Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. This framework comes into play when the attacker is able to make traffic redirection, and such thing can be done in several ways such as: DNS tampering, DNS Cache Poisoning, ARP spoofing Wi-Fi Access Point impersonation, DHCP hijacking with your favorite tools. This way you can easy take control of a fully patched machine during a penetration test in a clean and easy way. The main idea behind the is to show the amount of trivial errors in the update process of mainstream applications.

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.

Ubuntu Security Notice 3139-1 – Florian Larysch discovered that the Vim text editor did not properly validate values for the ‘filetype’, ‘syntax’, and ‘keymap’ options. An attacker could trick a user into opening a file with specially crafted modelines and possibly execute arbitrary code with the user’s privileges.

Eagle Speed USB modem software suffers from a privilege escalation vulnerability.

The Nuit Du Hack Call For Papers for 2017 has been announced. It will be held June 24th through the 25th, 2017 in Paris, France.

EnCase Forensic Imager versions 7.10 and below suffer from denial of service and heap-based buffer overflow vulnerabilities.

The BloomCON 2017 Forensics and Security conference will be held March 24th through the 24th, 2017 in Bloomsburg, PA, USA.