are susceptible to this. Android users are urged to follow the basic security tip, i.e., Always download apps from trusted google play store. <more>

Tuesday, March 17, 2015

March Patch Tuesday brings 14 bulletins

Microsoft released MEGA Patch Tuesday for March addressing 14 security bulletins covering Windows, Internet Explorer and Office. Among all, 5 bulletins rated as 'CRITICAL'. Surprisingly, FREAK vulnerability rated as 'Important' contrast to its rating as a high-profile security flaw. Almost all versions of Windows are vulnerable to FREAK issue that allows intruders to intercept and decrypt HTTPS connections between vulnerable clients and servers. High risk updates target Internet Explorer, Windows, Windows VBScript Scripting Engine, Windows Adobe Font Driver and Microsoft Server in Office. Internet Explorer bulletin mostly addresses memory corruption issues along with two privilege escalation flaws. Medium risk updates patch security flaws in Remote Desktop Protocol, Windows Photo Decoder Component, Windows Task Scheduler, Windows NETLOGON, Microsoft Exchange Server, PNG Processing and Windows Kernel. <more>

Beware Facebook-Login sites!!

A tool unleashed by Egor Homakov, a researcher with security firm Sakurity, allows intruders to hijack Facebook Login accounts used by websites to log-in on third-party sites using their Facebook accounts, by generating URLs or you can say through phishing attacks. The tool named 'Reconnect', exploits cross-site request forgery (CSRF) vulnerability found in Facebook Login. After Facebook denial to fix this issue, as there are some compatibility issues that could hamper other website services, Homakov disclosed it publicly on his blog. <more>

Thursday, March 12, 2015

SAP applications vulnerable to CRITICAL flaws

Critical vulnerabilities in SAP business applications are identified by Onapsis. Five security advisories have been released targeting business intelligence solution SAP BusinessObjects and the database management system SAP HANA (High-Performance Analytic Appliance). Four of them affects SAP BusinessObjects Edge 4.0. The first vulnerability covers under CVE-2015-2073 that allows attackers to read files on the BusinessObjects File Repository Server (FRS) due to an error in the Common Object Request Broker Architecture (CORBA) listener. Second vulnerability is quite similar to previous one with the exception that allows overwrite files on the File Repository Server (CVE-2015-2074). Third security flaw (CVE-2015-2076) is related to authorization issues that allow attackers to retrieve audit events from a remote BusinessObjects service by using CORBA. While the fourth vulnerability (CVE-2015-2075) allows removing events waiting in the auditee queue. <more>

Latest Google Chrome fixes 51 flaws

Google has released latest version of web browser Chrome 41.0.2272.76 fixing around 51 security flaws. Among these, 13 vulnerabilities are rated 'Critical' while 6 considered medium-severity vulnerabilities. Flaws related to out-of bounds write exists in media and skia filters whereas out-of bounds read exists in PDFium and vpxdecoder. Use-after-free flaws exist in v8 bindings, DOM, gif decoder, web databases and service workers. Similarly, type confusion error exists in v8 bindings and an integer overflow in the WebGL implementation. Google has made a lot of efforts to secure chrome browser by rewarding around $52,000 to various security researchers. Moreover, Google also announced last week that single-day Pwnium competition is changed into a year-round program. The reward has also been increased with no definite limit and the company calls it "infinity million." <more>

Wednesday, March 4, 2015

Firefox 36 released with HTTP/2 support

Mozilla released Firefox version 36 providing security fixes for several flaws along with the support of a new HTTP/2 protocol. HTTP/2 is the enhancement of HTTP 1.1 protocol used over the web since 1999. According to Mozilla, HTTP/2 enables users to have faster more scalable and more responsive web. Firefox 36 is using 2,048-bit encryption certificates instead of 1,024-bit root certificates which were used in the earlier versions. Besides this, Mozilla has released 17 security advisories where 3 advisories i.e., MSFA-2014-83, MSFA-2014-87 and MSFA-2014-88 are rated as 'CRITICAL'. <more>

Samba CRITICAL security flaw Patched!!

Samba - a widely used application for file and print sharing between computers running on Windows, Unix or Linux are vulnerable to remote code execution as an administrator and rates as HIGH severity flaw. According to Red Hat Product Security team, CVE-2015-0240 covers this issue that occurs due to an error in the smbd file server daemon. An attacker can trigger via specially-crafted packets to the Samba server, thus results in execution of arbitrary code with root privileges. Samba versions 3.5.0 to 4.2.0rc4 are prone to this flaw so users are advised to apply the latest version i.e, 4.1.17, 4.0.25, and 3.6.25. Samba team credits Richard van Eeden of Microsoft Vulnerability Research for identifying the security flaw and also providing the fix. <more>