 |
by Emily Dreyfuss from Feed: All Latest on (#GMKG)
The Stagefright bug has quickly frightened cell phone manufacturers into action. The post Big Android Makers Will Now Push Monthly Security Updates appeared first on WIRED.
|
Story
Some PDFs from Blackhat 2015Similar News
 |
CentOS has updated kernel (C7: multiple vulnerabilities, one from 2014).Fedora has updated kernel (F22:three vulnerabilities).openSUSE has updated ghostscript(13.2, 13.1: code execution) and php5(13.2, 13.1: two vulnerabilities).Red Hat has updated kernel(RHEL7: multiple vulnerabilities, one from 2014) and kernel-rt (RHEL7; RHEL6: multiple vulnerabilities, one from 2014).Scientific Linux has updated kernel (SL7: multiple vulnerabilities, one from 2014).SUSE has updated oracle-update(Manager 2.1: multiple vulnerabilities).Ubuntu has updated cinder (15.04:arbitrary file reads), python-keystoneclient,python-keystonemiddleware (15.04, 14.04: two vulnerabilities, one from2014), and swift (15.04, 14.04, 12,04: twovulnerabilities, one from 2014).
 |
 |
'Panda Emissary' group has an appetite for defence projects Black Hat 2015 An alleged Chinese advanced hacking group has been found cherry-picking data from high-profile governments and corporations, p0wning many within six hours according to Dell researchers.…
|
 |
by Agence France-Prfesse from World news | The Guardian on (#GJK6)
Ukraine’s security service says it has detained a criminal group that was attempting to sell a small quantity of what appeared to be non-fissile uraniumUkraine’s security service has said it seized a small quantity of what appeared to be ore-grade uranium from a criminal gang in a peaceful western region.
|
 |
by Mark Frauenfelder from on (#GHW6)
Remember those militarized cops who raided a California medical marijuana dispensary, harassed a disabled patient in the store, and were recorded on a security camera gobbling what was almost certainly marijuana-infused edibles that they swiped during the raid? Read the rest
|
 |
Ad giant, Samsung, LG commit to monthly fixes Black Hat 2015 For those of you worried about the Stagefright flaw in Android, be reassured, a patch will be coming down the line in the next few days.…
|
It's been 10 days since Zimperium's Joshua Drake revealed a new Android vulnerability called Stagefright - and Android is just starting to recover. The bug allows an attacker to remotely execute code through a phony multimedia text message, in many cases without the user even seeing the message itself. Google has had months to write a patch and already had one ready when the bug was announced, but as expected, getting the patch through manufacturers and carriers was complicated and difficult.But then, something unexpected happened: the much-maligned Android update system started to work. Samsung, HTC, LG, Sony and Android One have already announced pending patches for the bug, along with a device-specific patch for the Alcatel Idol 3. In Samsung's case, the shift has kicked off an aggressive new security policy that will deploy patches month by month, an example that's expected to inspire other manufacturers to follow suit. Stagefright seems to have scared manufacturers and carriers into action, and as it turns out, this fragmented ecosystem still has lots of ways to protect itself.Seeing is believing, but the signs are at least somewhat positive. I doubt all of these will get the fix, though.That being said, as the linked article explains, this bug really isn't as worrisome as people made it out to be. Security researchers (often working for companies selling security software) have cried wolf so many times I really don't take any of them seriously at this point, no matter which operating system's users they are trying to scare into buying their crap.
 |
Black Hat founder warns of coming crisis Black Hat 2015 Speaking at the opening of the 18th Black Hat security conference, its founder Jeff Moss warned the assembled throng that while they might have job security, they weren't going to have fun in the next decade.…
|
 |
by Frederic Lardinois from Crunch Hype on (#GH9M)
Earlier today, Samsung announced that it would now provide security patches for its Android devices “about once per month.†In addition to Samsung, Google also today announced a similar program for its Nexus devices. Both Samsung and Google will release these security patches as over-the-air updates. Read More
|
 |
by Jared DiPane from Android Central RSS Feed on (#GHAC)
Nexus devices will now receive monthly security updates from Google, in addition to their usual platform updates. Starting now with the release of the Stagefright exploit fix, Google will be pushing out security updates, and notifying its partners on a monthly basis.
|
 |
by John Callaham from Android Central RSS Feed on (#GH26)
Samsung says it is developing a new and faster process to release security updates to its Android devices, in the wake of the recent Stagefight exploit. Samsung says it plans to offer over-the-air security patches once a month.
|
Debian has updated wordpress(regression in previous update).Debian-LTS has updated ia32-libs (multiple vulnerabilities).Red Hat has updated java-1.5.0-ibm (RHEL5,6: multiplevulnerabilities) and node.js (RHOSE2.1; RHOSE2.0: man-in-the-middle attack).SUSE has updated java-1_6_0-ibm(SLEM12: multiple vulnerabilities).Ubuntu has updated oxide-qt(15.04, 14.04: multiple vulnerabilities).
