The 4.8.7 kernel rebase contains new hardware support, additional features, and a number of important bug fixes across the tree.
Monthly Archives: November 2016
kernel-4.8.7-300.fc25
The 4.8.7 stable kernel update contains a number of important fixes across the tree.
CVE-2016-9277
Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906.
Google Chrome blink Serializer::doSerialize bad cast details
Posted by Berend-Jan Wever on Nov 11
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the
ninth entry in that series, and the first to not target a Microsoft browser.
The below information is available in more detail on my blog at
http://blog.skylined.nl/20161111001.html.
Follow me on http://twitter.com/berendjanwever for daily browser bugs.
Google Chrome blink Serializer::doSerialize bad cast…
Trango Systems hidden default root login (all models)
Posted by Ian Ling on Nov 11
[+] Credits: Ian Ling
[+] Website: iancaling.com
[+] Source: http://blog.iancaling.com/post/153011925478/
Vendor:
=================
www.trangosys.com
Products:
======================
All models. Newer versions use a different password.
Vulnerability Type:
===================
Default Root Account
CVE Reference:
==============
N/A
Vulnerability Details:
=====================
Trango devices all have a built-in, hidden root account, with a…
Google Pixel Phone Hacked in 60 Seconds at PwnFest 2016
The brand new Android smartphone launched by Google just a few months back has been hacked by Chinese hackers just in less than a minute.
Yes, the Google’s latest Pixel smartphone has been hacked by a team white-hat hackers from Qihoo 360, besides at the 2016 PwnFest hacking competition in Seoul.
The Qihoo 360 team demonstrated a proof-of-concept exploit that used a zero-day vulnerability in
CVE-2016-9274
Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected.
5 Major Russian Banks Hit With Powerful DDoS Attacks
Distributed Denial of Service (DDoS) attacks have risen enormously in past few months and, mostly, they are coming from hacked and insecure internet-connected devices, most commonly known as Internet of Things (IoT).
Recent DDoS attack against DNS provider Dyn that brought down a large chunk of the Internet came from hacked and vulnerable IoT devices such as DVRs, security cameras, and smart
