Monthly Archives: April 2016

NVD

CVE-2016-2114

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the “server signing = mandatory” setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.

NVD

CVE-2016-2115

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.

Hackers News

​DARPA Wants To Build Ultra Secure Messaging App for US Military

Just last month, DARPA launched a project dubbed “Improv,” inviting hackers to transform simple household appliances into deadly weapons.

Now, the Defense Advanced Research Projects Agency is finding someone in the private sector to develop a hacker-proof “secure messaging and transaction platform” for the U.S. military.

Darpa wants researchers to create a secure messaging and transaction

Debian

DSA-3556 libgd2 – security update

Hans Jerry Illikainen discovered that libgd2, a library for programmatic
graphics creation and manipulation, suffers of a signedness
vulnerability which may result in a heap overflow when processing
specially crafted compressed gd2 data. A remote attacker can take
advantage of this flaw to cause an application using the libgd2 library
to crash, or potentially, to execute arbitrary code with the privileges
of the user running the application.

Hackers News

Bank with No Firewall. That's How Hackers Managed to Steal $80 Million

In Brief
Investigators from the Forensic Training Institute of the Bangladesh investigated the $80 Million bank heist and discovered that the hackers managed to gain access to the network because the Bank was using second-hand $10 network switches without a Firewall to run its network.

When it was reported last month that an unknown hacking group attempted to steal $1 Billion from