Monthly Archives: July 2016
Democrats Hit By Yet Another Hack
AdGholas Malvertising Campaign Scam Smashed
Hillary Clinton's Presidential Campaign also Hacked in Attack on Democratic Party
There’s a lot more to come from the DNC Hack.
The Associated Press confirmed yesterday that the computer systems used by Hillary Clinton’s presidential campaign were hacked as part of the recent Democratic National Convention (DNC) hack.
Last week’s email dump containing almost 20,000 emails from top DNC officials was just the beginning, which led DNC Chairwoman Debbie Wasserman Schultz to
CHERRY B.UNLIMITED AES JD-0400EU-2/01 Crypto Issues / Replay Attacks
CHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from cryptographic issues and replay attack vulnerabilities.
DHS Announces Cyber Incident Reporting Information
Original release date: July 29, 2016
The United States Department of Homeland Security (DHS) has released guidelines and points of contact for reporting cyber incidents to the Federal Government. This communication follows the recent release of Presidential Policy Directive 41 (PPD-41)—United States Cyber Incident Coordination—which outlines how the Federal Government will handle cyber incidents.
Users and administrators are encouraged to review these documents to learn when, what, and how to report cyber incidents to the National Cybersecurity and Communications Integration Center (NCCIC) and other entities.
This product is provided subject to this Notification and this Privacy & Use policy.
DSA-3634 redis – security update
It was discovered that redis, a persistent key-value database, did not
properly protect redis-cli history files: they were created by default
with world-readable permissions.
GLSA 201607-17: BeanShell: Arbitrary code execution
DSA-3636 collectd – security update
Emilien Gaspar discovered that collectd, a statistics collection and
monitoring daemon, incorrectly processed incoming network
packets. This resulted in a heap overflow, allowing a remote attacker
to either cause a DoS via application crash, or potentially execute
arbitrary code.
Gentoo Linux Security Advisory 201607-17
Gentoo Linux Security Advisory 201607-17 – BeanShell is vulnerable to the remote execution of arbitrary code via Java serialization or XStream from an untrusted source. Versions less than 2.0_beta6 are affected.