- Online Auction Safety Tips for Buyers and Sellers
- Lenovo patches critical flaws that affect Broadcom’s chipsets in dozens of Lenovo ThinkPad
- VMware releases temporary mitigations for Meltdown and Spectre flaws
Posted: 10 Feb 2018 07:52 AM PST
Buying or selling goods through online auctions is more popular than ever. Which are the best practices to follow for buyers and sellers for an online auction?
Buying or selling goods through online auctions is more popular than ever. Today, there are a number of different auctions sites available where sellers can post new and used items for sale.
Buyers often flock to these marketplaces, largely because auction prices tend to be quite low. Additionally, buying through online auctions is a great way to find unique items or collectibles that you simply can’t buy through traditional retail stores.
The vast majority of transactions that take place through these sites go off without a hitch. Occasionally, however, problems do occur.
There are instances where unscrupulous buyers or sellers try to take advantage of other people on the auction site.
By following a few simple online auction safety tips, you can ensure that you don’t fall victim to a scam.
A good place to start is by familiarizing yourself with some of the common risks including the following:
Now that you have a better idea of all of the things that can go wrong when buying through an online auction, you can take steps to prepare yourself. A good place to start is by familiarizing yourself with how each auction site is set up. Before posting an item for sale or placing a bid, spend some time performing the following tasks:
That way, even if hackers figure out your password on one site, they won’t be able to access your profiles on other sites.
Online auction – Before making a purchase or listing an item for sale, be sure to do careful research.
Ali Qamar is a privacy and cyber security enthusiast, his work has been featured in many major tech and security blogs including InfosecInstitute, Hackread, ValueWalk, Intego, and SecurityAffairs to name a few. He runs SpyAdvice.com currently.
(Security Affairs – Online auction, identity theft)
Posted: 10 Feb 2018 02:14 AM PST
According to a security advisory issued by Lenovo, two critical vulnerabilities in Broadcom chipsets affects at least 25 models of Lenovo ThinkPad.
The affected models are ThinkPad 10, ThinkPad L460, ThinkPad P50s, ThinkPad T460, ThinkPad T460p, ThinkPad T460s, ThinkPad T560, ThinkPad X260 and ThinkPad Yoga 260.
One of the flaws was discovered in June by Google that publicly disclosed it in September. Google also published a proof-of-concept exploit for a Wi-Fi firmware vulnerability affecting Broadcom chipsets in iOS 10 and earlier.
The flaw tracked as CVE-2017-11120, is a memory corruption vulnerability that could be exploited by attackers to execute code and establish a backdoor on a targeted device. T
The flaw initially reported affecting specific Broadcom chipsets used in Apple iPhones, Apple TV, and Android devices was patched in the same month.
The vulnerability, tracked as CVE-2017-11120, is a memory corruption vulnerability, Apple addressed it in the security update for the release of iOS 11.
Now Lenovo warns of the presence of the flaw in two dozen ThinkPad models that use Broadcom's BCM4356 Wireless LAN Driver for Windows 10.
The Broadcom Wi-Fi chipsets used by Lenovo ThinkPad devices are affected by the CVE-2017-11120 flaw and also by the CVE-2017-11121 vulnerability, both issue are rated as "critical" and received a CVSS 10 score.
“Broadcom has issued an advisory for certain Broadcom WiFi controllers used by many computer and device makers, which contain buffer overflow vulnerabilities on the adapter (not the system CPU).“reads the security advisory.” Broadcom initially did not plan to remediate these issues, but when the WPA2 KRACK issue also emerged, Broadcom combined both fixes in to a single set of driver updates. Lenovo received the first of these near the end of 2017, and continues releasing fixes as integration and testing is completed.”
The flaws can be exploited by remote attackers to execute arbitrary code on the adapter (not the system's CPU) of the target system.
The CVE-2017-11121 vulnerability was also discovered by Google experts, it is a buffer overflow vulnerability caused by improper validation of Wi-Fi signals.
"Properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects," reads the description for the flaw.
Lenovo users urge to update the Wi-Fi driver for their ThinkPad models.
(Security Affairs – Lenovo Thinkpad, Broadcom Wi-Fi chipsets)
The post Lenovo patches critical flaws that affect Broadcom's chipsets in dozens of Lenovo ThinkPad appeared first on Security Affairs.
Posted: 10 Feb 2018 01:06 AM PST
VMware has provided detailed instruction on how to mitigate the Meltdown and Spectre vulnerabilities in several of its products.
VMware is releasing patches and workarounds for its Virtual Appliance products affected by the Meltdown and Spectre vulnerabilities.
The Meltdown and Spectre attacks could be exploited by attackers to bypass memory isolation mechanisms and access target sensitive data.
The mitigations measures could be applied to vCloud Usage Meter, Identity Manager (vIDM), vCenter Server, vSphere Data Protection, vSphere Integrated Containers and vRealize Automation (vRA).
“VMware Virtual Appliance updates address side-channel analysis due to speculative execution” states the advisory published by the company.
The company acknowledged problems for its virtual appliances and opted to release workarounds to protect its customers. The proposed solutions are only temporary waiting for a permanent fix that will be released as soon as they are available.
The complete list of workarounds is available here, in some cases, admins can mitigate the issue by launching a few commands as a privileged user, in other cases the procedure to deploy mitigations is more complex.
(Security Affairs – Spectre patches, VMware )
The post VMware releases temporary mitigations for Meltdown and Spectre flaws appeared first on Security Affairs.
|You are subscribed to email updates from Security Affairs. |
To stop receiving these emails, you may unsubscribe now.
|Email delivery powered by Google|
|Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States|