blog trackingRealtime Web Statistics Fixes Archives - Gregory D. Evans | Worlds No. 1 Security Consultant | Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘fixes’

Talk2Watch Pro updated with new features and fixes to music controls

For those who use a Pebble or Pebble Time with their BlackBerry 10 smartphone will probably be using Talk2Watch Pro to get functionality out of the watch. With a dedicated and active developer, it really is the recommended app. The developer has been busy working on some updates and fixes and a new update has just been pushed. It brings fixes to the music controls where the play/pause button wasn’t quite working as well as some nice new additions.

Read More »

View full post on MobileNations

OnePlus 2 gets updated to OxygenOS 2.0.1 (Stagefright patch and other fixes included)

Starting today, OnePlus is rolling out an over the air update (the first) to its newest smartphone, the OnePlus 2. More exactly, the update is for the international variant of the OnePlus 2 (which runs OxygenOS, not HydrogenOS, like the Chinese model), and brings OxygenOS to version 2.0.1.

Like plenty of other software updates lately, the one offered by OnePlus addresses the Stagefright security exploit. However, that’s not all that OnePlus 2 users are getting with this update. Also included are improved battery performance, improved “user interface logic and coherence”, and various …

View full post on PhoneArena

Verizon pushes out Android 5.1.1 and Stagefright fixes to Galaxy S6, Galaxy S6 edge and Tab 4 10.1

Verizon is sending out Android 5.1.1 and fixes for the Stagefright Exploit to its version of the Samsung Galaxy S6, Samsung Galaxy S6 edge and the Samsung Galaxy Tab 4 10.1. For the Samsung Galaxy S6 and the Samsung Galaxy S6 edge, the update allows you to use Caller Name ID if you have Advanced Calling enabled. With this feature, you can identify who is calling you, giving you the ability to screen calls. The update also gives you the ability to turn off the parallax “Wallpaper motion effect” if it is making you dizzy. It also gives you more wallpaper options to choose from for your lock screen …

View full post on PhoneArena

Windows 10 Mobile Preview build 10512 has over 2,000 fixes

Microsoft has made Windows 10 Mobile Preview build 10512 available to Windows Insiders on the Fast update. That build has over 2,000 bug fixes compared to the last preview version, 10166, which was released over a month ago.

View full post on MobileNations

Tesla’s Response to Hacked Car Offers a Road Map for Fast Fixes

Source: National Cyber Security – Produced By Gregory Evans

Cybersecurity researchers on Friday are publicizing software flaws in the Tesla Model S that could allow remote hackers to shut down a moving car’s engine. But owners of the high-tech luxury sedan have little need to worry. The electric-car maker quickly deployed a fix over the Internet. As cars loaded with on-board computers increasingly add wireless connections they are becoming more vulnerable to hackers, as seen recently with a Jeep Cherokee. Tesla’s response offers a model for how other automakers can address the increasing threat of computer attacks. Tesla owners get prompted on their cars’ infotainment screens to download software updates, the same way smartphone users do. The consultants who found the Model S flaws — Kevin Mahaffey, co-founder and chief technology officer of Lookout Inc., and Marc Rogers, principal security researcher for CloudFlare Inc. — revealed the vulnerabilities earlier this week ahead of a presentationFriday at the DefCon hacker conference in Las Vegas. The pair discovered six key weaknesses in the vehicle, alerted Tesla Motors Inc. and coordinated their disclosure with a fix from the automaker to reduce the risk to owners of the car, which starts at $70,000. Two-Edged Sword Such responsible disclosure, as the process is known […]

For more information go to, http://www., or

The post Tesla’s Response to Hacked Car Offers a Road Map for Fast Fixes appeared first on National Cyber Security.

