Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.
Monthly Archives: August 2016
ATMs in Thailand Hacked; 12 Million Baht Stolen; 10,000 ATMs Prone to Hackers
Thailand has suffered its first ATM Hack!
An Eastern European gang of criminals has stolen over 12 Million Baht (approximately US$350,000) from a total of 21 ATMs in Bangkok and other five provinces by hacking a Thai bank’s ATM network; police said Wednesday
The Central Bank of Thailand (BoT) has issued a warning to all commercial banks about security flaws in roughly 10,000 ATMs that were
Workbench Scheduler – Moderately Critical – Access Bypass – SA-CONTRIB-2016-049
- Advisory ID: DRUPAL-SA-CONTRIB-2016-049
- Project: Workbench Scheduler (third-party module)
- Version: 7.x
- Date: 2016-August-24
- Security risk: 13/25 ( Moderately Critical) AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:All
- Vulnerability: Access bypass
Description
Workbench Scheduler module provides users with the ability to create schedules that change moderated content from one workbench moderation state to another.
An authenticated user could add a schedule to a node even when that content type has schedules disabled.
The vulnerability is mitigated by the fact that a attacker must have access to an account in the system with permission to edit content and create schedules. Also, only sites with a specific combination of permissions and modules are affected.
CVE identifier(s) issued
- A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Versions affected
- Workbench Scheduler 7.x-1.x versions prior to 7.x-1.9.
Drupal core is not affected. If you do not use the contributed Workbench Scheduler module, there is nothing you need to do.
Solution
Install the latest version:
- If you use the Workbench Scheduler module for Drupal 7.x, upgrade to Workbench Scheduler 7.x-1.9
Also see the Workbench Scheduler project page.
Reported by
Fixed by
- Caroline Boyden
- Joshua Bolduc, the module maintainer
Coordinated by
- Pere Orga of the Drupal Security Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
Drupal version:
Slackware Security Advisory – gnupg Updates
Slackware Security Advisory – New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
Red Hat Security Advisory 2016-1756-01
Red Hat Security Advisory 2016-1756-01 – KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Security Fix: Quick Emulator built with the Block driver for iSCSI images support is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in denial of service, or potentially leverage it to execute arbitrary code with QEMU-process privileges on the host.
Instagram Scam Preys On Bank Followers
New Collision Attacks Allow For Cookie Decryption
Wildfire Ransomware Code Cracked – Unlock For Free
Ashley Madison Agrees To Security Overhaul After Damning Report
MIT Researchers Solve the Spectrum Crunch to make Wi-Fi 10 times Faster
While using your cell phone at a massive public event, like a concert, conference, or sporting event, you have probably experienced slow communication, poor performance or slow browsing speeds, as crowds arrive.
That’s because of ‘Spectrum Crunch’, which means, Interference of WiFi signals with each other.
WiFi signals of all cell-phones in a large event interfere with each other because
