Monthly Archives: February 2015
Hackers Hitting Adobe Zero Day With BEDEP Malware
Australian cybersecurity video plays dumb to raise awareness, but will it work?
A new cybersecurity video from the Australian Cyber Security Centre (ACSC) has taken an unusual approach to raising awareness, playing dumb in this mock public service announcement aimed at a “non-technical” audience.
The post Australian cybersecurity video plays dumb to raise awareness, but will it work? appeared first on We Live Security.
How to keep your webcam safe from hackers
Last year webcam security became a high priority after an anonymous website began posting live streams of the world’s unprotected webcams. Here are 5 top tips to keep yours safe from the hackers.
The post How to keep your webcam safe from hackers appeared first on We Live Security.
Security, Tech Communities Rally to Support GnuPG
The last year has seen a big swing in the support from the technology community for open-source security tools, many of which are maintained by tiny staffs or volunteers. OpenSSL last year received a large chunk of funding from the Core Infrastructure Initiative, and now it’s GnuPG’s turn. After a story on ProPublica Thursday publicized […]
CVE-2014-0603
The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to cause a denial of service (memory corruption) and execute arbitrary code via vectors related to the (1) GetGlobalSettings or (2) GetSiteProperties3 methods, which triggers a dereference of an arbitrary memory address. NOTE: this issue was MERGED with CVE-2014-0606 because it is the same type of vulnerability, affecting the same set of versions, and discovered by the same researcher.
CVE-2014-0604
Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the StartLog method.
CVE-2014-0605
Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the SaveSettings method.
CVE-2014-5332 (linux_kernel)
Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 alllows local users to gain privileges via a crafted NVMAP_IOC_CREATE IOCTL call, which triggers a use-after-free error, as demonstrated by using a race condition to escape the Chrome sandbox.
CVE-2014-9353 (oncommand_balance)
NetApp OnCommand Balance before 4.2P2 contains a “default privileged account,” which allows remote attackers to gain privileges via unspecified vectors.