Mail attachment containing a malicious downloader was observed as part of ransomware campaigns. A remote attacker could send spam e-mails including those downloaders and convince users to manually enable them. This would allow the malicious code to run and infect the target system.
Monthly Archives: September 2016
Adobe Flash Player Type Confusion (APSB16-29: CVE-2016-4280; CVE-2016-4280)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a type confusion condition while handling a malformed SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file. Successful exploitation would allow an attacker to execute arbitrary code on the target.
The Concept of a MVP
With the growing adoption of agile methodologies there is one term you will often hear and come across in most software companies nowadays: “Minimum Viable Product” (MVP).
The post The Concept of a MVP appeared first on Avira Blog.
Each Cyberattack Costs Large Companies $861K: Kaspersky – Bloomberg BNA
Each Cyberattack Costs Large Companies $861K: Kaspersky – Bloomberg BNA
CVE-2016-0870
The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request.
CVE-2016-1483
Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a denial of service (CPU consumption) by repeatedly accessing the account-validation component of an unspecified service, aka Bug ID CSCuy92704.
CVE-2016-4526
ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory.
CVE-2016-4860
Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a (1) stop application program, (2) change value, or (3) modify application command.
CVE-2016-5814
Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS project file.
CVE-2016-6415
The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.