3.1 C
London
Sunday, November 19, 2017
Home Tags User

Tag: User

Since the beginning of 2016, FireEye has discovered 240 phishing domains attempting to trick users into thinking they were Apple Inc. Hackers are using fake phishing domains to trick Apple users into giving up their Apple ID credentials, according to a new report from FireEye.Since the beginning of 2016, FireEye has tracked a number of phishing campaigns targeted against Apple users.

The phishing campaigns all include some form of a lure to trick unsuspecting users into entering their Apple ID into a fake login screen.

All Apple device owners use the Apple ID to get access to the company's services, including iTunes, App Store and iCloud data backups.As part of the subterfuge, the phishing campaign emails direct users to seemingly legitimate looking Apple sites that are hosted on domains that have the word "Apple" in them, but are not associated in any way with the company.

Among the domains are various combinations of the words, Apple and iCloud, including iCloud-Apple-apleid.com, appleie-xyw.com and iow-web-Apple.com.Since the beginning of 2016, FireEye has discovered 240 phishing domains attempting to trick users into thinking they were Apple Inc. Of those, FireEye found 86 targeting U.K. customers since January.

Domains specifically going after Chinese users are also common, with FireEye reporting 32 different domains registered in March alone. While FireEye was able to identify the spam domains targeting Apple users, it's not clear how many potential victims may have been exposed to the phishing domain campaigns. "Our system is designed to detect newly registered malicious domains," Fahim Abbasi, principal malware researcher at FireEye, told eWEEK. "We are not able to answer if there are specific targets."Looking across the 240 different Apple spam domains, FireEye found 154 unique email addresses were used to register the domains. Of those email addresses, 64 were on the qq.com email domain in China and 36 registrants had unique gmail.com email accounts.Going a step further to try and determine some form of attribution for the malicious spam domains, FireEye found that the observed Apple spam domains in China were pointing at 13 unique IP addresses found in the United States and China.

All of the U.K. spam domains were pointing to IP addresses in the United Kingdom.Abbasi noted that FireEye observed a peak of Apple spam domain registrations in the first quarter of 2016, but has seen a gradual decrease since then."We are now starting to log this information to get a better breakdown of stats," Abbasi said.From a user protection standpoint, the actual address for a link or a Website is generally viewable by users, either in a browser or when they hover over an email link.

As such, a cautious, informed user should be able to avoid falling prey to the Apple phishing domain campaigns.

That said, Abbasi noted that not all users are informed of the risks of phishing and all the domains listed contain keywords like: "Apple," "iTunes" and/or "iCloud.""Attackers exploit the human trust model, as we tend to trust brand names, and uses that to lure their victims into clicking and interacting with the phishing page," Abbasi said. "The majority of Internet users are not savvy enough to detect these minor variations in legitimate-looking-phishing URLs."Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com.

Follow him on Twitter @TechJournalist.
Enlarge@ChelseaGatesTV Online miscreants took over the National Football League's Twitter account and used it to falsely report the death of league commissioner Roger Goodell. During the brief span that @NFL was taken over, it followed exactly one new Twitter account—specifically, @IDissEverything, which has now been suspended.

Before the account was suspended, it claimed the password protecting the NFL Twitter feed was "olsen3culvercam88." The Daily Dot said someone connected to the IDissEverything account claimed the password was revealed after someone managed to get into the email of a social media staffer at the NFL, where we found the credentials in a message." It's still not clear how the group got access to the e-mail account. Tuesday's breach was only the latest one to affect a high-profile Twitter user.

Facebook founder and CEO Mark Zuckerberg recently saw his dormant Twitter account taken over by someone who discovered its password—"dadada"—was the same one that protected his LinkedIn account. Zuckerberg's LinkedIn account, in turn, had been compromised in a 2012 breach of the career networking site. Other celebrities, including Kate Perry, Lana Del Rey, and Kylie Jenner have also reportedly had their Twitter accounts taken over in recent days. In 2012 and 2013, a long list of news organizations also saw their Twitter accounts hijacked by a group calling itself the Syrian Electronic Army. When the group took over the Twitter account of the Associated Press, it used the unauthorized access to send a bogus report falsely claiming that the White House had been bombed and President Obama was injured. Twitter provides two-factor authentication through a smartphone app that makes account takeovers much harder to carry out. Users who are willing to divulge their phone number to the microblogging service should strongly consider using it.
Better yet, why have 50 million people downloaded it? Security biz Pentest is sounding alarms after it found an Android app it says has been downloaded 50 millions times despite being "little more than malware." UK-based Pentest said a whitepaper study [PDF] of the popular Flash Keyboard found that the Android app is "abusing" OS permissions, inserting potentially malicious ads, and tracking user behavior, then sending data to servers in China. "It is Pentest's opinion that this application was not written by the developers to be intentionally malicious," researchers said. "However, through disregard for Android's development policy and a desire to monetize a free application, have created an application that deceives users, gathers personal information and obstructs uninstallation." As its name would suggest, Flash Keyboard is a keyboard app for Android that supports multiple languages and describes itself as being "extremely adaptive to guarantee a fluent input in any situation." Pentest estimates that the app has been installed on more devices than WhatsApp. Behind that popular keyboard tool, however, sit potentially serious privacy concerns. Researchers with Pentest found a laundry list of permissions requested by Flash Keyboard that the software would not appear to require to operate.

