ATENTIONβΌ New - CVE-2015-9277
π Read
via "National Vulnerability Database".
MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9276
π Read
via "National Vulnerability Database".
SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-10403 (chrome)
π Read
via "National Vulnerability Database".
Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.π Read
via "National Vulnerability Database".
π΄ BEC Groups Ramp Up Payroll Diversion Attacks π΄
π Read
via "Dark Reading: ".
Criminals are increasingly trying to defraud businesses by diverting payrolls of CEOs, other senior executives, Agari says.π Read
via "Dark Reading: ".
Darkreading
BEC Groups Ramp Up Payroll Diversion Attacks
Criminals are increasingly trying to defraud businesses by diverting payrolls of CEOs, other senior executives, Agari says.
π΄ How the US Chooses Which Zero-Day Vulnerabilities to Stockpile π΄
π Read
via "Dark Reading: ".
When it comes to acceptable circumstances for government disclosure of zero-days, the new Vulnerabilities Equity Process might be the accountability practice security advocates have been waiting for.π Read
via "Dark Reading: ".
Darkreading
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
When it comes to acceptable circumstances for government disclosure of zero-days, the new Vulnerabilities Equity Process might be the accountability practice security advocates have been waiting for.
β Millions of Oklahoma Gov Files Exposed by Wide-Open Server β
π Read
via "Threatpost | The first stop for security news".
The storage server was left open for about a week and exposed everything from sensitive FBI investigations to data related to patients with AIDS.π Read
via "Threatpost | The first stop for security news".
Threat Post
Millions of Oklahoma Gov Files Exposed by Wide-Open Server
The storage server was left open for about a week and exposed everything from sensitive FBI investigations to data related to people with AIDS.
π΄ Fortnite Players at Risk Via Epic Games Vulnerability π΄
π Read
via "Dark Reading: ".
Bugs in Epic Games' platform could let intruders take over players' accounts, view personal data, and/or buy in-game currency.π Read
via "Dark Reading: ".
Darkreading
Fortnite Players Compromised Via Epic Games Vulnerability
Bugs in Epic Games' platform could let intruders take over players' accounts, view personal data, and/or buy in-game currency.
ATENTIONβΌ New - CVE-2017-3137
π Read
via "National Vulnerability Database".
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-3136
π Read
via "National Vulnerability Database".
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-3135
π Read
via "National Vulnerability Database".
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-1002152 (bodhi)
π Read
via "National Vulnerability Database".
Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-9778
π Read
via "National Vulnerability Database".
An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes. Please note: This vulnerability affects the "nxdomain-redirect" feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND. Redirection using zones of type "redirect" is not affected by this vulnerability. Affects BIND 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0-P1.π Read
via "National Vulnerability Database".
π΄ Oklahoma Data Leak Compromises Years of FBI Data π΄
π Read
via "Dark Reading: ".
The Oklahoma Securities Commission accidentally leaked 3 TB of information, including data on years of FBI investigations.π Read
via "Dark Reading: ".
Dark Reading
Oklahoma Data Leak Compromises Years of FBI Data
The Oklahoma Securities Commission accidentally leaked 3 TB of information, including data on years of FBI investigations.
β Threatpost Survey Says: 2FA is Just Fine, But Go Ahead and Kill SMS β
π Read
via "Threatpost | The first stop for security news".
Our reader poll showed overwhelming support for 2FA even in the wake of a bypass tool being released -- although lingering concerns remain.π Read
via "Threatpost | The first stop for security news".
Threat Post
Threatpost Survey Says: 2FA is Just Fine, But Go Ahead and Kill SMS
Our reader poll showed overwhelming support for 2FA even in the wake of a bypass tool being released β although lingering concerns remain.
π΄ Malware Built to Hack Building Automation Systems π΄
π Read
via "Dark Reading: ".
Researchers dig into vulnerabilities in popular building automation systems, devices.π Read
via "Dark Reading: ".
Dark Reading
Malware Built to Hack Building Automation Systems
Researchers dig into vulnerabilities in popular building automation systems, devices.
ATENTIONβΌ New - CVE-2015-9281
π Read
via "National Vulnerability Database".
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page.π Read
via "National Vulnerability Database".
β Two charged with hacking company filings out of SECβs EDGAR system β
π Read
via "Naked Security".
They're charged with phishing and inflicting malware to get into the EDGAR filing system, stealing thousands of filings, and selling access.π Read
via "Naked Security".
Naked Security
Two charged with hacking company filings out of SECβs EDGAR system
Theyβre charged with phishing and inflicting malware to get into the EDGAR filing system, stealing thousands of filings, and selling access.
β Change your password! VoIP provider leaves huge database exposed online β
π Read
via "Naked Security".
A researcher has discovered an exposed database containing gigabytes of call logs, SMS data, and internal system credentials belonging to US Voice-over-IP (VoIP) service provider VOIPo.com.π Read
via "Naked Security".
Naked Security
Change your password! VoIP provider leaves huge database exposed online
A researcher has discovered an exposed database containing gigabytes of call logs, SMS data, and internal system credentials belonging to US Voice-over-IP (VoIP) service provider VOIPo.com.
β Microsoft font gives away forgery in bankruptcy case β
π Read
via "Naked Security".
In a case that could be straight out of a legal TV drama, a computing font has cost a couple two houses in a Canadian bankruptcy case.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Cryptomining Malware Uninstalls Cloud Security Products β
π Read
via "Threatpost | The first stop for security news".
New samples of cryptomining malware performs a never-before-seen function: uninstalling cloud security products.π Read
via "Threatpost | The first stop for security news".
Threat Post
Cryptomining Malware Uninstalls Cloud Security Products
New samples of cryptomining malware performs a never-before-seen function: uninstalling cloud security products.
β Email crooks swindle woman out of $150K from home sale β
π Read
via "Naked Security".
She sent her bank account details three times, she said. Unfortunately, they wound up in crooks' hands, and her money wound up in their pockets.π Read
via "Naked Security".
Naked Security
Email crooks swindle woman out of $150K from home sale
She sent her bank account details three times, she said. Unfortunately, they wound up in crooksβ hands, and her money wound up in their pockets.