Red Hat Security Advisory 2017-0869-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). Enhancement:
Monthly Archives: April 2017
HP Security Bulletin HPESBGN03721 1
HP Security Bulletin HPESBGN03721 1 – A potential vulnerability has been identified in HPE Operations Bridge Analytics. The vulnerability could be exploited to allow remote cross-site scripting (XSS). Revision 1 of this advisory.
Google just discovered a dangerous Android Spyware that went undetected for 3 Years
An Android version of one of the most sophisticated mobile spyware has been discovered that remained undetected for at least three years due to its smart self-destruction capabilities.
Dubbed Chrysaor, the Android spyware has been used in targeted attacks against activists and journalists mostly in Israel, but also in Georgia, Turkey, Mexico, the UAE and other countries.
Chrysaor espionage
New RAT Targets Koreans And Is Skilled At Evading Detection
Cisco Talos researchers spot a stealthy new remote administration tool calling ROKRAT that targets Korean-language Microsoft Word alternative Hangul Word Processor.
IAAF: ‘Fancy Bear’ Sednit behind cyberattack
The IAAF has become the latest organization to fall victim to the cybercriminal gang Sednit.
The post IAAF: ‘Fancy Bear’ Sednit behind cyberattack appeared first on WeLiveSecurity
CVE-2017-7413
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.
CVE-2017-3204
The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.
CVE-2017-7414
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user’s preferences, and has enabled the “Should PGP signed messages be automatically verified when viewed?” preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it.
CVE-2017-7398
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password.
CVE-2017-7228
An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.