Posted by Jing Wang on Dec 09
*ESPN espn.go.com <http://espn.go.com/> Login & Register Page XSS and Dest
Redirect Privilege Escalation Security Vulnerabilities*
*Domain:*
http://espn.go.com/
*”*As of August 2013, ESPN is available to approximately 97,736,000 pay
television households (85.58% of households with at least one television
set) in the United States.[2]
<http://en.wikipedia.org/wiki/ESPN#cite_note-2> In addition to the flagship
channel and its…
Original release date: December 09, 2014
A new variant of the POODLE attack may affect some TLS implementations on account of an issue similar to one present in SSL 3.0. Successful exploitation may enable actors to derive plaintext from encrypted communications.
US-CERT encourages users and administrators to review TA14-290A for additional information on the POODLE attack and apply any necessary updates to address the vulnerability.
This product is provided subject to this Notification and this Privacy & Use policy.
Researchers have discovered a new version of the Destover malware that was used in the recent Sony Pictures Entertainment breaches, and in an ironic twist, the sample is signed by a legitimate certificate stolen from Sony. The new sample is essentially identical to an earlier version of Destover that was not signed. Destover has been used […]
Original release date: December 09, 2014
Adobe has released security updates to address multiple vulnerabilities in Flash, Reader, Acrobat, and ColdFusion. Exploitation of these vulnerabilities may allow a remote attacker to take over an affected system.
US-CERT recommends users and administrators review Adobe Security Bulletins APSB14-27, APSB14-28, and APSB14-29 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: December 09, 2014
Microsoft has released updates to address vulnerabilities in Exchange, Windows, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for December 2014. Some of these vulnerabilities could allow elevation of privilege, remote code execution, or disclosure of information.
US-CERT encourages users and administrators to review Microsoft Security Bulletin MS14-DEC and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Posted by VMware Security Response Center on Dec 09
————————————————————————
VMware Security Advisory
Advisory ID: VMSA-2014-0013
Synopsis: VMware vCloud Automation Center product updates address a
critical remote privilege escalation vulnerability
Issue date: 2014-12-09
Updated on: 2014-12-09 (Initial Advisory)
CVE number: CVE-2014-8373
————————————————————————
1. Summary…
Social networks are fun, but can also spread misinformation and worse. We discuss myths about your contract with Facebook, and whether British politicians are interested only in their own salaries.
The post Trust, Truth and Hoaxes in Social Media appeared first on We Live Security.
Researchers at Kaspersky Lab have found two Linux modules connected to the Turla APT campaigns.
The POODLE attack against SSLv3 that researchers from Google revealed earlier this year also affects some implementations of TLS and vendors now are scrambling to release patches for gear affected by the vulnerability. Soon after the POODLE attack was disclosed in October, researchers began looking into whether it might affect protocols other than SSLv3. It quickly […]