Among those permissions were the ability to: Access the device's camera Post system alert messages, GPS and WiFi location data Replace the default lock screen with one displaying advertisements Terminate background processes (such as antivirus tools) Additionally, Pentest says, Flash Keyboard is collecting and transmitting user information including device manufacturer and model, IMEI (international mobile equipment identity) number, WiFi and MAC data, Android version, and GPS coordinates to within 1-3 meters (3.3-9.8 feet).

The data is being sent to servers in the US, the Netherlands, and China, where Pentest believes it is being used for analytics platforms. While those services may not pose an immediate threat to user privacy, researchers worry that the excessive permissions and overzealous data collection could easily be used for nefarious purposes. "In more sinister hands, this application could covertly download updates that weaponize the application; to exploit the granted privileges for mass or even targeted surveillance," Pentest researchers say. The Register has contacted Hong Kong-based developer DotC United (the developer of the app) for comment, but has yet to receive a response. Pentest says it also attempted to contact them, to no avail. Pentest said that while the Flash Keyboard app was taken down from the Play Store earlier this week, a similar keyboard written by the same developer has since taken its place. ® Sponsored: Rise of the machines
Over the last several days, several high-profile accounts, including those owned by Facebook CEO Mark Zuckerberg and artist Katy Perry, have been hacked.

The hacks, which arguably were hardest on Zuckerberg, who co-founded a social network and has long...
New detection identifies the fundamental behaviours at the heart of enterprise ransomware attacksInfosecurity Europe, UK (Stand S80) — 7 June 2016 — Vectra® Networks, the leader in automated threat management, today announced it has successfully enabled enterprise customers to halt ransomware attacks with a new class of threat detection capabilities available in its X-series platform, designed for real-time detection of in-progress cyber attacks. Ransomware is a type of malware that is installed on one or more computers in a network that encrypts data and demands that the user or organisation pay a ransom to the malware operators to decrypt the data. The FBI reported nearly 7,600 ransomware complaints between 2005 and 2015, almost one-third of which were received in 2015 and cost victim organisations roughly $57 million (£39 million). “With ransomware, everyone’s data is fair game and this makes it a very insidious attack,” said Oliver Tavakoli, CTO of Vectra Networks. “Unlike other crimeware models, attackers don’t need to worry about exfiltrating and reselling stolen data on the black market; they just need the data to be valuable to the victim.” “For organisations that have not implemented a perfect data backup strategy, this means they must pay up to get their data back or face the consequences, which could very well include risk to the operational livelihood of their business,” he added. As ransomware has evolved in the enterprise, the malware has moved beyond targeting an individual machine to systematically encrypting files on networked file shares that can have broad impact across an organisation. The new Vectra detection can identify ransomware within seconds of it encrypting files on networked file shares by recognising patterns of behaviour typically associated with ransomware. “Ransomware’s objective is to get inside a network and work quickly at encrypting as much data as possible to increase the likelihood of the ransom being paid,” said Tavakoli. “Our ransomware detection coupled with a simple defensive canary file share measure can significantly limit the damage of an attack. “With the new Vectra detection for ransomware activity, organisations can identify the early signs of a ransomware attack within moments of infection and help to shut it down before it has a chance to take hold on a customer’s network and cause significant damage.” The ransomware detection spots encryption across the network along with potential pre-cursor behaviours such as command-and-control (C&C) encryption key transmissions and network reconnaissance scans.
Vectra then automatically identifies, prioritises and alerts on these early signs within moments of infection, enabling timely remediation before the ransomware has a chance to take critical assets and files hostage. The new Vectra detection provides coverage against HydraCrypt, CTB Locker, CryptoWall, CryptoLocker, Locky, and many other ransomware variants.

The new ransomware detection is available in the Vectra X-series version 2.5 and later.

Current customers have already been automatically updated to this latest version. For more information on the ransomware pandemic, visit the Vectra Networks ransomware resource page. About Vectra NetworksVectra® Networks is the leader in automated threat management solutions for real-time detection of in-progress cyber attacks.

The company’s solution automatically correlates threats against hosts that are under attack and provides unique context about what attackers are doing so organisations can quickly prevent or mitigate loss.
Vectra prioritises attacks that pose the greatest business risk, enabling organisations to make rapid decisions on where to focus time and resources.
In 2015, Gartner named Vectra a Cool Vendor in Security Intelligence for addressing the challenges of post-breach threat detection.

The American Business Awards also selected Vectra as the Gold Award winner for Tech Startup of 2015.
Vectra investors include Khosla Ventures, Accel Partners, IA Ventures, AME Cloud Ventures and DAG Ventures.

The company’s headquarters are in San Jose, Calif., and it has European regional headquarters in Zurich, Switzerland. More information can be found at www.vectranetworks.com. # # # Vectra and the Vectra Networks logo are registered trademarks and Security that thinks, the Vectra Threat Labs, and the Threat Certainty Index are trademarks of Vectra Networks. Other brand, product and service names are trademarks, registered trademarks or service marks of their respective holders.
NEWS ANALYSIS: Facebook founder and CEO Mark Zuckerberg made a mistake that many, perhaps most, people make and reused passwords for some social networking sites. To some extent, the breach that got Facebook's Mark Zuckerberg was more an amusing lesson than a catastrophe. Zuckerberg's LinkedIn login information was taken in the massive breach of that service four years ago, but it wasn't made public until a few weeks ago. When hackers found Zuckerberg's password, they tried it in other places, briefly hijacked his Twitter and Pinterest accounts, and then bragged about it online.Fortunately, Zuckerberg has a top security team, so the password problem was fixed almost instantly.

