Researchers recently identified a phishing campaign set up to lure unsuspecting Netflix users into giving up their credentials and credit card data.
Monthly Archives: January 2017
Stolen NSA "Windows Hacking Tools" Now Up For Sale!
The Shadow Brokers who previously stole and leaked a portion of the NSA hacking tools and exploits is back with a Bang!
The hacking group is now selling another package of hacking tools, “Equation Group Windows Warez,” which includes Windows exploits and antivirus bypass tools, stolen from the NSA-linked hacking unit, The Equation Group.
For those unfamiliar with the topic, The Shadow
3214296 – Vulnerabilities in Identity Model Extensions Token Signing Verification Could Allow Elevation of Privilege – Version: 1.0
Revision Note: V1.0 (January 10, 2017): Advisory published.
Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public version of Identity Model Extensions 5.1.0. This advisory also provides guidance on what developers can do to help ensure that their apps are updated correctly.
MS17-JAN – Microsoft Security Bulletin Summary for January 2017 – Version: 1.1
Revision Note: V1.1 (January 10, 2017): Bulletin Summary revised to change the severity of CVE-2017-0003 to Important. This is an informational change only
Summary: This bulletin summary lists security bulletins released for January2017
MS17-003 – Critical: Security Update for Adobe Flash Player (3214628) – Version: 1.0
Severity Rating: Critical
Revision Note: V1.0 (January 10, 2017): Bulletin published.
Summary: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
MS17-002 – Critical: Security Update for Microsoft Office (3214291) – Version: 1.0
Severity Rating: Critical
Revision Note: V1.0 (January 10, 2017): Bulletin published
Summary: This security update resolves a vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS17-004 – Important: Security Update for Local Security Authority Subsystem Service (3216771) – Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (January 10, 2017): Bulletin Published
Summary: A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system’s LSASS service, which triggers an automatic reboot of the system.
MS17-001 – Important: Security Update for Microsoft Edge (3214288) – Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (January 10, 2017): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Edge. This vulnerability could allow elevation of privilege if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerability could elevate privileges in affected versions of Microsoft Edge.
Cybercriminals ‘should be punished with Wi-Fi jammers’
A senior UK police officer has suggested that offenders of cybercrime should be penalized by being made to wear Wi-Fi jammers rather than being sent to prison.
The post Cybercriminals ‘should be punished with Wi-Fi jammers’ appeared first on WeLiveSecurity
CVE-2016-9247
Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel (TMM) to restart.