Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors.
Monthly Archives: April 2016
IRS Issues Warning for Tax Phishing Scam
Original release date: April 06, 2016
The Internal Revenue Service (IRS) has issued a press release to address a phishing scam targeting taxpayers. Email scammers have been observed citing tax fraud to trick victims into clicking on a malicious link. Taxpayers should be suspicious of unsolicited emails.
Users and administrators are encouraged to review the IRS news release for details and refer to US-CERT Security Tip ST15-001 for information on tax-themed phishing attacks.
This product is provided subject to this Notification and this Privacy & Use policy.
FTC Releases Alert on Tech-Support Scams
Original release date: April 06, 2016
The Federal Trade Commission (FTC) has released an alert on tech-support themed telephone scams. In these schemes, fraudulent callers claim to be from legitimate technical support organizations and offer to fix computer problems that don’t exist. Users should not give control of their computers to anyone who calls offering to “fix” a problem.
US-CERT encourages users and administrators to refer to the FTC Scam Alert and the US-CERT Security Tip on Avoiding Social Engineering and Phishing Attacks for more information.
This product is provided subject to this Notification and this Privacy & Use policy.
WatchGuard is Making the Internet Safer for Children Around the World
Friendly WiFi Initiative Recognizes Public Places That Provide Secure and Filtered Wi-Fi
Cisco Releases Security Updates
Original release date: April 06, 2016
Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:
- cisco-sa-20160406-privauth: Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability
- cisco-sa-20160406-cts1: Cisco TelePresence Server Crafted URL Handling Denial-of-Service Vulnerability
- cisco-sa-20160406-ucs: Cisco UCS Invicta Default SSH Key Vulnerability
- cisco-sa-20160406-cts: Cisco TelePresence Server Crafted Ipv6 Packet Handling Denial-of-Service Vulnerability
- cisco-sa-20160406-remcode: Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability
- cisco-sa-20160406-cts2: Cisco TelePresence Server Malformed STUN Packet Processing Denial-of-Service Vulnerability
This product is provided subject to this Notification and this Privacy & Use policy.
WhatsApp Encryption A Good Start, But Far From a Security Cure-all
Security experts cheer WhatsApp for making end-to-end encryption available to one billion consumers, but say more work needs to be done to protect digital communications.
CVE-2016-3968
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote attackers to inject arbitrary web script or HTML via the (1) ipFamily parameter to corporate/webpages/trafficdiscovery/LiveConnections.jsp; the (2) ipFamily, (3) applicationname, or (4) username parameter to corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp; or the (5) X-Forwarded-For HTTP header.
CVE-2016-3969
Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject arbitrary web script or HTML via an attachment in a blocked email.
RHSA-2016:0598-1: Moderate: jboss-ec2-eap security, bug fix, and enhancement update
Red Hat Enterprise Linux: A jboss-ec2-eap update is now available for Red Hat JBoss Enterprise Application
Platform 6.4.7 on Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2014-0230, CVE-2016-2094
RHSA-2016:0596-1: Moderate: Red Hat JBoss Enterprise Application Platform 6.4.7 update
Red Hat Enterprise Linux: A Red Hat JBoss Enterprise Application Platform update is now available for Red
Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2014-0230, CVE-2016-2094