Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Jasper The Rasper

Pages: [1]
1
From Security Week http://www.securityweek.com/ad-fraud-trojan-kovter-patches-flash-player-ie-keep-other-malware-out

Quote
The ad fraud Trojan known as Kovter has been updating Adobe Flash Player and Microsoft Internet Explorer on infected systems, most likely in an effort to keep other malware out.

The French security researcher known as Kafeine discovered this new Kovter trick when he noticed that some of his virtual machines were attempting to download the latest version of Flash Player.

That is cunning.

2
Summary: Drupal has issued a highly critical announcement that unless Drupal installs were patched against the latest SQL injection attack within seven hours of its unveiling, the site should be considered compromised.

Drupal's security team has released a "public service announcement" calling upon all users of the Drupal content management framework to consider their sites as compromised, and to start afresh, unless their sites were patched against the SQL injection attack revealed two weeks ago within seven hours of the announcement of the vulnerability.

Full Article - http://www.zdnet.com/drupal-warns-unless-you-patched-within-seven-hours-youre-hacked-7000035219/

3
Quote
Could allow attackers to execute code on Linux, Unix, and Mac OS X.
by Sean Gallagher - Sept 24 2014

A security vulnerability in the GNU Bourne Again Shell (Bash), the command-line shell used in many Linux and Unix operating systems, could leave systems running those operating systems open to exploitation by specially crafted attacks. “This issue is especially dangerous as there are many possible ways Bash can be called by an application,” a Red Hat security advisory warned.

The bug, discovered by Stephane Schazelas, is related to how Bash processes environmental variables passed by the operating system or by a program calling a Bash-based script. If Bash has been configured as the default system shell, it can be used by network–based attackers against servers and other Unix and Linux devices via Web requests, secure shell, telnet sessions, or other programs that use Bash to execute scripts.

Full Article - http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/

4
by Pierluigi Paganini on September 20th, 2014

Egyptian bug hunter discovered that Avira Website is affected by CSRF flaw that allows attackers to hijack users’ accounts and access to their online backup.
What do you think about if tell you that an antivirus could represent a menace for your system? Antivirus like any other kind of software could be exploited by threat actors to compromise the machine as already explained my previous post.
The popular antivirus software Avira that includes a Secure Backup service is vulnerable to a critical web application vulnerability that could allow an attacker to take over the user’s account.
The Egyptian 16 year-old expert Mazen Gamal reported to The Hacker News that the Avira Website is affected by a CSRF (Cross-site request forgery) vulnerability that allows an attacker to hijack users’ accounts and access to their online secure cloud backup files.

Full Article - http://securityaffairs.co/wordpress/28496/hacking/avira-csrf-flaw.html

5
Security Software Programs / hpHOSTS Updates
« on: July 23, 2014, 10:21:15 AM »
hpHOSTS
 
hpHOSTS is a community managed hosts file. What that means to you is that you have a key role to play in improving hpHOSTS by submitting undesirable sites you think should be listed or by requesting removal of sites you think may have been added in error. This process is performed in our public forums and all decisions to add or remove sites are subject to public criticism and ongoing re-evaluation. If you would like to get involved, please register* at the hpHOSTS Hosts File Support Forum.

Important: If you are using programs such as HostsMan, uBlock, ABP or are using the files for blocking on devices such as routers, please consider switching to the dedicated classification files.
 
If you are NOT using the installer, please read the included Readme.txt file for installation instructions.
 
More Infohttp://hosts-file.net/
Download hpHostshttp://hosts-file.net/?s=Download

hpHosts Blog
 
--------------------------------------------------------------------------
Alternative hosts file providers.

6
Update for Windows XP (KB935448)
Brief Description
Install this update to resolve an issue where the Realtek HD Audio Control Panel may not start after you install security update KB925902 (MS07-017) and security update KB928843 (MS07-008).
To apply this hotfix, you must have Windows XP Service Pack 2 (SP2) installed.

Download : http://www.microsoft.com/downloads/details...&DisplayLang=en

More Information:
The Realtek HD Audio Control Panel may not start, and you receive an error message when you start the computer: "Illegal System DLL Relocation"

Quote
SYMPTOMS
When you start a computer that is running Microsoft Windows XP with Service Pack 2, the Realtek HD Audio Control Panel may not start. Additionally, you may receive the following error message:
Rthdcpl.exe - Illegal System DLL Relocation

The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL C:\Windows\System32\Hhctrl.ocx occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL.
This problem occurs when the Realtek HD Audio Control Panel (Rthdcpl.exe) by Realtek Semiconductor Corporation is installed.
http://support.microsoft.com/kb/935448/


Note: Only install this update if you are experiencing the above issue.

Pages: [1]