HP Security Bulletin HPSBGN03415 1 – Potential security vulnerabilities have been identified in HP Operations Agent Virtual Appliance. The RC4 stream cipher vulnerability in SSL/TLS known as “Bar Mitzvah” could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
Monthly Archives: August 2015
Ubuntu Security Notice USN-2722-1
Ubuntu Security Notice 2722-1 – Gustavo Grieco discovered that GDK-PixBuf incorrectly handled scaling bitmap images. If a user or automated system were tricked into opening a BMP image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.
Debian Security Advisory 3343-1
Debian Linux Security Advisory 3343-1 – James Kettle, Alain Tiemblo, Christophe Coevoet and Fabien Potencier discovered that twig, a templating engine for PHP, did not correctly process its input. End users allowed to submit twig templates could use specially crafted code to trigger remote code execution, even in sandboxed templates.
HP Security Bulletin HPSBGN03414 1
HP Security Bulletin HPSBGN03414 1 – Potential security vulnerabilities have been identified in HP Operations Agent. The RC4 stream cipher vulnerability in SSL/TLS known as “Bar Mitzvah” could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
Support Scams, Malware and Mindgames without Frontiers
Introduction It might not have escaped your notice that I write quite a lot about support scams, an issue in which most commentators in the security industry take only sporadic interest and tend to regard as of only niche interest. (As when a scammer is damaging their brand or product in some way, for instance
The post Support Scams, Malware and Mindgames without Frontiers appeared first on We Live Security.
CVE-2015-6261 (telepresence_video_communication_server_software)
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531.
CERT Warns of Hard-Coded Credentials in DSL SOHO Routers
DSL routers from a number of manufacturers contain hard-coded credentials that could allow a hacker to access the devices via telnet services and remotely control them.
Kaspersky Lab Survey Finds Online Account Hacking the Most Feared Cyber Threat among Consumers
'Spam King' Pleads Guilty For 27m Facebook Messages
Dolphin and Mercury Android browsers have major vulnerabilities
Dolphin and Mercury Android browsers have major vulnerabilities, allowing for remote code execution and arbitrary reading and writing of files.
The post Dolphin and Mercury Android browsers have major vulnerabilities appeared first on We Live Security.
