Monthly Archives: August 2015
Revamped RIG Exploit Infects 1 Million PCs
Emissary Panda Group Wants To Eat All The Industrial Data
Comment form CSRF in WordPress 4.2.2 allows admin impersonation via comments
Posted by dxw Security on Aug 05
Details
================
Software: WordPress
Version: 3.8.1,3.8.2,4.2.2
Homepage: http://wordpress.org/
Advisory report:
https://security.dxw.com/advisories/comment-form-csrf-allows-admin-impersonation-via-comments-in-wordpress-4-2-2/
CVE: Awaiting assignment
CVSS: 4.3 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N)
Description
================
Comment form CSRF in WordPress 4.2.2 allows admin impersonation via comments
Vulnerability
================…
Re: Mozilla extensions: a security nightmare
Posted by Mario Vilas on Aug 05
%APPDATA% is within the user’s home directory – by default it should not be
writeable by other users. If this is the case then the problem is one of
bad file permissions, not the location.
Incidentally, many other browsers and tons of software also store
executable code in %APPDATA%.
I think “security nightmare” may be a bit of an overstatement here. I’ll
refrain from panicking about this “issue” for the time…
APT Group Gets Selective About Data it Steals
Dell SecureWorks researchers today at Black Hat released a new report on Emissary Panda, or TG-3390, a China-sponsored APT gang that has refined the types of data it covets.
Government Asks for Security Community’s Help on Technical Issues
LAS VEGAS–Washington is looking for a few good hackers. Politicians and policymakers in the United States generally are not thought of as being the most technically savvy lot. It’s a reputation that’s well-earned in some cases, with some politicians boasting about their inability to use email and affinity for flip phones. But the lack of understanding […]
CVE-2015-4167
The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem.
Granick: Dream of Internet Freedom ‘Dying’
Black Hat keynoter Jennifer Granick imagined a day when a regulated Internet looks like a lot like television.
‘Software Liability Is Inevitable’
LAS VEGAS–The push for some form of liability for vendors who sell faulty or insecure software is nearly as old as software itself. Software makers have pushed back hard against it for decades, but the day may soon come when software liability is a reality. Bugs, defects, and security vulnerabilities are problems inherent with any […]