Micro Focus Rumba WallData.Macro PlayMacro Memory Corruption

A buffer overflow vulnerability has been reported in the WallData.Macro ActiveX control of Micro Focus Rumba. The vulnerability is due to a lack of bounds checking on an argument passed into the PlayMacro() function. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim user to browse to a malicious web page potentially leading to arbitrary code execution under the context of the user.

PHP Exif_Process_User_Comment Null Pointer Dereference (CVE-2016-6292)

A denial of service vulnerability exists in the Exif module of PHP. The vulnerability is due to a null pointer dereference in exif_process_user_comment when trying to handle JIS encoded user comment Exif tags when multi-byte string support is enabled in PHP. A remote, unauthenticated attacker can exploit this vulnerability by having the target PHP application process Exif data on a maliciously crafted image. Successful exploitation would cause the PHP interpreter to crash, leading to a denial of service condition.

Cisco Prime Infrastructure and EPNM Deserialization Code Execution (CVE-2016-1291)

A vulnerability has been found in the web interface of Cisco Prime Infrastructure and Evolved programmable Network Manager (EPNM). The vulnerability is due to insufficient sanitization of user supplied input to the web interface. A remote, unauthenticated attacker could exploit this vulnerability by sending an HTTP POST request with maliciously crafted serialized user data.

HPE Data Protector EXEC_BAR domain Buffer Overflow (CVE-2016-2006)

A buffer overflow vulnerability has been found in the Omnilnet.exe component of HPE Data Protector. This vulnerability is due to lack of boundary checks on the domain field in EXEC_BAR requests. A remote, unauthenticated attacker could exploit this vulnerability by sending malformed requests to a HPE Data Protector service potentially leading to arbitrary code execution under the context of System.

This Malware Can Transfer Data via USB Emissions from Air-Gapped Computers

Air-gapped computers that are isolated from the Internet or other networks and believed to be the most secure computers on the planet have become a regular target in recent years.

A team of researchers from Ben-Gurion University in Israel has discovered a way to extract sensitive information from air-gapped computers – this time using radio frequency transmissions from USB connectors without