Apparently, Zuckerberg overlooked the passwords on some accounts that he uses only infrequently, and when they were set up years ago, nobody thought much about security.

Today they do.One of the basic rules about security when it comes to passwords is that you should have unique passwords for every place you visit online that uses passwords and that you should change them periodically.

This is a good rule, and if everybody followed it, we'd see fewer breaches like the one that caught Zuckerberg.

But almost nobody follows the advice because it's hard. Really hard.Think of all the places where you enter your user name and password and add them all up.
It will certainly be in the dozens when you count your corporate, financial and sensitive services, such as your medical records.

Then add your social media sites, recreational and shopping sites, and you could start getting into the hundreds.

This would mean that you create and keep track of hundreds of unique passwords that are complex enough to preclude guessing. It also requires making sure they can't be guessed because user names are frequently known publicly, what with the current trend of requiring your email address as your user name on many sites.

This means that a hacker really only has to guess one thing to get into your accounts—your password.
So it needs to be good. And now we come to the problem that confronted Zuckerberg and which almost certainly confronts you now. How do you create those passwords and how do you keep track of them? It's a daunting task, especially in cases where it's an account you rarely use.Fortunately, there's an answer. Password managers are available from a variety of sources.

They're frequently free for individuals, but there are also enterprise password managers.

There are a couple of very nice, very secure password management devices for situations when software on your computer or in the cloud just isn't secure enough.For years, I've used the password manager from Mandylion Labs for things that are really important.

This is a token that will create complex passwords for you, and it will keep track of up to 50 logins. You can access the token through a keypad and small screen or through a USB connection.

The keypad requires a coded set of button presses, and if you get them wrong, it can lock the token or erase it completely.Not everyone is ready for a password manager with military-grade security, so there are plenty of software password managers available. Most will work on Windows computers and on Android and iOS devices.
Some will also work on Mac OS devices.
Driver bugs leave kit open to hijacking It's the first Monday of the month, and that means another batch of patches for Android, fixing flaws that can be exploited by apps and webpages to hijack devices. As usual, if you're not using a Google Nexus device, you're at the mercy of your manufacturer and phone carrier to approve and distribute these updates, which may take some time.

Although Google Play Services on Android gadgets can install updates quietly in the background direct from Google, it can't reach the lowest levels of the operating system – which is precisely where these bugs lurk. Nexus devices get their updates straight from Google. Of the eight critical flaws fixed this month, six are present in Qualcomm-powered phones and fondleslabs: two in each of its sound and GPU drivers, and a one in each of the firm's video and Wi-Fi drivers.

All six allow apps installed on the devices to either enter kernel space and completely hijack the gadget to steal passwords and spy on victims. If a handheld is infected with malware via one of these vulnerabilities, you'll need to do a complete wipe and reflash of the firmware to remove the software nasty. The other two critical patches this month, as well as the bulk of lesser-severity patches, cover Android's Mediaserver and libwebm code.
Specially crafted audio and video files viewed on a vulnerable device – imagine receiving an MMS text or viewing a web page bobby-trapped with an evil video – can exploit these holes to execute malicious code with high privileges on the device. Ten of the remaining 32 high- and moderate-severity flaw fixes also cover Qualcomm kit, with Broadcom's dodgy Wi-Fi drivers contributing another couple and Nvidia's camera driver also showing problems.

These holes can be potentially abused by apps to gain extra permissions to snoop on owners or cause trouble. Twelve of these lower-ranked flaws in Mediaserver cover malicious apps being able to gain Signature or SignatureOrSystem privileges on the device, as does one flaw in the SD card emulation layer of Android.

This could allow a specially crafted app with the right system image certification to run code without asking the user first. Google is well aware of the problems with its Mediaserver.

The Chocolate Factory is addressing the problem in the forthcoming Android N by rewriting and siloing media handling components in the operating system in the new build. This month's security bugs are present in Android versions 4.4.4 (32.5 per cent of devices), 5.0.2 (16 per cent), 5.1.1 (19 per cent), 6.0 and 6.0.1 (7.5 per cent).

Earlier builds are no longer supported.

Although Google only lists which Nexus models are affected in its security advisory, other manufacturers' phones are also affected. Android does feature various mechanisms – such as ASLR – to block the exploitation of security bugs, although they can be potentially sidestepped. You can see the full list here.

