The Federal Trade Commission (FTC) has released an advisory describing the top 10 reported imposter scams for 2014. Scam operators often impersonate individuals, companies, and organizations to entice targets to participate in fraudulent financial transactions.
Users are encouraged to review the FTC advisory for details and refer to the US-CERT Tip ST04-014 for information on social engineering and phishing attacks.
Some D-Link routers contain a vulnerability that leaves them open to remote attacks that can give an attacker root access, allow DNS hijacking and other attacks. The vulnerability affects affects a number of D-Link’s home routers and the key details of the flaw have been made public by one of the researchers who discovered it. […]
Attackers behind one of the more popular exploit kits, Angler, have added a tweaked version of an exploit from last fall, a use after free vulnerability in Microsoft’s Internet Explorer browser.
Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability manifests in the way the language files are included in the code on the login page, and hence is open to attack from users without the need for authentication. The cookie can be easily decrypted using a known static encryption key and re-encrypted once the PHP object string has been modified. This Metasploit module has been tested on the STBN300 device.
HP Security Bulletin HPSBST03274 1 – Potential security vulnerabilities have been identified with HP XP P9000 Command View Advanced Edition Software Online Help for Windows and Linux. The vulnerabilities could be exploited resulting in remote Cross-site scripting (XSS). Revision 1 of this advisory.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:050
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : patch
Date : March 2, 2015
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated patch package fixes security vulnerabilities:
It was reported that a crafted diff file can make patch eat memory
and later segfault (CVE-2014-9637).
It was reported that the versions of the patch utility that support
Git-style patches are vulnerable to a directory traversal flaw. This
could allow an attacker to overwrite arbitrary files by applying a
specially crafted patch, with the privileges of the user running patch
(CVE-2015-1395).
GNU patch before 2.7.4 allows remote attackers to write to arbitrary
files