Monthly Archives: October 2016

Security

Lynis Auditing Tool 2.4.0

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Full Disclosure

[CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321) – patch update

Posted by Harry Sintonen on Oct 30

Update on the advisory: As pointed out by several people, the ERROR
macro did’t fail the operation in a desired way: Files were still
being created by tar. In order to really stop tar from doing silly
things, FATAL_ERROR macro needs to be used instead.

The patch has now been updated accordingly.

Updated Advisory:
https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt

Updated Patch:…

Checkpoint

Microsoft Windows Graphics Component Remote Code Execution (MS16-120; CVE-2016-3393)

A remote code execution vulnerability has been reported in Microsoft Windows Graphics Component. The vulnerability is due to the improper handling of objects in the memory.A remote attackers could exploit this vulnerability by enticing users to view a specially crafted web page, or a document file. Successful exploitation would allow the attacker to execute arbitrary code in the context of the system.

Hackers News

Teenage Hacker Arrested For Disrupting 911 Service With DDoS Attack

Just last month, researchers explained how an attacker can knock the 911 service offline in an entire state by launching automated Distributed Denial of Service (DDoS) attacks using a botnet of just 6000 smartphones.

But, doing so, in reality, could not only land public in danger but the attacker as well.

The same happened to an 18-year-old teen from Arizona, who was arrested this week