Get busy patching – if you can – because you can be sure miscreants will be finding new ways to exploit these programming cockups. ® Issue CVE Severity Affects Nexus? Remote Code Execution Vulnerability in Mediaserver CVE-2016-2463 Critical Yes Remote Code Execution Vulnerabilities in libwebm CVE-2016-2464 Critical Yes Elevation of Privilege Vulnerability in Qualcomm Video Driver CVE-2016-2465 Critical Yes Elevation of Privilege Vulnerability in Qualcomm Sound Driver CVE-2016-2466CVE-2016-2467 Critical Yes Elevation of Privilege Vulnerability in Qualcomm GPU Driver CVE-2016-2468CVE-2016-2062 Critical Yes Elevation of Privilege Vulnerability in Qualcomm WiFi Driver CVE-2016-2474 Critical Yes Elevation of Privilege Vulnerability in Broadcom WiFi Driver CVE-2016-2475 High Yes Elevation of Privilege Vulnerability in Qualcomm Sound Driver CVE-2016-2066CVE-2016-2469 High Yes Elevation of Privilege Vulnerability in Mediaserver CVE-2016-2476CVE-2016-2477CVE-2016-2478CVE-2016-2479CVE-2016-2480CVE-2016-2481CVE-2016-2482CVE-2016-2483CVE-2016-2484CVE-2016-2485CVE-2016-2486CVE-2016-2487 High Yes Elevation of Privilege Vulnerability in Qualcomm Camera Driver CVE-2016-2061CVE-2016-2488 High Yes Elevation of Privilege Vulnerability in Qualcomm Video Driver CVE-2016-2489 High Yes Elevation of Privilege Vulnerability in NVIDIA Camera Driver CVE-2016-2490CVE-2016-2491 High Yes Elevation of Privilege Vulnerability in Qualcomm WiFi Driver CVE-2016-2470CVE-2016-2471CVE-2016-2472CVE-2016-2473 High Yes Elevation of Privilege Vulnerability in MediaTek Power Management Driver CVE-2016-2492 High Yes Elevation of Privilege Vulnerability in SD Card Emulation Layer CVE-2016-2494 High Yes Elevation of Privilege Vulnerability in Broadcom WiFi Driver CVE-2016-2493 High Yes Remote Denial of Service Vulnerability in Mediaserver CVE-2016-2495 High Yes Elevation of Privilege Vulnerability in Framework UI CVE-2016-2496 Moderate Yes Information Disclosure Vulnerability in Qualcomm WiFi Driver CVE-2016-2498 Moderate Yes Information Disclosure Vulnerability in Mediaserver CVE-2016-2499 Moderate Yes Information Disclosure Vulnerability in Activity Manager CVE-2016-2500 Moderate Yes Sponsored: Rise of the machines
An update for spice is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact ofImportant.

A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. The Simple Protocol for Independent Computing Environments (SPICE) is a remotedisplay system built for virtual environments which allows the user to view acomputing 'desktop' environment not only on the machine where it is running, butfrom anywhere on the Internet and from a wide variety of machine architectures.Security Fix(es):* A memory allocation flaw, leading to a heap-based buffer overflow, was foundin spice's smartcard interaction, which runs under the QEMU-KVM context on thehost.

A user connecting to a guest VM using spice could potentially use thisflaw to crash the QEMU-KVM process or execute arbitrary code with the privilegesof the host's QEMU-KVM process. (CVE-2016-0749)* A memory access flaw was found in the way spice handled certain guests usingcrafted primary surface parameters.

