The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by “ax80.” (CVSS:5.0) (Last Update:2016-05-25)
Monthly Archives: May 2016
TSA Official Got $90k Bonus Despite TSA Failures
2.5k Twitter Accounts Hacked To Spread Links To Adult Content
Federal Agencies Still Lack Strong Cyber Hygiene Practices
Oracle ATS Arbitrary File Upload
This Metasploit module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite (OATS), version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell.
Ubuntu Security Notice USN-2984-1
Ubuntu Security Notice 2984-1 – It was discovered that the PHP Fileinfo component incorrectly handled certain magic files. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Hans Jerry Illikainen discovered that the PHP Zip extension incorrectly handled certain malformed Zip archives. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
HP Security Bulletin HPSBGN03605 1
HP Security Bulletin HPSBGN03605 1 – A potential vulnerability has been identified in HPE Service Manager. The vulnerability could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
Crypto Innovator, Entrepreneur Jon Callas Rejoins Apple
Apple has hired cryptography pioneer Jon Callas for a third time. Callas, who previously at Apple helped design and implement encryption systems for Macs, was most recently at Silent Circle.
WatchGuard Increases Visibility with New Network Discovery and Mobile Security Capabilities
IT Pros in distributed enterprises and SMBs gain new insights into network threats, attacks, malware and mobile security
LinkedIn is Latest Contributor to Breach Fatigue
Expert Troy Hunt waxes on last week’s LinkedIn data dump of 117 million credentials and how it reflects on a new breed of hackers.