Due to the worldwide promotion of Mirai botnet that knocked down half of the Internet last Friday, hackers and even script kiddies have started creating their own botnet networks by hacking millions of IoT devices and selling them as DDoS-for-hire service to overwhelm targets with data.
A 19-year-old student from Hertford has pled guilty to running one such DDoS-for-hire service that shortly
Exponent CMS versions 2.3.9 and below suffer from multiple remote SQL injection vulnerabilities. Updates have been released to address these identified issues.
Setting the listStyleImage property of an Element object causes MSIE 11 to allocate 0x4C bytes for an “image context” structure, which contains a reference to the document object as well as a reference to the same CMarkup object as the document. When the element is removed from the document/document fragment, this image context is freed on the next “draw”. However, the code continues to use the freed context almost immediately after it is freed.
Ubuntu Security Notice 3113-1 – It was discovered that a long running unload handler could cause an incognito profile to be reused in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. Multiple security vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, spoof an application’s URL bar, obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
Red Hat Security Advisory 2016-2136-01 – IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3-FP20. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.