Windows 10 S, a new operating system designed for simplicity, security, and speed, was released by Microsoft last year. It locks a computer down to run applications only downloaded from official Windows Store,
2017 was a transitional year as the online threats grew more precisely focused on individual population segments and government-funded software exploits escaped their secure confines and wreaked havoc around the globe. During the year, Avira detected over 4.5 billion instances of malware attempting to infect operating devices protected by our AV software. There was substantial […]
Even though English is often considered to be a global language which the majority of the world speaks, it still hasn’t completely taken over the digital world. When it comes to sensitive subjects such as insurance, banking, legal or security, people still prefer to deal with them in their native language. Is there still a […]
The post Avira Lingo 2.0: There is a new translation tool in town appeared first on Avira Blog.
With our Advent calendar you can win great prizes from Avira – even license keys!
The post Sweeten your winter time – with our Advent calendar raffle! appeared first on Avira Blog.
Avira confirms again the long series of recognition for its great performance products. The Avira Antivirus Pro was awarded the “AV Top Product” seal following its high scores in the independent testing organization’s search for the best antivirus software for Windows Home User. The test looked at security software for computers with Windows 10 from […]
The post AV-TEST certifies Avira Antivirus Pro as Top Security Product appeared first on Avira Blog.
Avira Pro has achieved great scores in the latest Real World and Prevalence Malware Tests from AV-Test for July and August The test, run by the independent testing organization, utilizes a battery of 12,000 widely spread, prevalent threats and real world testing scenarios against antivirus applications to see if the AV is able to detect […]
The post Avira achieves the Certified Seal following the August 2017 AV-Test evaluation appeared first on Avira Blog.
Our Beta Center is going to start the next phase of our overall Avira beta testing process – with a Public Beta. This means that additionally to our awesome Avira Beta Center community members we also will provide access in form of a Public Beta to everyone who’s interested in our latest inventions. Until now we […]
Viacom—the popular entertainment and media company that owns Paramount Pictures, Comedy Central, MTV, and hundreds of other properties—has exposed the keys to its kingdom on an unsecured Amazon S3 server.
A security researcher working for California-based cyber resiliency firm UpGuard has recently discovered a wide-open, public-facing misconfigured Amazon Web Server S3 cloud storage bucket containing roughly a gigabyte’s worth of credentials and configuration files for the backend of dozens of Viacom properties.
These exposed credentials discovered by UpGuard researcher Chris Vickery would have been enough for hackers to take down Viacom’s internal IT infrastructure and internet presence, allowing them to access cloud servers belonging to MTV, Paramount Pictures and Nickelodeon.
Among the data exposed in the leak was Viacom’s master key to its Amazon Web Services account, and the credentials required to build and maintain Viacom servers across its many subsidiaries and dozens of brands.
“Perhaps most damaging among the exposed data are Viacom’s secret cloud keys, an exposure that, in the most damaging circumstances, could put the international media conglomerate’s cloud-based servers in the hands of hackers,” an UpGuard blog post says.
“Such a scenario could enable malicious actors to launch a host of damaging attacks, using the IT infrastructure of one of the world’s largest broadcast and media companies.”
In other words, the access key and secret key for the company’s AWS account would have allowed hackers to compromise Viacom’s servers, storage, and databases under the AWS account.
According to the analysis performed by UpGuard, a number of cloud instances used within the media company’s IT toolchain, including Docker, Splunk, New Relic, and Jenkins, could have “thus been compromised in this manner.”
In addition to these damaging leaks, the unprotected server also contained GPG decryption keys, which can be used to unlock sensitive data. However, the server did not contain any customer or employee information.
Although it is unclear whether hackers were able to exploit this information to access important files belonging to Viacom and the firms it owns, the media giant said there’s no evidence anyone had abused its data.
“We have analyzed the data in question and determined there was no material impact,” the company said in a statement.
“Once Viacom became aware that information on a server—including technical information, but no employee or customer information—was publicly accessible, we rectified the issue.”
All the credentials have now been changed after UpGuard contacted Viacom executives privately, and the server was secured shortly afterwards.
This is not the first time when Vickery has discovered a company’s sensitive information stored on an unprotected AWS C3 server.
Vickery has previously tracked down many exposed datasets on the Internet, including personal details of over 14 million Verizon customers, a cache of 60,000 documents from a US military, information of over 191 Million US voter records, and 13 Million MacKeeper users.
Powered by WPeMatico
As part of its monthly security updates, Adobe has released patches for eight security vulnerabilities in its three products, including two vulnerabilities in Flash Player, four in ColdFusion, and two in RoboHelp—five of these are rated as critical.
Both of the Adobe Flash Player vulnerabilities can be exploited for remote code execution on the affected device, and both have been classified as critical.
None of the patched vulnerabilities has reportedly been exploited in the wild, according to the company.
The critical Flash Player flaws are tracked as CVE-2017-11281 and CVE-2017-11282 and were discovered by Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero, respectively.
Both the security vulnerabilities are memory corruption issues that could lead to remote code execution and affect all major operating system, including Windows, Macintosh, Linux and Chrome OS.
The vulnerabilities have been updated in the latest Flash Player version 18.104.22.168.
The remaining three critical and one important flaw reside in Cold Fusion, including a critical XML parsing flaw (CVE-2017-11286), an important XSS (cross-site scripting) bug (CVE-2017-11285) that could lead to information disclosure and mitigation for unsafe Java deserialization, resulting in remote code execution (CVE-2017-11283, CVE-2017-11284).
These vulnerabilities affect all platforms and have been discovered and reported by Nick Bloor of NCC Group, Daniel Sayk of Telekom Security and Daniel Lawson of Depth Security.
The issues have been patched in the latest Adobe ColdFusion version 2016 Release Update 5 and version 11 Update 13.
The rest of the two flaws—one important (CVE-2017-3104) and one rated moderate (CVE-2017-3105)—affects Windows version of Adobe’s help authoring tool RoboHelp.
The important bug is an input validation flaw that could allow for a DOM-based cross-site scripting (XSS) attack, while the moderate-severity invalidated URL redirect vulnerability could be used in phishing campaigns to deliver malware.
The vulnerabilities have been patched in the latest Adobe RoboHelp version RH2017.0.2 and RH22.214.171.1240 (Hotfix).
Although no exploits for these patched vulnerabilities have been spotted in the wild by the company, users are strongly advised to patch their software as soon as possible to protect themselves from any remote attack.
Powered by WPeMatico
It’s ironic—the company that offers credit monitoring and ID theft protection solutions has itself been compromised, exposing personal information of as many as 143 million Americans—that’s almost half the country.
Equifax, one of the largest credit reporting firm in the US, admitted today that it had suffered a massive data breach somewhere between mid-May and July, which was discovered on July 29.
Stolen data includes consumers’ names, Social Security numbers, birth dates for 143 million Americans, in some instances driving licence numbers, and credit card numbers for about 209,000 citizens.
The company said that some personal information for Canadian and British residents was also compromised.
Moreover, reportedly, three senior executives at Equifax, John Gamble (CFO), Joseph Loughran and Rodolfo Ploder, sold almost $2 million worth of their shares just days after the company learned of this massive hack.
Equifax says its investigation is ongoing.
Meanwhile, all Equifax customers are advised to visit http://www.equifaxsecurity2017.com website to check if their information has also been stolen.
Equifax is asking affected customers to sign up for credit-monitoring and identity theft protection services—isn’t this funny?
Don’t worry; it’s free for affected users.
Stay tuned for more information, stay safe online.
Powered by WPeMatico