 |
by Reuters from Technology | The Guardian on (#GF4V)
Investigators have contacted a Denver-based technology firm that helped to manage the unusual system, the Washington Post saysThe FBI has begun looking into the security of Hillary Clinton’s private email setup, contacting in the past week a Denver-based technology firm that helped manage the unusual system, the Washington Post has reported, citing two government officials.Related: 'So revealing and wacky': Hillary Clinton emails deride David Cameron Continue reading...
|
 |
by Alex Hern from Technology | The Guardian on (#GFVJ)
The tech giant will patch a serious bug in the next security update to its desktop operating systemApple is to fix a bug in its Mac OS X operating system as soon as possible amid concerns over the security of its desktop and laptop computers.The tech company will patch a serious “privilege escalation†bug in the next security update to its desktop operating system, Mac OS X 10.10.5, the Guardian has learned. The initial beta of the next update to the Mac operating system did not include a fix for the bug, known as DYLD, leading to concerns it would not be fixed until the Autumn when the next major OS release, El Capitan, is planned. Continue reading...
|
 |
by Reuters in Shanghai from World news | The Guardian on (#GF9K)
Move, which security minister says will ‘catch criminal behaviour at earliest possible point’, is latest attempt to tighten control over online activitiesChina is planning to set up “network security offices†in major internet companies and for websites so authorities can move more quickly against illegal online behaviour, the ministry of public security said in a statement.Related: China passes new national security law extending control over internet Continue reading...
|
 |
by Xeni Jardin from on (#GF78)
The suspect worked at a local Naval base, but there's no talk of terrorism because he was also white. Read the rest
|
 |
by Xeni Jardin from on (#GF5F)
The FBI is investigating how secure Hillary Rodham Clinton's email practices were when she was secretary of state and used a private email server, reports The Washington Post. Read the rest
|
Debian has updated squid3(security bypass) and wordpress (multiple vulnerabilities).Fedora has updated quassel (F21: denial of service).Mageia has updated ipython(MG4,5: two vulnerabilities), moodle (MG5:vulnerabilities), pdns (MG4,5: denial ofservice), and php (MG5: multiple vulnerabilities).openSUSE has updated gpsm (13.1:code execution from 2013).Scientific Linux has updated autofs (SL6: privilege escalation), curl (SL6: multiple vulnerabilities), freeradius (SL6: denial of service), gnutls (SL6: multiple vulnerabilities), grep (SL6: two vulnerabilities), hivex (SL6: privilege escalation), httpd (SL6: access restriction bypass), ipa (SL6: cross-site scripting), java-1.6.0-openjdk (SL6: multiplevulnerabilities), kernel (SL6: multiplevulnerabilities), libreoffice (SL6: codeexecution), libxml2 (SL6: denial ofservice), mailman (SL6: twovulnerabilities), net-snmp (SL6: denial ofservice), ntp (SL6: multiplevulnerabilities), pacemaker (SL6: privilegeescalation), pki-core (SL6: cross-sitescripting), python (SL6: multiplevulnerabilities), sudo (SL6: informationdisclosure), wireshark (SL6: multiplevulnerabilities), and wpa_supplicant (SL6: denial of service).
 |
by Peter_APIIT from LinuxQuestions.org on (#GBQB)
Dear All, I wonder any security problem with this configuration: unbound - dnscrypt-proxy Squid dhcp ntpd ---Quote---
|
 |
When even the DHS thinks it's a bad idea then it must be time for a rethink The US Department of Homeland Security is hardly what you'd think of as a bunch of whining lefties, but even this agency has come out against the proposed Cybersecurity Information Sharing Act.…
|
 |
by Alex Wilhelm from Crunch Hype on (#GAG9)
And now for an update in the continuing saga of the Cybersecurity Information Sharing Act (CISA), a controversial piece of legislation currently in the Senate that, to some, represents an important tool to bolster the sharing of threat data between the government and private entities, and to others is a privacy-wrecking mess. Read More
|
 |
by David Kravets from Ars Technica - All content on (#GAFJ)
Drones used by US adversaries "present detection and disruption challenges."
