skip to main |
skip to sidebar
Over 25,000 companies from all over the world rely on Atlassian’s
solutions, including organizations from the automotive, consulting,
education, engineering, entertainment, government, health and other
industries.
According to the advisory
published by Command Five, Crowd users should update their
installations as soon as possible because an exploit for a vulnerability
discovered in 2012 has become widely available.
The security hole can be leveraged by an attacker to retrieve data and
files from the Crowd server by crafting entity URLs. In addition, the
flaw can be leveraged for denial-of-service (DOS) attacks.
“If a hacker uses the vulnerability to retrieve a file containing
credentials, they can then authenticate with the Crowd server directly,
or use the exploit again to bypass trusted proxy/remote address
validation as described above,” the advisory reads.
“Successful exploitation of this vulnerability can (but does not
necessarily) lead to a hacker taking full control of an organization
single sign on service, potentially resulting in a catastrophic security
event. Regardless, successful exploitation is likely to enable high
velocity lateral movement within the targeted organization,” researchers
explain.
However, the patched vulnerability is not the main concern. Command Five
says there is at least one critical vulnerability in Crowd that hasn’t
been patched.
The flaw can be exploited by an unauthenticated remote attacker to take full control of any Crowd server they can connect to.
Cyber criminals can compromise application credentials, user credentials,
data storage, configured directories and dependent secure systems.
The messages that make the rounds on Instagram show pictures of fruit.
The pictures are accompanied by a bogus BBC News message which promotes
an “exclusive offer” for a fruit diet.
In some cases, the spammers continue to trick users by claiming that the diet has been recommended by Dr. Oz.
Unfortunately, the Instagram spam run appears to be highly successful. One of the links has been clicked more than 35,000 times already.
“Earlier today a small portion of our users experienced a spam
incident where unwanted photos were posted from their accounts. Our
security and spam team quickly took actions to secure the accounts
involved, and the posted photos are being deleted,”
Facebook, which owns
Instagram, has told Gigaom.Instagram has started resetting the passwords of the impacted users.
Security expert Janne Ahlberg has been closely monitoring
the evolution of the miracle diet spam campaign. Over the weekend, he
reported that spam messages were spotted not only on Twitter, but on
Facebook, Tumblr and Pinterest as well.
According to the Wall Street Journal, Facebook is working on a service that include iPhone users provides news . The business newspaper relies on unnamed sources to come. Organization itself from Facebook Reader news would bundling both users and publishers.
Facebook would already more than a year working on the service. Reader would look like Flipboard, the app that collects news based on the user preferences. The social network refused to comment to the Journal. Facebook would like to increase with Reader. Its attractiveness to advertisers in the mobile segment.
According to anonymous sources, Mark Zuckerberg personally oversee the project and in contrast to the development of other services is deliberately taken the time to a full-fledged news service to make it as good as possible to work on both smartphone and tablet Reader. Initially targeted at Apple's iOS as a platform.
According to Reuters,
several pieces of spying software have been identified on several
devices owned by Chen, including an iPhone and an iPad he had received
shortly after his arrival to the US from the wife of activist Bob Fu,
the man who runs the Christian group called ChinaAid.
After fleeing to the US last year in May, Chinese activist Chen Guangcheng
was given a fellowship at the New York University. Now that the period
of his fellowship has come to an end, some interesting aspects of the
story have come to light.
The presence of the spyware has been brought to light by NYU professor
Jerome Cohen and another individual familiar with the incident.
While some say that the devices were plagued with spy software right
from the start, others point the finger at the NYU for installing the
applications.
Among the spy applications, technicians found one that secretly turned
the devices into a tracking system, and a password-protected program
that uploaded data to a remote server.
The world has changed, and it is important for us to face certain
realities i.e; there’s a greater reliance on technology,this has led
to significantly less face-to-face interactions,even when such interactions occur, rarely are they wholly honest
conversations and this leaves most of us desperately resorting to
the web to engage in anonymous discussion boards or to create alias
Twitter accounts just to be heard.
The general idea behind unface.me: engage in anonymous and truthful
discourse with people you already know. This is done by connecting your
Facebook account to an unface.me alias (“AlterEgo”) that you create, and
then interacting with other users from your current network of friends
who also have AlterEgos.