A user in a guest could use this flaw toread from and write to arbitrary memory locations on the host. (CVE-2016-2150)The CVE-2016-0749 issue was discovered by Jing Zhao (Red Hat) and theCVE-2016-2150 issue was discovered by Frediano Ziglio (Red Hat). For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258Applications acting as a SPICE server must be restarted for this update to takeeffect. Note that QEMU-KVM guests providing SPICE console access must berestarted for this update to take effect.Red Hat Enterprise Linux Desktop (v. 7) SRPMS: spice-0.12.4-15.el7_2.1.src.rpm     MD5: fa498221bcac8a0b6d7f5750b4d6106cSHA-256: 7f7d26048b3d202b50a0405b7de2cf51b4f0b25645723ff86b2484d381faf001   x86_64: spice-debuginfo-0.12.4-15.el7_2.1.x86_64.rpm     MD5: a846b173b0662df2d48f7ab38d9f1aa6SHA-256: cfdbf521f6edd70b9f0760eb8ff61c80b9eabcf875a99cb7ea203dd5546dc0f3 spice-server-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 86d5ac6bcf54a6e43b87e41ad875fce0SHA-256: 2456ef2cddf86fc496327c16f5d3784393d19d44c2d1614b97013ee241fd93df spice-server-devel-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 409a3c540f0f025c321ea6f1efff31ebSHA-256: afd2b0a278b7e62ef570c764e8d03cba6d925845e35bae78cd142fb7fffa1e8a   Red Hat Enterprise Linux HPC Node (v. 7) SRPMS: spice-0.12.4-15.el7_2.1.src.rpm     MD5: fa498221bcac8a0b6d7f5750b4d6106cSHA-256: 7f7d26048b3d202b50a0405b7de2cf51b4f0b25645723ff86b2484d381faf001   x86_64: spice-debuginfo-0.12.4-15.el7_2.1.x86_64.rpm     MD5: a846b173b0662df2d48f7ab38d9f1aa6SHA-256: cfdbf521f6edd70b9f0760eb8ff61c80b9eabcf875a99cb7ea203dd5546dc0f3 spice-server-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 86d5ac6bcf54a6e43b87e41ad875fce0SHA-256: 2456ef2cddf86fc496327c16f5d3784393d19d44c2d1614b97013ee241fd93df spice-server-devel-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 409a3c540f0f025c321ea6f1efff31ebSHA-256: afd2b0a278b7e62ef570c764e8d03cba6d925845e35bae78cd142fb7fffa1e8a   Red Hat Enterprise Linux HPC Node EUS (v. 7.2) SRPMS: spice-0.12.4-15.el7_2.1.src.rpm     MD5: fa498221bcac8a0b6d7f5750b4d6106cSHA-256: 7f7d26048b3d202b50a0405b7de2cf51b4f0b25645723ff86b2484d381faf001   x86_64: spice-debuginfo-0.12.4-15.el7_2.1.x86_64.rpm     MD5: a846b173b0662df2d48f7ab38d9f1aa6SHA-256: cfdbf521f6edd70b9f0760eb8ff61c80b9eabcf875a99cb7ea203dd5546dc0f3 spice-server-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 86d5ac6bcf54a6e43b87e41ad875fce0SHA-256: 2456ef2cddf86fc496327c16f5d3784393d19d44c2d1614b97013ee241fd93df spice-server-devel-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 409a3c540f0f025c321ea6f1efff31ebSHA-256: afd2b0a278b7e62ef570c764e8d03cba6d925845e35bae78cd142fb7fffa1e8a   Red Hat Enterprise Linux Server (v. 7) SRPMS: spice-0.12.4-15.el7_2.1.src.rpm     MD5: fa498221bcac8a0b6d7f5750b4d6106cSHA-256: 7f7d26048b3d202b50a0405b7de2cf51b4f0b25645723ff86b2484d381faf001   x86_64: spice-debuginfo-0.12.4-15.el7_2.1.x86_64.rpm     MD5: a846b173b0662df2d48f7ab38d9f1aa6SHA-256: cfdbf521f6edd70b9f0760eb8ff61c80b9eabcf875a99cb7ea203dd5546dc0f3 spice-server-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 86d5ac6bcf54a6e43b87e41ad875fce0SHA-256: 2456ef2cddf86fc496327c16f5d3784393d19d44c2d1614b97013ee241fd93df spice-server-devel-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 409a3c540f0f025c321ea6f1efff31ebSHA-256: afd2b0a278b7e62ef570c764e8d03cba6d925845e35bae78cd142fb7fffa1e8a   Red Hat Enterprise Linux Server AUS (v. 7.2) SRPMS: spice-0.12.4-15.el7_2.1.src.rpm     MD5: fa498221bcac8a0b6d7f5750b4d6106cSHA-256: 7f7d26048b3d202b50a0405b7de2cf51b4f0b25645723ff86b2484d381faf001   x86_64: spice-debuginfo-0.12.4-15.el7_2.1.x86_64.rpm     MD5: a846b173b0662df2d48f7ab38d9f1aa6SHA-256: cfdbf521f6edd70b9f0760eb8ff61c80b9eabcf875a99cb7ea203dd5546dc0f3 spice-server-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 86d5ac6bcf54a6e43b87e41ad875fce0SHA-256: 2456ef2cddf86fc496327c16f5d3784393d19d44c2d1614b97013ee241fd93df spice-server-devel-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 409a3c540f0f025c321ea6f1efff31ebSHA-256: afd2b0a278b7e62ef570c764e8d03cba6d925845e35bae78cd142fb7fffa1e8a   Red Hat Enterprise Linux Server EUS (v. 7.2) SRPMS: spice-0.12.4-15.el7_2.1.src.rpm     MD5: fa498221bcac8a0b6d7f5750b4d6106cSHA-256: 7f7d26048b3d202b50a0405b7de2cf51b4f0b25645723ff86b2484d381faf001   x86_64: spice-debuginfo-0.12.4-15.el7_2.1.x86_64.rpm     MD5: a846b173b0662df2d48f7ab38d9f1aa6SHA-256: cfdbf521f6edd70b9f0760eb8ff61c80b9eabcf875a99cb7ea203dd5546dc0f3 spice-server-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 86d5ac6bcf54a6e43b87e41ad875fce0SHA-256: 2456ef2cddf86fc496327c16f5d3784393d19d44c2d1614b97013ee241fd93df spice-server-devel-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 409a3c540f0f025c321ea6f1efff31ebSHA-256: afd2b0a278b7e62ef570c764e8d03cba6d925845e35bae78cd142fb7fffa1e8a   Red Hat Enterprise Linux Workstation (v. 7) SRPMS: spice-0.12.4-15.el7_2.1.src.rpm     MD5: fa498221bcac8a0b6d7f5750b4d6106cSHA-256: 7f7d26048b3d202b50a0405b7de2cf51b4f0b25645723ff86b2484d381faf001   x86_64: spice-debuginfo-0.12.4-15.el7_2.1.x86_64.rpm     MD5: a846b173b0662df2d48f7ab38d9f1aa6SHA-256: cfdbf521f6edd70b9f0760eb8ff61c80b9eabcf875a99cb7ea203dd5546dc0f3 spice-server-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 86d5ac6bcf54a6e43b87e41ad875fce0SHA-256: 2456ef2cddf86fc496327c16f5d3784393d19d44c2d1614b97013ee241fd93df spice-server-devel-0.12.4-15.el7_2.1.x86_64.rpm     MD5: 409a3c540f0f025c321ea6f1efff31ebSHA-256: afd2b0a278b7e62ef570c764e8d03cba6d925845e35bae78cd142fb7fffa1e8a   (The unlinked packages above are only available from the Red Hat Network) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
An update for spice-server is now available for Red Hat Enterprise Linux 6.Red Hat Product Security has rated this update as having a security impact ofImportant.

