Lock Photos Album and Videos Safe version 4.3 suffers from a directory traversal vulnerability.
Monthly Archives: February 2017
DSA-3793 shadow – security update
Several vulnerabilities were discovered in the shadow suite. The Common
Vulnerabilities and Exposures project identifies the following problems:
Policy Experts Push To Make Vulnerability Equities Process Law
By making the Vulnerability Equities Process law, advocates of the idea argue there would be more reliability, transparency and accountability in the process of government vulnerability disclosure.
Why antivirus alone won't protect you: The anatomy of REAL security software
When computers were still relatively new, antivirus software defended against the only existing threat at the time – viruses. Today, users must protect themselves and their devices from viruses and from malware such as ransomware, as well as malicious activities carried out by cyber crooks, including Wi-Fi snooping to steal personal information, account breaching, and infecting Internet of Things (IoT) devices to perform DDoS attacks. You may be wondering, then, how to protect yourself from so many – and such diverse – threats.
CVE-2016-10109
Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses “cardsList” after the handle has been released through the SCardReleaseContext function.
Targeting SMBs’ threat tolerance concerns
While small and medium businesses don’t appear to be as concerned about their cybersecurity vulnerabilities as they should be – i.e. SMBs are the principal targets of cybercrime and as many as 60 percent of hacked SMBs go out of business after six months – the reality is that the growing and rapidly changing threatscape and limited resources are driving them to outside help to protect their businesses. That protection can include assessments, remote monitoring and management, and backup and disaster recovery, but one way to stand out from the competition is to focus on their risk tolerances and customize your offerings to their individual risk appetites.
CVE-2017-6100
tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.
Hacker Who Knocked Million Routers Offline Using MIRAI Arrested at London Airport
British police have arrested a suspect in connection with the massive attack on Deutsche Telekom that hit nearly 1 Million routers last November.
Late last year, someone knocked down more than 900,000 broadband routers belonging to Deutsche Telekom users in Germany, which affected the telephony, television, and internet service in the country.
Now, Germany’s federal criminal police force (
CVE-2017-6214
The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.