Red Hat Security Advisory 2016-2871-01 – The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
Monthly Archives: December 2016
Red Hat Security Advisory 2016-2872-01
Red Hat Security Advisory 2016-2872-01 – The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system(), popen(), or wordexp() C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use these flaws to execute arbitrary commands with elevated privileges.
Gentoo Linux Security Advisory 201612-14
Gentoo Linux Security Advisory 201612-14 – A vulnerability was discovered in util-linux, which could potentially lead to the execution of arbitrary code. Versions less than 2.26 are affected.
Sony Kills Off Secret Backdoor In 80 Internet Connected CCTV Models
North Korea Hacks South Korea Military Cyber Command
The Business Of Making A Cannabis Surveillance State
A Look At The Top HackerOne Bug Bounties Of 2016
Goldeneye has been reactivated
Even if it calls itself Goldeneye Ransomware, the behavior is exactly the same as Petya. And now we have the same message as before but changing the text “files” to “harddisks”.
The post Goldeneye has been reactivated appeared first on Avira Blog.
gstreamer1-plugins-base-1.8.3-2.fc24
Fix for Out of bounds heap read in windows_icon_typefind
How to protect your account after the Dailymotion hack
After the massive data breaches of web giants Dropbox, Badoo, MySpace, Tumblr, LinkedIn and Yahoo! in September 2016 (the biggest massive piracy of individual data against a single company never made public), Dailymotion, one of the most visited video platforms in the world has been attacked. The French online video giant remains behind YouTube, bringing in more than 300 million unique visitors per month. More than 85 million accounts are affected by this massive data leak, which still makes it one of the most important attacks of the year.
One of the most important attacks of the year
LeakedSource sounded the alarm this week by acquiring some of the stolen data. According to them, Dailymotion’s database was victim to an intrusion in early October which allowed the hackers to recover the data of more than 85 million users: mainly identifiers, passwords and email addresses.
