February 5, SecurityWeek – (International) Avast patches vulnerability in SafeZone Tool. A researcher from Google discovered a vulnerability in Avast’s SafeZone tool, also known as Avastium, that allowed attackers to gain additional privileges and conduct various actions on the system by convincing a victim to visit a malicious Uniform Resource Locator (URL). The vulnerability was exploited due to Avast’s low security check which allowed any URL to pass through without any restrictions. Source
February 4, SecurityWeek – (International) Dell adds BIOS verification technology to business PCs. Dell released a new enterprise endpoint security solution, the post-boot BIOS verification technology integrated with its Data Protection Endpoint Security Suite Enterprise that will help detect against BIOS-specific attacks or compromised systems by using a secure cloud platform to test individual BIOS images against official images held by Dell. Source
February 4, SecurityWeek – (International) Exploits released for unpatched flaws in Netgear Management System. An information security researcher discovered flaws in Netgear’s ProSAFE NMS300 network management system that can allow a remote, unauthenticated attacker to upload an arbitrary file to the system by sending a specially crafted POST request to one of two Java servlets found in the default NMS300 installations, as well as conduct a directory traversal attack that can allow a hacker to download any file from the system, among other flaws. Source