|
Debian has updated apache2(multiple vulnerabilities), ghostscript(code execution), icedove (multiple vulnerabilities), icu (multiple vulnerabilities), and ruby-rack (denial of service).Fedora has updated bind (F22; F21:denial of service), bind99 (F22: denial ofservice), libuser (F21: multiplevulnerabilities), and openssh (F21: denial of service).Mageia has updated bind (MG4,5:denial of service), icu (MG4,5: codeexecution), and remind (MG4,5: buffer overflow).openSUSE has updated bind (13.2,13.1: denial of service) and libuser (13.2:privilege escalation).Oracle has updated java-1.6.0-openjdk (OL5: multiplevulnerabilities), kernel 2.6.39 (OL6; OL5:multiple vulnerabilities), kernel 2..6.32 (OL6; OL5:multiple vulnerabilities), kernel 3.8.13 (OL7; OL6: multiple vulnerabilities), and lxc (OL7; OL6: two vulnerabilities).Scientific Linux has updated bind (SL6; SL6,7:denial of service) and libuser (SL6: two vulnerabilities).
by Frederic Lardinois from Crunch Hype on (#GA66)
Security platform Zscaler today announced that it has raised a $100 million Series B funding round led by late stage investor TPG. The company, which offers a wide range of web, mobile and cloud security services for enterprises, has now raised a total of $138 million and says that its valuation in this last round was over $1 billion. Other investors include EMC and previous investor… Read More
 |
Recognising the problem of ignorance Mobile security is becoming more of a headache as the crossover between business and personal activity continues to increase, and employees generally expect more freedom. Research suggests, however, that you can only push technology-based protection so far before users rebel and try to find ways around it. To manage risks effectively, you therefore need to address the human factor.…
|
 |
In colossal co-incidence, eight-petaflop limit keeps China atop fastest supercomputer charts China has banned the unlicensed export of supercomputers and certain types of unmanned aerial vehicles.…
|
|
by mastermind1 from LinuxQuestions.org on (#G7ZQ)
Hello all, I am new to Linux (of course) but not new to computing or programming. I would like to ask some advice on which distros are optimal for enhanced privacy concerns, as well as some...
|
 |
by Associated Press in Cairo from World news | The Guardian on (#G6Q0)
|
 |
by Agence France-Presse in Bujumbura from World news | The Guardian on (#G6AH)
Gen Adolphe Nshimirimana, seen as regime’s No 2, assassinated week after President Nkurunziza declared election winnerA top Burundian general and close aide to the president, Pierre Nkurunziza, has been killed in a rocket attack on his car in the capital, Bujumbura, officials and witnesses said.
|
|
by LXer from LinuxQuestions.org on (#G5ER)
Published at LXer: Hello, open gaming fans! In this week's edition, we take a look at Razer and OUYA, security vulnerabilities on Steam, and more.Open gaming roundup for July 25 - August...
|
 |
by Trevor Timm from on (#G275)
Freedom of the Press Foundation this week filed a Freedom of Information Act (FOIA) lawsuit against the Justice Department over their unpublished rules for using National Security Letters and so-called informal “exigent letters†to conduct surveillance of journalists. Read the rest
|
 |
by Yael Grauer from Feed: All Latest on (#G405)
Each weekend, WIRED rounds up the security vulnerabilities and privacy updates that deserve your attention. The post Security News This Week: United Airlines Can’t Catch a Break appeared first on WIRED.
|
CentOS has updated java-1.6.0-openjdk (C5; C7: multiple vulnerabilities).Debian has updated openafs(multiple vulnerabilities) and xmltooling (denial of service).Fedora has updated libuser(F22: multiple vulnerabilities), openssh (F22: authentication limits bypass; F22: improper output filtering), and xrdp (F22: denial of service).Mageia has updated groovy(M4, M5: code execution).openSUSE has updated bind (11.4:multiple vulnerabilities) and openldap2 (13.1, 13.2: multiple vulnerabilities).Oracle has updated java-1.6.0-openjdk (O6; O7: ).Red Hat has updated java-1.6.0-openjdk (multiple vulnerabilities).Scientific Linux has updated openafs (multiple vulnerabilities).SUSE has updated bind(SLES 10: denial of service), java-1_7_0-openjdk (SLE 11;SLE 12: multiple vulnerabilities), java-1_7_1-ibm (SLE 11; SLE 12: multiple vulnerabilities),and kernel (SLE 12: multiple vulnerabilities).Ubuntu has updated hplip(12.04, 14.04, 15.04: man-in-the-middle attack), kernel (14.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), and sqlite3 (12.04, 14.04, 15.04: multiple vulnerabilities).