View full post on National Cyber Security

BMW fixes security flaw that left locks open to hackers


Source: National Cyber Security – Produced By Gregory Evans

The flaw affected models fitted with BMW’s ConnectedDrive software, which uses an on-board Sim card. The software operated door locks, air conditioning and traffic updates but no driving firmware such as brakes or steering, BMW said. No cars have actually been hacked, but the flaw was identified by German motorist association ADAC. ADAC’s researchers found the cars would try to communicate via a spoofed phone network, leaving potential hackers able to control anything activated by the Sim. The patch, which would be applied automatically, included making data from the car encrypted via HTTPS (HyperText Transfer Protocol Secure) — the same security commonly used for online banking, BMW said. “On the one hand, data are encrypted with the HTTPS protocol, and on the other hand, the identity of the BMW Group server is checked by the vehicle before data are transmitted over the mobile phone network,” it said in a statement. This should have already been in place, said security expert Graham Cluley. “You would probably have hoped that BMW’s engineers would have thought about [using HTTPS] in the first place,” he wrote on his blog. “If you are worried that your vehicle may not have received the update (perhaps because […]

For more information go to, http://www., or

The post BMW fixes security flaw that left locks open to hackers appeared first on National Cyber Security.

View full post on National Cyber Security

Its time for change , MOZILLA redisgn firefox design after fixes security Vulnerabilities


Mozilla yesterday discharged the considerably upgraded variant 29 of its Firefox program. The most recent cycle incorporates fixes for various basic and very evaluated security vulnerabilities. Around the five discriminating vulnerabilities are client without after bugs in nshostresolve, imgloader while resizing pictures, and the Text Track Manager for HTML features. The remaining two discriminatingly appraised patches resolve a benefit heightening weakness in the Web warning provision programming interface and an assortment of memory security dangers. Settles that get discriminating appraisals apply to vulnerabilities that could be misused to run assaulter code and introduce programming without any client cooperation past typical …continue reading

For more information go to, http://www., or

The post Its time for change , MOZILLA redisgn firefox design after fixes security Vulnerabilities appeared first on National Cyber Security.

View full post on National Cyber Security

Microsoft Fixes Critical Vulnerability in Windows Common Controls

April’s Patch Tuesday update delivers six bulletins — including a critical fix for a core flaw that affects a long list of Microsoft applications.

View full post on eSecurityPlanet RSS Feed

View full post on National Cyber Security

Flash Player 11.2 fixes critical vulnerabilities and adds silent updates

Adobe have released Flash Player 11.2, addressing two critical arbitrary code execution vulnerabilities and introducing a silent update option.

One of the patched vulnerabilities stems from how older versions of Flash Player checks URL security domains, and only affects the Flash Player ActiveX plug-in for Internet Explorer on Windows 7 or Vista.

Both vulnerabilities can trigger memory corruptions and can be exploited to execute arbitrary code remotely. However, Adobe is not aware of any exploits for these flaws being used in online attacks at this time, said Wiebke Lips, Adobe’s senior manager of corporate communications.

Users of Adobe Flash Player and earlier versions for Windows, Macintosh, Linux and Solaris are advised to update to the new Adobe Flash Player 11.2 for their respective platforms. Users of Adobe Flash Player for Android are advised to update to Flash Player

Flash Player 11.2 also introduces a new updating mechanism that can be configured to check for and deploy updates in the background automatically, without requiring user interaction. The feature has been in Adobe’s plans for a long time and is expected to decrease the number of outdated Flash Player installations that attackers can target.

“The new background updater will provide a better experience for our customers, and it will allow us to more rapidly respond to zero-day attacks,” said Peleus Uhley, platform security strategist at Adobe. “This model for updating users is similar to the Google Chrome update experience, and Google has had great success with this approach. We are hoping to have similar success.”

The move was welcomed by Thomas Kristensen, chief security officer at Secunia, which develops the popular Personal Software Inspector (PSI) patch management program.

“A silent and automatic updating mechanism for Flash would help the majority of users. A more consistent and rapid updating of the user base is likely to impact the attackers’ preferences for Flash,” he said.

Of course, this will only happen after the vast majority of users upgrade to Flash Player 11.2 or a later version using the old method that requires explicit approval.

When Adobe Flash Player 11.2 is installed, users are asked to choose an update method. The available choices are: install updates automatically when available (recommended), notify me when updates are available, and never check for updates (not recommended).

The silent updater will try to contact Adobe’s update server every hour until it succeeds. If it receives a valid response from the server that no update is available, it will wait 24 hours before checking again.

