Posted by Mohammad Reza Faghani on Jan 30
A new trojan is propagating through Facebook which was able to infect more
than 110,000 users only in only two days.
*Propagation*:
The trojan tags the infected user’s friends in an enticing post. Upon
opening the post, the user will get a preview of a porn video which
eventually stops and asks for downloading a (fake) flash player to continue
the preview. The fake flash player is the downloader of the actual malware.
*Background*:
We have…
Posted by Onur Yilmaz on Jan 30
Information
————
Advisory by Netsparker
Name: XSS Vulnerability in Blubrry PowerPress
Affected Software : Blubrry PowerPress
Affected Versions: 6.0 and possibly below
Vendor Homepage : https://wordpress.org/plugins/powerpress/
Vulnerability Type : Cross-site Scripting
Severity : Important
CVE-ID: CVE-2015-1385
Netsparker Advisory Reference : NS-15-001
Description
———–
By exploiting a Cross-site scripting vulnerability the attacker…
Posted by Paul Craig on Jan 30
Vantage Point Security Advisory 2014-007
========================================
Title: Symantec Encryption Management Server – Remote Command Injection
ID: VP-2014-007
Vendor: Symantec
Affected Product: Symantec Encryption Gateway
Affected Versions: < 3.2.0 MP6
Product Website: http://www.symantec.com/en/sg/gateway-email-encryption/
Author: Paul Craig <paul[at]vantagepoint[dot]sg>
Summary:
———
Symantec Gateway Email Encryption…
Resolved Bugs
1185241 – Enable click-to-play for flash-plugin play due to 0-day vulnerability<br
New upstream – 35.0.1
Enabled click-to-play for flash by default due to live and exploited 0-day flash vulnerability.
Resolved Bugs
1186448 – CVE-2015-0239 kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code
1186453 – CVE-2015-0239 kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code [fedora-all]<br
The 3.18.4 stable update contains a number new features and drivers as well as several important fixes across the tree.
Resolved Bugs
1185241 – Enable click-to-play for flash-plugin play due to 0-day vulnerability<br
New upstream – 35.0.1
Enabled click-to-play for flash by default due to live and exploited 0-day flash vulnerability.
Resolved Bugs
1186448 – CVE-2015-0239 kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code
1186453 – CVE-2015-0239 kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code [fedora-all]<br
The 3.18.4 stable update contains a number of important fixes across the tree.
CentOS Errata and Security Advisory 2015:0100 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0100.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 27be0d9c4fdc9d6d7b83f141e70c7fea1ede9183686f9f4fcbaf4d7708492241 libyaml-0.1.4-11.el7_0.i686.rpm 01fe6b8eb0518670dc14b3095870a96cfcc75de6bf4769cd62c7d21109b13a65 libyaml-0.1.4-11.el7_0.x86_64.rpm 2802f4a924e386b02bab904c9cd2314692ae94821ac939054b420c79a9e21476 libyaml-devel-0.1.4-11.el7_0.i686.rpm cd06f287cb9fdd77e4b3a91d576ee9912959aecb818bd24d7797d04922827c50 libyaml-devel-0.1.4-11.el7_0.x86_64.rpm Source: f87eb345fdd5adac1236e7144286c6f6ba9f7e490dc84fc1e7c1930868aae5b9 libyaml-0.1.4-11.el7_0.src.rpm