 |
by rjcjr from on (#G11K)
My search for an easy way to generate strong passwords and passphrases led me to the "Diceware" method Cory wrote about on Boing Boing. This was no game. I needed serious dice. Read the rest
|
 |
by John Biggs from Crunch Hype on (#G0SZ)
A bug discovered by security researchers Eric Taylor and Blake Welsh can change a standard customer feedback system called Aptean SupportSoft into a method for hackers to grab passwords, credit card information, and usernames. Taylor and Welsh have also been able to inject code into chat sessions that makes small windows appear when a customer service chat session is initiated. The exploit… Read More
|
 |
Adobe's scars make it ugly but tough. So tough it's being attacked more than ever Don't kill Flash; that's the message from Cisco security veteran John Stewart who says the Adobe team have put in the hard yards into reforming security and needs to weather the current bug storm.…
|
Debian-LTS has updated squid3(security bypass).Fedora has updated drupal7-path_breadcrumbs (F22; F21: cross-sitescripting), ecryptfs-utils (F22; F21: password disclosure from 2014), hplip (F21: key verification botch), httpd (F21: multiple vulnerabilities),ipython (F22; F21: cross-site request forgery), libunwind (F21: code execution), libwmf (F21: two denial of service flaws), nx-libs (F22: unspecified vulnerabilities), wpa_supplicant (F21: code execution), and xrdp (F21: denial of service).openSUSE has updated lxc (13.2; 13.1:two vulnerabilities).Oracle has updated autofs (OL6:privilege escalation from 2014), bind (OL6; OL6:denial of service), curl (OL6: multiplevulnerabilities, some from 2014), freeradius (OL6: code execution from 2014), gnutls (OL6: two vulnerabilities), grep (OL6: code execution), hivex (OL6: code execution from 2014), ipa (OL6: cross-site scripting from 2010 and2012), kernel (OL6: multiplevulnerabilities, some from 2014), kernel 3.8.13 (OL7; OL6:three vulnerabilities, one from 2014), libreoffice (OL6: code execution), libuser (OL6: privilege escalation), libxml2 (OL6: two vulnerabilities, one from2014), mailman (OL6: two vulnerabilities,one from 2002), net-snmp (OL6: denial ofservice from 2014), ntp (OL6: threevulnerabilities), pki-core (OL6: cross-sitescripting), python (OL6: twovulnerabilities from 2013 and 2014), sudo(OL6: information disclosure from 2014), wireshark (OL6: multiple vulnerabilities, somefrom 2014), and wpa_supplicant (OL6: denialof service).SUSE has updated bind (SLE11SP1:denial of service).Ubuntu has updated ghostscript(15.04, 14.04, 12.04: code execution), openjdk-7 (15.04, 14.04: multiplevulnerabilities), pcre3 (15.04, 14.04,12.04: multiple vulnerabilities, one from 2014), and tidy (15.04, 14.04, 12.04: two vulnerabilities).
 |
Chipmaker adds Israeli company's bolt-on protection to its bulging armoured sack Chipmaker ARM has sealed a deal to buy Israeli Internet of Things (IoT) security specialist Sansa Security. Financial terms of the deal, announced Thursday, were not officially disclosed. However, the WSJ previously reported that around $75m-$85m was on the table.…
|
from Hacker News on (#FWT0)
Comments
 |
Top-tier clouds invited into information-sharing club to speed defence deployment Rackspace is leading an effort to create a new group of top-tier cloud companies that it hopes will share information about security in close to real time.…
|
 |
Second draft of Wassenaar to take public comments under advisory Proposed changes to the US government's export controls on hacking tools will likely be scaled back following widespread criticism from the infosec community, a government spokesman has said.…
|
 |
from on (#FV9B)
Russia vetoes Security Council proposal on MH17 tribunal, despite late lobbying of Putin
|
Arch Linux has updated bind(denial of service), pacman(man-in-the-middle attack), and qemu(multiple vulnerabilities).CentOS has updated bind (C7; C5: denialof service) and bind97 (C5: denial of service).Debian has updated bind9 (denial of service).Debian-LTS has updated apache2 (denial of service) and bind9 (denial of service).Fedora has updated elfutils (F21:unspecified vulnerabilities), haproxy (F22; F21:information leak), hplip (F22:man-in-the-middle attack), libidn (F22; F21:information disclosure), php (F21: multiplevulnerabilities), roundcubemail (F22; F21:multiple vulnerabilities), subversion (F21:multiple vulnerabilities), and wpa_supplicant (F22: denial of service).Mageia has updated ansible(MG4,5: two vulnerabilities), freeradius(MG4,5: insufficient certificate verification), openssh (MG4,5: authentication limits bypass),python-django (MG4,5: multiplevulnerabilities), and springframework (MG5:denial of service).Oracle has updated bind (OL7; OL5:denial of service) and bind97 (OL5: denial of service).Red Hat has updated bind (RHEL6,7; RHEL5: denial of service), bind97 (RHEL5: denial of service), and qemu-kvm-rhev (RHOSP5,6: two vulnerabilities).Scientific Linux has updated bind(SL5: denial of service) and bind97 (SL5: denial of service).Slackware has updated bind (denial of service).SUSE has updated bind (SLE12; SLE11SP3,4: denial of service).Ubuntu has updated bind9 (15.04,14.04, 12.04: denial of service) and qemu(15.04, 14.04: multiple vulnerabilities).