A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. The Simple Protocol for Independent Computing Environments (SPICE) is a remotedisplay protocol for virtual environments.
SPICE users can access a virtualizeddesktop or server from the local system or any system with network access to theserver.
SPICE is used in Red Hat Enterprise Linux for viewing virtualized guestsrunning on the Kernel-based Virtual Machine (KVM) hypervisor or on Red HatEnterprise Virtualization Hypervisors.Security Fix(es):* A memory allocation flaw, leading to a heap-based buffer overflow, was foundin spice's smartcard interaction, which runs under the QEMU-KVM context on thehost.

A user connecting to a guest VM using spice could potentially use thisflaw to crash the QEMU-KVM process or execute arbitrary code with the privilegesof the host's QEMU-KVM process. (CVE-2016-0749)* A memory access flaw was found in the way spice handled certain guests usingcrafted primary surface parameters.

A user in a guest could use this flaw toread from and write to arbitrary memory locations on the host. (CVE-2016-2150)The CVE-2016-0749 issue was discovered by Jing Zhao (Red Hat) and theCVE-2016-2150 issue was discovered by Frediano Ziglio (Red Hat). For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258Applications acting as a SPICE server must be restarted for this update to takeeffect. Note that QEMU-KVM guests providing SPICE console access must berestarted for this update to take effect.Red Hat Enterprise Linux Desktop (v. 6) SRPMS: spice-server-0.12.4-13.el6.1.src.rpm     MD5: b3f8e98369ffe2a12871cd096454d076SHA-256: d8bb9d53f30bfacd83374c41373aecf1f22b7a044e118905fc1fb820f95bf2c6   x86_64: spice-server-0.12.4-13.el6.1.x86_64.rpm     MD5: 14c5132e7ecc548d4127a1b9da1f0538SHA-256: 9dc528a7ff0e61ffe9504c2e633ece38c2c0f7656fbf6b5907195c07527ec737 spice-server-debuginfo-0.12.4-13.el6.1.x86_64.rpm     MD5: 9947e8c8707408bafe91ed327503ac5dSHA-256: 030067f06dc95f77a27d33428296c3e6febad54c3cf6cb5d3909d0da502ed9f5 spice-server-devel-0.12.4-13.el6.1.x86_64.rpm     MD5: 79d4a4d9c28a657b5df42c6424664255SHA-256: 5ca731677bebd967f6d9d356e37aeb822ee5202243c37eaa23249bd42d26c042   Red Hat Enterprise Linux HPC Node (v. 6) SRPMS: spice-server-0.12.4-13.el6.1.src.rpm     MD5: b3f8e98369ffe2a12871cd096454d076SHA-256: d8bb9d53f30bfacd83374c41373aecf1f22b7a044e118905fc1fb820f95bf2c6   x86_64: spice-server-0.12.4-13.el6.1.x86_64.rpm     MD5: 14c5132e7ecc548d4127a1b9da1f0538SHA-256: 9dc528a7ff0e61ffe9504c2e633ece38c2c0f7656fbf6b5907195c07527ec737 spice-server-debuginfo-0.12.4-13.el6.1.x86_64.rpm     MD5: 9947e8c8707408bafe91ed327503ac5dSHA-256: 030067f06dc95f77a27d33428296c3e6febad54c3cf6cb5d3909d0da502ed9f5 spice-server-devel-0.12.4-13.el6.1.x86_64.rpm     MD5: 79d4a4d9c28a657b5df42c6424664255SHA-256: 5ca731677bebd967f6d9d356e37aeb822ee5202243c37eaa23249bd42d26c042   Red Hat Enterprise Linux Server (v. 6) SRPMS: spice-server-0.12.4-13.el6.1.src.rpm     MD5: b3f8e98369ffe2a12871cd096454d076SHA-256: d8bb9d53f30bfacd83374c41373aecf1f22b7a044e118905fc1fb820f95bf2c6   x86_64: spice-server-0.12.4-13.el6.1.x86_64.rpm     MD5: 14c5132e7ecc548d4127a1b9da1f0538SHA-256: 9dc528a7ff0e61ffe9504c2e633ece38c2c0f7656fbf6b5907195c07527ec737 spice-server-debuginfo-0.12.4-13.el6.1.x86_64.rpm     MD5: 9947e8c8707408bafe91ed327503ac5dSHA-256: 030067f06dc95f77a27d33428296c3e6febad54c3cf6cb5d3909d0da502ed9f5 spice-server-devel-0.12.4-13.el6.1.x86_64.rpm     MD5: 79d4a4d9c28a657b5df42c6424664255SHA-256: 5ca731677bebd967f6d9d356e37aeb822ee5202243c37eaa23249bd42d26c042   Red Hat Enterprise Linux Workstation (v. 6) SRPMS: spice-server-0.12.4-13.el6.1.src.rpm     MD5: b3f8e98369ffe2a12871cd096454d076SHA-256: d8bb9d53f30bfacd83374c41373aecf1f22b7a044e118905fc1fb820f95bf2c6   x86_64: spice-server-0.12.4-13.el6.1.x86_64.rpm     MD5: 14c5132e7ecc548d4127a1b9da1f0538SHA-256: 9dc528a7ff0e61ffe9504c2e633ece38c2c0f7656fbf6b5907195c07527ec737 spice-server-debuginfo-0.12.4-13.el6.1.x86_64.rpm     MD5: 9947e8c8707408bafe91ed327503ac5dSHA-256: 030067f06dc95f77a27d33428296c3e6febad54c3cf6cb5d3909d0da502ed9f5 spice-server-devel-0.12.4-13.el6.1.x86_64.rpm     MD5: 79d4a4d9c28a657b5df42c6424664255SHA-256: 5ca731677bebd967f6d9d356e37aeb822ee5202243c37eaa23249bd42d26c042   (The unlinked packages above are only available from the Red Hat Network) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
A hacker or hacking group going by the name of "OurMine Team" briefly took control of Facebook chief Mark Zuckerberg's Twitter and Pinterest accounts, apparently using information from a major LinkedIn security breech that occurred in 2012.According to OurMine Team, the passwords to Zuckerberg's little-used Pinterest and totally dormant Twitter accounts were apparently the same as those for his LinkedIn login ("dadada").

