HPE System Management Homepage before 7.5.4 allows local users to obtain sensitive information or modify data via unspecified vectors.
Monthly Archives: March 2016
Trojan Downloaders on the rise: Don’t let Locky or TeslaCrypt ruin your day
Weeks after it started attacking and encrypting victims’ information, Locky is still targeting many users. Here’s what you need to know about this threat.
The post Trojan Downloaders on the rise: Don’t let Locky or TeslaCrypt ruin your day appeared first on We Live Security.
DSA-3520 icedove – security update
Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple memory safety errors,
integer overflows, buffer overflows and other implementation errors may
lead to the execution of arbitrary code or denial of service.
CVE-2016-2345
Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in Solarwinds Dameware Remote Mini Controller 12.0 allows remote attackers to execute arbitrary code via a crafted string.
CVE-2016-3191
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
IC3 Warns That Vehicles Are Increasingly Vulnerable to Remote Exploits
Original release date: March 17, 2016
The Internet Crime Complaint Center (IC3) has issued an alert warning that modern motor vehicles are increasingly vulnerable to remote attacks. Vehicle owners should take precautions in order to minimize cybersecurity risks to their vehicles. Users are encouraged to review the IC3 Alert for details and recommended security measures.
This product is provided subject to this Notification and this Privacy & Use policy.
The top 3 things to look for in a mobile security app
CEO Vince Steckler gave the crowd at CeBIT an eye-opening statistic yesterday. He said,
Avast currently has over two million malicious samples in its mobile threat detection database, and we see 12,000 new samples every day.
That fact means that your Android device needs protection. Avast Mobile Security secures your smartphone or tablet against infected files, phishing, malware, spyware, and malicious viruses such as Trojans without bogging down performance or annoying you with false warnings.
Download Avast Mobile Security for free from the Google Play Store.
Symantec Releases Security Update
Original release date: March 17, 2016
Symantec has released an update to address vulnerabilities in Symantec Endpoint Protection version 12.1. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review the Security Advisory from Symantec and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
Mitre Takes On Critics, Set To Revamp CVE Vulnerability Reporting
Mitre Corporation will introduce a pilot program for classifying CVEs in response to critics who contend the agency is failing to keep pace with a massive influx of CVE number requests.
New Security Tool: Enteletaor – Broker & MQ Injection tool
Posted by cr0hn on Mar 17
Dear colleagues,
Please, allow us to introduce Enteletaor -> https://github.com/cr0hn/enteletaor
Enteletaor is a Message Queue & Broker Injection tool that implements attacks to: Redis, RabbitMQ and ZeroMQ.
Some of the actions you can do:
– Listing remote tasks.
– Read remote task content.
– Disconnect remote clients from Redis server (even the admin)
– Inject tasks into remote processes.
– Make a scan to discover open…