Microsoft beefs up ransomware defenses in Windows 10 Anniversary Update starting with Edge browser and the Advanced Threat Protection (ATP) tool.
Monthly Archives: November 2016
VMWare Releases Security Updates
Original release date: November 14, 2016
VMWare has released security updates to address a vulnerability in VMware Workstation and Fusion. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review VMware Security Advisory VMSA-2016-0019 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Wi-Fi Signal Interference Can Leak Your Passwords and Keystrokes
Hackers can steal your sensitive information, such as your Passwords, PINs and Keystrokes, from your phone by observing changes in the wireless signal as you enter them into your smartphones.
A group of researchers from the Shanghai Jaio Tong University, the University of South Florida and the University of Massachusetts at Boston have demonstrated a new technique that can reveal private
Adult FriendFinder Hack Exposes 400 Million Accounts
The FriendFinder Network has reportedly been hacked exposing 400 million user accounts of Adult FriendFinder, Penthouse.com and Stripshow.com.
Disk Pulse Enterprise 9.0.34 Login Buffer Overflow
This Metasploit module exploits a stack buffer overflow in Disk Pulse Enterprise 9.0.34. If a malicious user sends a malicious HTTP login request, it is possible to execute a payload that would run under the Windows NT AUTHORITYSYSTEM account. Due to size constraints, this module uses the Egghunter technique.
Linux BPF Local Privilege Escalation
Linux kernel versions 4.4 and above where CONFIG_BPF_SYSCALL and kernel.unprivileged_bpf_disabled sysctl is not set to 1 allow for BPF to be abused for privilege escalation. Ubuntu 16.04 has all of these conditions met.
I-Panda SolarEagle Authentication Issues / Denial Of Service
SolarEagle version 2.00 suffers from an administrative login bypass vulnerability. MPPT Solar Controller SMART2 suffers from missing server-side authentication, unencrypted communication, and denial of service issues.
moodle-3.0.7-1.fc23
3.0.7
VMware Security Advisory 2016-0019
VMware Security Advisory 2016-0019 – VMware Workstation and Fusion updates address a critical out-of-bounds memory access vulnerability.
Barco ClickShare XSS / Remote Code Execution / Path Traversal
Barco ClickShare suffers from remote code execution, cross site scripting, path traversal, and file disclosure vulnerabilities.