Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the “crafted image file” approach, related to an “Integer Overflow” issue affecting the Image.core.map_buffer in map.c component.
Monthly Archives: November 2016
CVE-2016-9190 (pillow)
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the “crafted image file” approach, related to an “Insecure Sign Extension” issue affecting the ImagingNew in Storage.c component.
[oss-security] CVE request:Lynx invalid URL parsing with '?'
Posted by redrain root on Nov 04
I can’t find any bugtracker in lynx ,so i will disclose by this mail and
sent to the author dickey () invisible-island net.
redrain (rootredrain () gmail com)
Date:2016-11-03
Version: 2.8.8pre.4、2.8.9dev.8 and earlier
Platform: Linux and Windows
Vendor: http://lynx.browser.org/
Vendor Notified: 2016-11-03
VULNERABILITY
————————-
Lynx doesn’t parse the authority component of the URL correctly when the
host
name part…
Re: [oss-security] CVE request:Lynx invalid URL parsing with '?'
Posted by Thomas Dickey on Nov 04
thanks (I’ll put together a fix)
Re: [oss-security] CVE request:Lynx invalid URL parsing with '?'
Posted by Leo Famulari on Nov 04
FYI, as far as I can tell, this bug is present in 2.8.9dev.9 as well.
MSIE 10 MSHTML CElement::GetPlainTextInScope out-of-bounds read
Posted by Berend-Jan Wever on Nov 04
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the third
entry in that series.
The below information is also available on my blog at
http://blog.skylined.nl/20161103001.html. There you can find a repro
that triggered this issue in addition to the information below.
Follow me on http://twitter.com/berendjanwever for daily browser bugs.
MSIE 10 MSHTML…
Wi-Fi can be turned into IMSI Catcher to Track Cell Phone Users Everywhere
Here’s a new danger to your smartphone security: Your mobile device can be hijacked and tracked without your knowledge.
Remember Stingrays?
The controversial cell phone spying tool, also known as “IMSI catchers,” has long been used by law enforcement to track and monitor mobile users by mimicking a cellphone tower and tricking their devices to connect to them. Sometimes it even intercepts
Nuovo SITO Online – iPhone 6 – Notebook HP Ibridio – PC e Tanto Altro
Non vedi il contenuto di questa Email? Clicca Quì http://campaign.r20.constantcontact.com/render?m=1103299326490&ca=5230eb92-8015-42e7-afda-12b690ba8fb0 Greetings! Inotra questa email http://ui.constantcontact.com/sa/fwtf.jsp?llr=9qmh7qdab&m=1103299326490&ea=broadcast%40simpaticotech.it&a=1126318031654 Questa mail è stata inviata a [email protected], da parte di [email protected] Aggiorna profilo/indirizzo e-mail https://visitor.constantcontact.com/do?p=oo&m=001ppwvHtrFNf1h59YxsVHM6Q%3D%3D&ch=ce81b4a0-be9c-11e4-90fa-d4ae528eb986&ca=5230eb92-8015-42e7-afda-12b690ba8fb0 Rimozione istantanea con SafeUnsubscribe(TM) https://visitor.constantcontact.com/do?p=un&m=001ppwvHtrFNf1h59YxsVHM6Q%3D%3D&ch=ce81b4a0-be9c-11e4-90fa-d4ae528eb986&ca=5230eb92-8015-42e7-afda-12b690ba8fb0 Informativa sulla privacy: http://ui.constantcontact.com/roving/it/CCPrivacyPolicy.jsp Online Marketing by Constant Contact(R) www.constantcontact.com Simpatico Network srl | Via Volta 7 | BUCCINASCO | 20090 | Italy
AtomBombing, a new threat to your Windows
A few days ago Tal Liberman, a security researcher from the company enSilo revealed a new code injection technique that affects all Windows versions up to Windows 10. Due to the nature of this technique it is unlikely that it can be patched. In this article I’d like to shed light on this attack, its consequences and what can be done in order to protect ourselves.
How does it work?
Basically this attack takes advantage of the own operating system to inject malicious code and then use some legit process to execute it. Although it is not that different to what malware has been doing for ages (malware has been injecting itself in running processes for decades) it is true that the use of the atom tables (provided by Windows to allow applications to store and access data) is not common, and it is likely to go unnoticed by a number of security solutions.
This attack is not common, and it is likely to go unnoticed by a number of security solutions.
The best explanation you can find so far is the one made by Tal in his blog “AtomBombing: A Code Injection that Bypasses Current Security Solutions”.
If there is no patch and it affects all Windows versions, does it mean that we are under great danger?
Not really. First, in order to use this technique malware has to be able to be executed in the machine. This cannot be used to remotely attack and compromise your computer. Cybercriminals will have to use some exploit or fool some user into downloading and executing the malware, hoping for the security solutions in place not to stop it.
Is this really new?
The way the attack is performed to inject code is new, although as I mentioned earlier malware has used malware injection techniques for a long time, for instance you can see that in many ransomware families.
New, but not that dangerous… why the panic?
As I said first malware has to be executed in the machine, but we know that at some point this will happen (not a matter of IF, but WHEN.)
Many security solutions have the ability to detect process injection attempts, however to do this they rely on signatures, therefore many of them are not able to detect this particular technique nowadays. On top of that, many of them have a list of trusted processes. If the malicious code injection happens in one of them, all security measures from that product will be bypassed.
Finally, this attack is really easy to implement, now that it is known there will be a number of cybercriminals implementing it in their malware sooner than later.
What can we do to protect our company’s network?
On one hand, traditional antimalware solutions are great to detect and prevent infections of hundreds of millions of different threats. However they are not that good at stopping targeted attacks or brand new threats.
On the other hand we have the so called “Next Gen AV”. Most of them claim that they do not use signatures, so their strength come from the use of machine learning techniques, which have evolved greatly in the last few years, and they have shown they are pretty good at detecting some new threats. As they know their weakness is that they are not that good stopping all threats, they have a great expertise in post-infection scenarios, offering a lot of added value when a breach has already happened. Another issue they have is that machine learning won’t give you a black or white diagnosis, which translates into high false positive rates.
Using traditional antimalware + Next Gen AV is the best approach?
Not the best, although it is better than using just one as they can complement each other. It has however a few downsides. As a starter you have to pay for both. Although it can be justified due to the overall protection improvement, it means you will need extra budget for the extra work (false positive exponential growth coming from Next Gen solutions, different consoles to manage each one, etc.) Performance can become an issue is both are running in the same computers. And finally these solutions don’t talk to each other, which means you are not taking full advantage of the information each one handles.
Panda Solutions for Companies combine the power of the traditional solutions and the machine learning techniques.
The best solution is one that has both capabilities, one that has the power of traditional solutions as well as long experience in machine learning techniques combined with big data and cloud. Working together and exchanging information, with a continuous monitoring of all running processes, classifying all programs that are executed on any computer of your corporate network and creating forensic evidences in real time in case of any breach. Only deploying a small agent that will take care of everything, using the cloud for the heavy-processing tasks offering the best performance in the market. In other words, Adaptive Defense 360.
The post AtomBombing, a new threat to your Windows appeared first on Panda Security Mediacenter.
firefox-49.0.2-1.fc25
– new upstream version (49.0.2)