The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.
Monthly Archives: June 2016
CVE-2016-5338 (qemu)
The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer.
CVE-2016-5365 (honor_ws851_firmware)
Stack-based buffer overflow in Huawei Honor WS851 routers with software 1.1.21.1 and earlier allows remote attackers to execute arbitrary commands with root privileges via unspecified vectors, aka HWPSIRT-2016-05051.
CVE-2016-5366 (honor_ws851_firmware)
Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a “file injection vulnerability,” aka HWPSIRT-2016-05052.
CVE-2016-5367 (honor_ws851_firmware)
Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors, aka HWPSIRT-2016-05053.
Apple announces Encryption-focused New File System for macOS Sierra
Apple announced one huge change at WWDC 2016: The company is replacing the HFS+ file system on MacOS, iOS, tvOS and WatchOS with a new file system.
The company has introduced its brand new file system called The Apple File System — or APFS for short — for iOS, OS X, tvOS, and WatchOS, making security its centerpiece.
“The Apple File System (APFS) is the next-generation file system designed
Meaningful Surveillance Reform Risks Defeat
Meaningful surveillance reform risks defeat if the reintroduction of the Massie-Lofgren amendment to a DoD spending bill is derailed because new US House rule changes.
CVE-2016-5060 Stored Cross-Site Scripting vulnerability in nGrinder
Posted by ljj on Jun 14
Title: CVE-2016-5060 Stored Cross-Site Scripting vulnerability in nGrinder
Author: lukasz.juszczyk at ingservicespolska.pl
Date: 25.03.2016
Affected software :
=============
nGrinder v3.3
http://naver.github.io/ngrinder/
Description :
=============
nGrinder is a platform for stress tests that enables you to execute script creation, test execution, monitoring, and
result report generator simultaneously. The open-source nGrinder offers easy…
Do Your Employees Download Pirated Software? How To Prevent It:
There are many popular programs that might be available on a user’s home computer, but that are not available at their workplace. A popular image editing program like Photoshop, or Microsoft Office, might be too expensive for a small or medium-sized company that could opt out for more affordable, or even free, software solutions.
However, some employees are unwilling to conform to using these less popular tools, and often, they try to install pirated versions on their computer at work (that are unauthorized on their company computers). The consequence of downloading pirated versions goes far beyond the obvious legal repercussions, which can be very serious for companies. Pirated software is one of biggest entry doors for malware to enter companies.
Pirated software is one of biggest entry doors for malware to enter companies.
To prevent employees from using unlicensed software, which has the potential to compromise your company’s computers, it is essential to establish a proper software management policy (SAM).
First of all, businesses should maintain an updated inventory of all active software (i.e., a list of all licensed programs and the workers who use them). Overall, this will serve to detect the programs that are necessary for employees’ work, and which ones should resign.
It is also important to control the detailed information associated with these licensed programs: when the program was bought, when it needs to be renewed, if there are any updates or patches that have not been downloaded yet; this will prioritize our resources so we are able to control budgets and facilitate decision making.
Businesses should maintain an updated inventory of all active software in order to better manage budgets and facilitate decision making.
It is also important to educate and sensitize workers about good practices in relation to software. Unfortunately, on many occasions the company technical departments are unaware of the programs that their colleagues are installing without permission. In fact, around 30% of employees use tools that their bosses don’t know about.
The problem is bigger than it may seem. In 2015, according to a study by the Business Software Alliance (BSA), 39% of software installed on computers worldwide are unlicensed. Those companies using unlicensed software programs are basically drilling holes for cybercriminals, giving them a way to enter their systems and allowing them to endanger their company with malware.
Downloading pirated software increases the likelihood of having a cyber-attack. It is important that you protect your business with advanced cyber-security solutions, like Adaptive Defense 360.
The post Do Your Employees Download Pirated Software? How To Prevent It: appeared first on Panda Security Mediacenter.
Bashi v1.6 iOS – Persistent Mail Encoding Vulnerability
Posted by Vulnerability Lab on Jun 14
Document Title:
===============
Bashi v1.6 iOS – Persistent Mail Encoding Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1852
Release Date:
=============
2016-05-25
Vulnerability Laboratory ID (VL-ID):
====================================
1852
Common Vulnerability Scoring System:
====================================
3.4
Product & Service Introduction:…