How can this be used toward forming better relationships? Well, for
one thing, it will allow users to be completely honest about themselves.
A lot of topics are difficult to talk about (such as one’s mental
health) and have potential professional consequences (not getting hired
because of a history of depression). Unface.me can give people this
medium for expressing their emotions or thoughts honestly, without fear
of people knowing their true identity.
This anonymity also allows
for the changing of personal behaviors and the development of overall
empathy. As people learn sensitive things about their friends, they may
become more socially aware of and self-identifying with the daily
struggles of others, and thereby change their day-to-day behaviors or
interactions with them. So, the result? Closer bonds with those around
us.
We don’t have to sacrifice honesty in the age of social media.
If Dan Humphrey was able to pull off complete anonymity for five years
and end up with a closer set of friends, why shouldn’t we?
Try out unface.me for yourself.........!
Facebook just published a data breach notification on its security blog.
You might not immediately notice that from the title of the article,
which announces itself as an "Important Message from Facebook's White
Hat Program."
The cloud (bad pun intended) is that Facebook's systems made the fault possible in the first place.
What Facebook seems to be admitting to, in Friday's breach notification message, is that it was careless with the aggregated data accumulated from contact list uploads.
The problem, says Facebook, lay in its Download Your Information
(DYI) feature, which exists so you can suck down everything you've
previously entrusted to the social networking giant.
DYI improves availability, because it allows you to make your own off-site backup of everything you've stored on Facebook. It improves transparency, because it acts as a record of everything you've uploaded to Facebook over the years.But there was a bug in DYI, of the data leakage/unauthorised disclosure sort.
Apparently, DYI was capable of letting you download more than you'd uploaded in the first place.
Former NSA contractor Edward Snowden revealed on Saturday that the U.S. is tapping into Chinese mobile carriers to access customers’ text messages.
It’s not just a few messages, either. Snowden told the South China Morning Post that millions of Chinese text messages are being harvested by the U.S.
“China should set up a national information security review commission as soon as possible,” Snowden told the paper.
Chinese mobile users
sent over 900 billion text messages in 2012, according to government
statistics, so if Snowden’s claims are true, the United States’
surveillance isn’t too extensive in the grand scheme of things. (Chinese
officials likely won’t see the situation in that light though.)
The reveal will make an already rocky relationship between the U.S.
and China even more tumultuous. President Obama and China’s new
president Xi Jinping have already had several conversations about cybersecurity relations, and both leaders are also kicking off a series of regular talks between the two countries.
These days, fake Antivirus programs that run under Windows look just as
good as real, valid antivirus tools. They'll run a scan for free—a fast
one, since there's no actual scanning going on. However, to remove the
imaginary malware found by the scan, you'll have to pay up. In a recent
blog post, Symantec researcher Joji Hamada reported that this type of
malware has come to Android, and it's even more aggressive than the
typical Windows fake antivirus. Symantec calls the malware sample
featured in this post Android.Fakedefender, because it installs as a
trial version calling itself Android Defender.
The typical Windows-based fake antivirus programs attempt to scare
the user into paying for a registered version by displaying frightening
scan results, hence the name scareware.
They work hard to look just like a valid antivirus, to the point that
some even offer tech support. It's not uncommon for victims to express
outrage when a legitimate security product removes the fake one: "Hey,
that's my antivirus! I paid for that!"
Porn Discovered :
In what may be an attempt to
discourage you from seeking help, the fake antivirus reports that it has
detected malware attempting to steal pornographic content from the
phone. How embarrassing! At this point, you can't delete the fake
antivirus and can't launch any other apps. The only way to recover,
short of a hard reset, is to purchase the full version. It's effectively
holding your phone for ransom. Hamada didn't state whether paying the
ransom actually unlocks the phone.
F-Secure's Mikko Hypponen has gone on record stating that the biggest threat for Android users is losing your phone,
not malware. Hamada begs to differ, pointing out that malware like this
is really, really hard to remove once it gets a foothold. He advises
running mobile security software to keep threats like this from
installing in the first place.