Both Twitter and Pinterest rapidly restored control of the accounts over the weekend, and the rogue posts have now been removed—though not before they were screencapped: Ouch. Mark Zuckerberg's social media accounts have been hacked pic.twitter.com/KvVmXOIg5s — Ben Hall (@Ben_Hall) June 5, 2016 LinkedIn's 2012 breach was significant and embarrassing for the company, and resulted in the theft of millions of passwords and other user information. Users were warned at the time to change their LinkedIn passwords, and those on any other platform on which they were reused.

This is clearly evergreen advice, as it isn't hard for a determined hacker to cross-reference someone's username and password information with other sites. There's no evidence of any widespread damage stemming from the Zuckerberg account compromoise—not least because Zuckerberg seemingly hasn't tweeted since 2012. OurMine took the opportunity to tweet “you were in Linkedin Database… DM for proof.” Over on Zuckerberg's Pinterest account, the name was changed to read: “Hacked By OurMine Team.” OurMine claimed that it had also accessed Zuckerberg’s Instagram account.

Facebook, which owns the popular photo-sharing site, denied Zuckerberg's Instagram account had been compromised, telling VentureBeat: “No Facebook systems or accounts were accessed.

The affected accounts have been re-secured.” Ars has sought comment from Facebook and will update if we hear back. This post originated on Ars Technica UK
Secure Cloudlink eliminates the need for passwords safeguarding organisations from cyber attack, security breaches, support costs and software license abuseA new, patented cloud services brokerage (CSB) solution providing secure identity management and cloud services distribution has been launched designed specifically to eliminate the need for passwords. The solution from British cloud security software company Secure Cloudlink Ltd – Secure Cloudlink – supports three factor, SSO (single sign on) and biometric user authentication but unlike other solutions in the market, does not store, send or replicate any user credentials outside of an organisations’ directory service. Secure Cloudlink acts as a secure, centralised user authentication and application to manage all users access rights to all authorised applications without the need to create and manage internal domains. Brian Keats, CEO, Secure Cloudlink Ltd, stated: “Passwords are quickly evolving into an untenable means of authentication because of their fundamental security vulnerabilities.

That evolution is being accelerated by the dramatic shift to mobile computing and the ever-rising tide of data breaches. We identified the need for a fundamentally new way of anonymous authentication bypassing the vulnerabilities that exist because of the inherent properties of passwords being human-accessible shared secrets.” “It’s impossible to use the same password everywhere because different sites insist on different password formats.

Even if it were possible, it wouldn’t be sensible.
So we tend to use many different passwords and then forget which password to use for what, so resort to using similar passwords and never changing them, or to writing them down.

Either way, security is compromised.” According to Gartner in its report ‘Design IT Self Service for the Business Consumer’ “password resets account for as much as 40 per cent of IT service desk contact value.”[1] Designed from the ground up with security in mind Secure Cloudlink’s Cloud Services Brokerage platform overcomes identity security issues associated with passwords by the inclusion of a unique and patented token passing technology.

This advanced authentication method requires no user credentials to be stored separately or outside of the directory service dramatically reducing the risk of a cyber breach and costs associated with password reminders. “This usability problem has got worse in recent years through the ubiquity of smaller keyboards such as those on mobile devices, more complex requirements for “password strength” at many sites, and the introduction of one-time-passcodes as a second factor “secret” that forces the users to type not one, but two passcodes every time they authenticate,” continued Brian. “Although some organisations are investing in technology to automate password resets to reduce the number of calls user credentials still persist exposing the organisation to the threat of cyber attack.

At SCL our approach is to eliminate the passwords and streamline the granting of access to applications, IT resources and on-line services.” Secure Cloudlink is the only platform that anonymises user identities over the web for secure access to cloud services.
Its unique technology never requires access or stores user security credentials when connecting internal users, customers and suppliers to web-based applications. The use of Federated Security authentication, also means that network users can enjoy seamless and secure access to multiple cloud services without even appearing to have left the corporate network. With a secure single-sign-on Secure Cloudlink reduces IT service desk time managing multiple passwords by deploying users with a single, secure access point for access to their applications via their desktop, tablet or mobile. Users can be provisioned access both at single and group level, and with a bulk upload facility.

