Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.
Monthly Archives: November 2015
CVE-2015-7697
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.
German Job Center data-mined for targeted malware attacks
Job Centers are all about helping people to find new opportunities and to bring their life back underway. It also gives employers the opportunity to find great new employees! But this wasn’t the case for an Avira customer from Germany. It’s her story we want to tell you today.
The post German Job Center data-mined for targeted malware attacks appeared first on Avira Blog.
Kaspersky Lab Patents New Technology to Protect Corporate Data on Employee Mobile Devices
Nearly 157,000 TalkTalk customers had their personal details hacked
TalkTalk talks numbers – revealing that “only 4%” of its users were affected by the hacking attack on its systems.
The post Nearly 157,000 TalkTalk customers had their personal details hacked appeared first on We Live Security.
Why mobile security is more important than ever before
In this feature we explore why mobile security is of the utmost importance for individuals and organizations. If smartphones and tablets not adequately protected, they are extremely vulnerable to being exploited.
The post Why mobile security is more important than ever before appeared first on We Live Security.
ProtonMail hit with another DDoS attack
After experiencing an onslaught of DDoS attacks, which saw it hand over the ransom that was demanded, ProtonMail has once again been targeted by cybercriminals.
The post ProtonMail hit with another DDoS attack appeared first on We Live Security.
CVE-2015-4282 (mobility_services_engine)
Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504.
CVE-2015-5672 (fate/hollow_ataraxia, fate/stay_night, fate/stay_night_+_hollow_ataraxia_set, witch_on_the_holy_night)
TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data.
CVE-2015-6292 (web_security_appliance)
The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (memory consumption) via multiple proxy connections, aka Bug ID CSCus10922.