For now, the automatic update option is only available for Flash Player on Windows, but Adobe is working on implementing it for Mac versions as well, Uhley said.

However, even if the automatic update option is enabled, Adobe will decide on a case-by-case basis which updates will be deployed silently and which won’t. Those that change the Flash Player default settings will require user interaction.

The new updater will update all Flash Player browser plug-ins installed on the system at the same time. “This will solve the problem of end-users having to update Flash Player for Internet Explorer separately from Flash Player for their other open source browsers,” Uhley said.

In addition to keeping the Flash Player install base up to date more easily and reducing the time required to effectively respond to zero-day attacks — attacks that exploit previously unknown vulnerabilities — the new silent updater could also reduce the number of scams that distribute malware as Flash Player updates.

“The pretext of a Flash Player update has been intensively used by cyber-crooks to lure users into downloading malicious content,” said Bogdan Botezatu, a senior e-threat analyst at antivirus vendor BitDefender. “By eliminating the update wizard, users will likely get more difficult to con on the pretext of a legitimate update required by an application they trust.”

Unfortunately, this silent update model can’t be applied to all applications, Botezatu said. He gave the example of Internet Explorer 6, which Microsoft is trying to phase out, but that companies still widely use because their business applications are dependent on it and don’t work on newer versions.

Adobe is doing its part to convince users to move away from Internet Explorer 6 by dropping support for the browser from upcoming Flash Player versions. “We will no longer include testing on Internet Explorer 6 in our certification process and strongly encourage users to upgrade to the newest version of Internet Explorer,” Uhley said.

Article source:

View full post on National Cyber Security » Computer Hacking

Google Chrome update fixes 12 vulnerabilities and patches Flash Player

Google released a new version of its Chrome browser in order to update the bundled Flash Player plug-in and address serious security vulnerabilities.

Google Chrome 17.0.963.56 fixes 12 security flaws, seven of which are considered high severity, four of medium severity and one of low severity.

Security researcher Jüri Aedla received a special $1,337 reward for discovering and reporting an integer overflow vulnerability in libpng, the library used by Chrome to process PNG images.

Other high-severity flaws were identified in the browser’s PDF codecs, its subframe loading, h.264 parsing and path rendering components, as well as its MKV, database, column and counter node handling code.

In theory these vulnerabilities should be considered critical because they could facilitate the remote execution of arbitrary code on the targeted systems.

However, because Google Chrome has a sandboxed architecture, exploiting these vulnerabilities alone would not provide attackers with the necessary level of access to run malicious code.

Six vulnerabilities patched in this release were discovered with the help of an open-source tool called AddressSanitizer, Google Chrome engineer Jason Kersey said in a blog post on February 15.

Chrome 17.0.963.56 also includes a new Flash Player version that Adobe released earlier this week, Kersey said. The Flash Player update addresses seven critical security flaws.

Google paid a total of $6,837 to security researchers who reported vulnerabilities patched in this release. The company recently expanded its Chromium Security Rewards Program to also cover vulnerabilities found in Chrome OS.

Article source:

View full post on National Cyber Security » Computer Hacking

Page 1 of 212»

My Twitter

  • Cyber Security News Today is out! @gregorydevans #hacker
    about 24 mins ago
  • RT @Aldana_Angel: Hackers ... Hacky Day .·. is out! Stories via @_plesna @GregoryDEvans @joepettit2
    about 6 hours ago
  • RT @Aldana_Angel: Hackers ... Hacky Day .·. is out! Stories via @_plesna @GregoryDEvans @joepettit2
    about 7 hours ago
  • RT @Aldana_Angel: Hackers ... Hacky Day .·. is out! Stories via @_plesna @GregoryDEvans @joepettit2
    about 9 hours ago
  • RT @Aldana_Angel: Hackers ... Hacky Day .·. is out! Stories via @_plesna @GregoryDEvans @joepettit2
    about 9 hours ago By Gregory D. Evans

Hacker For Hire By Gregory Evans

Gregory D. Evans On Facebook

Parent Securty By Gregory D. Evans

National Cyber Security By Gregory D. Evans

Dating Scams By Gregory Evans