Furthermore, Secure Cloudlink provides an environment that allows centralised management access to employees, contractors, suppliers and customers without creating new domains and user accounts in an existing directory. The company has already sold the Secure Cloudlink solution to a number of customers across a diverse range of markets including government, SaaS providers, and financial institutions.
It is a highly applicable solution for any organisation looking to provide a simple, secure yet password free user access to cloud and on-premise applications and services. [1] Gartner, Design IT Self Service for the Business Consumer, February 19, 2014, Gartner Foundational July 6, 2015 -ENDS- NOTES TO EDITORSAbout Secure CloudlinkSecure Cloudlink – no passwords Secure Cloudlink is a patented cloud services brokerage (CSB) solution providing both secure identity management and cloud services distribution which uniquely eliminates the use of passwords. Unlike other user authentication solutions Secure Cloudlink does not store transmit or replicate user credentials ‘behind the scenes’ removing the security risks, frustrations, system and cost overheads associated with issuing and maintaining passwords. Including biometric user interfaces, multi-factor authentication and single sign on (SSO) capabilities , Secure Cloudlink is a highly cost competitive, secure, and centrally managed access solution to on-premise and SaaS applications including, financial services, Microsoft Office 365 and Mimecast. For further information please go to http://www.securecloudlink.com/ ContactsRob GaskinSecure Cloudlink LtdT: +44 (0)1372 888 660E: rob.gaskin@securecloudlink.com Beau Bass/Nick Bird (media enquires)SpreckleyTel: 0044 (0)207 388 9988Email: securecloudlink@spreckley.co.uk
Commissioned by Nok Nok Labs, the White Paper evaluates key privacy implications of processing biometric data; comparing the benefits and risks of on-device and on-server matching for biometric authenticationLondon, UK – May 12, 2016 – Nok Nok Labs, an innovator in modern authentication and a founding member of the FIDO (Fast IDentity Online) Alliance, today published a White Paper from PwC Legal comparing key privacy implications of on-device and on-server matching of biometric data. Phillip Dunkelberger, President & CEO of Nok Nok Labs For organisations considering biometrics as they move away from reliance on usernames and passwords, the report highlights why device-side matching of biometric data is a compelling approach to satisfy key privacy requirements on cross-border personal data transfers, as well as providing the benefits of individual choice and control around such personal data. Biometric data is considered to be sensitive personal data and some jurisdictions have already specifically referenced it in privacy guidance and legislation.

This paper emphasises key privacy considerations, sets out the implications of processing biometric data in the EU, Switzerland, Canada, USA and the Asia-Pacific region, and touches on best practice recommendations in these jurisdictions. “Biometric authentication and verification can be one of the most secure ways to control access to restricted systems and information,” said Stewart Room, partner at PwC Legal. “Unlike authentication based on traditional passwords, authentication through biometric data is easier to use in practice, and can be far more secure. “However, this is a double-edged sword, because biometric data is extremely sensitive due to its uniqueness and how intrinsic it is to a specific individual.

Additional efforts must be made to keep this data secure including choosing a proper compliance system and infrastructure, training staff how to handle it and protecting it from unauthorised access or disclosure.” Other key findings in the White Paper include: Freely given, informed user consent is required before processing biometric data in almost every jurisdiction covered in the White Paper With centralised storage of biometric data, the potential for large-scale loss of data is significantly increased On-device authentication will generally avoid international cross-border biometric data transfer implications.

Conversely, on-server authentication for a global network of biometric users results in international transfers of data; transfer of personal data, including biometric data, out of a jurisdiction is generally restricted “Biometrics are a compelling way to improve mobile application usability and avoid the security pitfalls of username/passwords, but significant privacy concerns come into play,” said Phillip Dunkelberger, President & CEO of Nok Nok Labs. “With biometrics, it is crucial to understand the difference between on-device and on-server matching, as the difference between the two approaches significantly affects the risk and exposure of data in a breach.

The on-device approach, as used by Nok Nok Labs technology, ensures optimal privacy for biometric information.” The full report can be found here: https://go.noknok.com/PwCLegal-Biometric-WP.html. # # # About PwC LegalAt PwC Legal we combine legal advice with the expertise of professionals in Tax, Accounting and HRS to provide our clients with commercial solutions to the most complex business issues. We're a network of 2,500 legal experts in over 85 countries committed to delivering an exceptional service to clients and experience for our people.

The white paper has been prepared by PwC Legal LLP upon request by Nok Nok Labs, Inc, and does not constitute legal advice. About Nok Nok LabsNok Nok Labs provides organisations with the ability to bring a unified approach to deploy easy to use and secure authentication infrastructure to their mobile and web applications, using standards-based solutions that include support for FIDO and other specifications.

The Nok Nok S3 Authentication Suite enables organisations to accelerate revenues, reduce fraud, and strengthen security and privacy. Nok Nok Labs is a founding member of the FIDO Alliance with industry leading customers and partners that include NTT DOCOMO, PayPal, Alipay, Samsung and Lenovo.

For more information, visit www.noknok.com. Nok Nok Labs, Nok Nok and NNL are all trademarks of Nok Nok Labs, Inc.

FIDO is a trademark of the Fast IDentity (FIDO) Online Alliance.
Media contacts for Nok Nok LabsLindsey Challis or Gemma WhiteNok Nok Labs team at Finn Partners+44 020 3217 7060NNL@finnpartners.com Tom RiceNok Nok Labs team at Merritt Group+1 703-856-2218NNLPR@merrittgrp.com