Monthly Archives: September 2016
TorrentLocker: Crypto-ransomware still active, using same tactics
ESET has carried out analysis of new samples of the crypto-ransomware family TorrentLocker, to compare the 2016 campaigns against its research in late 2014.
The post TorrentLocker: Crypto-ransomware still active, using same tactics appeared first on WeLiveSecurity.
Back to school technology migration starts
The biggest annual technology migration of the year is about to start as millions of smartphones head off to machine learning centers.
The post Back to school technology migration starts appeared first on Avira Blog.
VMworld: The year of the developer
At VMworld there are a bewildering number of technologies trying to integrate in order to provide your data to entire networks, reports ESET’s Cameron Camp.
The post VMworld: The year of the developer appeared first on WeLiveSecurity.
SWIFT Warns Banks Of More Cyberattacks
Banks face persistent, sophisticated and sustained cyberattacks from hackers looking to exploit the SWIFT messaging network, according to reports.
CVE-2016-0385 (websphere_application_server)
Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2016-2954 (connections)
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2956 and CVE-2016-3008.
CVE-2016-2956 (connections)
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2954 and CVE-2016-3008.
CVE-2016-2995 (connections)
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2997, CVE-2016-3005, and CVE-2016-3010.
CVE-2016-2997 (connections)
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-3005, and CVE-2016-3010.