MobaXTerm versions prior to 8.5 fail to bind forwarded SSH ports to the loopback device.
Monthly Archives: January 2016
o2 DSL Auto Configuration Server Credential Disclosure
The o2 Auto Configuration Server (ACS) discloses VoIP/SIP credentials of arbitrary customers when receiving manipulated CWMP packets. These credentials can then be used by an attacker to register any VoIP number of the victim. This enables the attacker to place and receive calls on behalf of the attacked user.
Baby you can hack my car
The more techy a car gets, the bigger the possibility that it will get hacked. We know that it’s possible, we saw it last year with the hacked car that was driven into a ditch.
The post Baby you can hack my car appeared first on Avira Blog.
Symantec Endpoint Protection 12.1.4013 Denial Of Service
Symantec Endpoint Protection version 12.1.4013 suffers from a denial of service vulnerability.
Police Arrested Hackers Who Stole Millions from European ATMs
Romanian law enforcement authorities have arrested eight cyber criminals suspected of being part of an international criminal gang that pilfered cash from ATMs (automatic teller machines) using malware.
The operation said to be one of the first operations of this type in Europe, was conducted in Romania and Moldova by Romanian National Police and the Directorate for Investigating Organised
GNU Transport Layer Security Library 3.3.20
GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
Apple Security Advisory 2016-01-07-1
Apple Security Advisory 2016-01-07-1 – QuickTime 7.7.9 is now available and addresses multiple memory corruption issues.
Red Hat Security Advisory 2016-0015-01
Red Hat Security Advisory 2016-0015-01 – Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A man-in-the-middle vulnerability was found in the way “connection signing” was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text. A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights.
Red Hat Security Advisory 2016-0016-01
Red Hat Security Advisory 2016-0016-01 – Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A man-in-the-middle vulnerability was found in the way “connection signing” was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text. A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights.
Ubuntu Security Notice USN-2865-1
Ubuntu Security Notice 2865-1 – Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.