Monthly Archives: March 2015
Dridex Banking Trojan Spreading Via Macros in XML Files
A phishing campaign that spiked this week is pushing the Dridex banking Trojan via malicious macros embedded in XML file attachments.
CVE-2015-1637 (windows_2003_server, windows_7, windows_8, windows_8.1, windows_rt, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_vista)
Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the “FREAK” issue.
Confusion Reigns Over FBI’s Plans for National Security Letter Gag Orders
The way that National Security Letters are approved and used is one of the government’s more opaque processes. Now, you can add some more confusion into the mix, courtesy of some new comments from the FBI about when recipients are able to disclose the fact that they have received an NSL. More than a year […]
Bugtraq: [ MDVSA-2015:054 ] bind
[ MDVSA-2015:054 ] bind
Bugtraq: [ MDVSA-2015:055 ] freetype2
[ MDVSA-2015:055 ] freetype2
Bugtraq: Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting Vulnerability
Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting Vulnerability
Bugtraq: Last Call – Workhsops of CISTI'2015: 10th Iberian Conference on Information Systems and Technologies
Last Call – Workhsops of CISTI’2015: 10th Iberian Conference on Information Systems and Technologies
Enhanced Partner Program Offers Kaspersky Lab Resellers Increased Opportunities for Profit and Growth
Adobe Starts Vulnerability Disclosure Program on HackerOne
Adobe launched its first vulnerability disclosure program this week. It will use the HackerOne platform and will not pay out bounties, instead researchers can bulk up their HackerOne reputation scores. Only vulnerabilities in Adobe web applications or web-based services are in scope.