A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site

Alerts

Adobe security update

Adobe has released security update to address vulnerability in Adobe Acrobat and Reader for Windows and MacOS. Exploitation of the vulnerability may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Adobe Security Bulletin and apply necessary updates.

NOTICE TO FACEBOOK USERS

  1. Introduction

On Tuesday, 25th September 2018, Facebook Team released security notice to all users on security breach occurred on Facebook platform. Findings have revealed that unknown malicious actor hacked the site and managed to compromise about 50 million users’ accounts.

Earlier investigation revealed that, the breach was caused by security vulnerabilities that were persisting in Facebook source code. Due to that, attacker was able to exploit the vulnerabilities and be able to impact “VIEW AS” a feature on Facebook that let users see how their own profile looks like to someone else. Following the exploitation, the attacker was able to steal Facebook access-tokens and thereafter taking control of users’ accounts.

Access-tokens are equivalent to digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the application.

  1. Source

The source of vulnerabilities was a change that was effected by Facebook Team on video uploading feature in July 2017, which impacted “View As” feature.

  1. Impact

Facebook Security Team is yet to establish whether there is any misuse of compromised accounts or disclosure of users’ information.

  1. Remediation

Until now, Facebook security team has implemented a number of security measures to address the matter which includes the following:-

a. Fixed the vulnerabilities and informed law enforcement on security breach for appropriate legal actions.

b. Reset the access tokens of the almost 50 million accounts known to be affected to protect their security.

c. Took the precautionary measure to reset access tokens for another 40 million user accounts that have been subject to a “View As” look-up in the last year. In view of this action, about 90 million users will now have to log back in to Facebook, or any of their apps that use Facebook username and password to login. On successful log back in, users will get a notification at the top of their News Feed explaining what happened as shown in the figure below.

d. Temporarily turned off the “View As” feature while conducting a detailed security review.

5. Important to users

Following security measure undertaken by Facebook Security Team, there is no need for users to change their passwords. For those who are facing difficulties to log back into Facebook application i.e. forgotten their password or any other reasons should visit Facebook Help Center.

And in case anyone wants to take the precautionary measure to log out of Facebook, they should visit the “ Security and Login” section in settings.

  1. Reference
  1. https://newsroom.fb.com/news/2018/09/security-update/

Cisco Security Updates

Cisco has released security updates to address vulnerabilities to its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and Administrators are encouraged to review released Cisco Security Advisories and apply necessary updates. For more information click links below.

  1. Cisco IOS and IOS XE Software OSPFv3 Denial of Service Vulnerability
  2. Cisco IOS XE Software and Cisco ASA 5500-X Series Adaptive Security Appliance IPsec Denial of Service Vulnerability
  3. Cisco IOS XE Software Web UI Denial of Service Vulnerability
  4. Cisco IOS XE Software Web UI Denial of Service Vulnerability
  5. Cisco IOS XE Software HTTP Denial of Service Vulnerability
  6. Cisco IOS and IOS XE Software SM-1T3/E3 Service Module Denial of Service Vulnerability
  7. Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability
  8. Cisco IOS Software Precision Time Protocol Denial of Service Vulnerability
  9. Cisco IOS and IOS XE Software IPv6 Hop-by-Hop Options Denial of Service Vulnerability
  10. Cisco IOS XE Software Command Injection Vulnerabilities
  11. Cisco IOS XE Software Errdisable Denial of Service Vulnerability
  12. Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability
  13. Cisco IOS XE Software Cisco Discovery Protocol Memory Leak Vulnerability
  14. Cisco Webex Meetings Client for Windows Privilege Escalation Vulnerability

Cisco Security Update

Cisco has released security update to address vulnerabilities in Cisco IOS XE and Cisco Webex Network Recording Player. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Cisco Security Advisories and apply necessary updates.  For more information click on the links below;

Adobe Security Update

Adobe has released security update to address vulnerabilities in Adobe Acrobat and Reader. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Adobe Security Bulletin and apply necessary updates.