Category Archives: Security
Security
jQuery Site Popped To Serve Malware Slop
Silent Circle Wants You To Hack The 'Untrackable' Blackphone
Kali NetHunter Turns Android Into Hacker Swiss Army Knife
MS14-FEB – Microsoft Security Bulletin Summary for February 2014 – Version: 1.3
Revision Note: V1.3 (September 24, 2014): For MS14-009, added a missing Server Core entry in the Affected Software table for Microsoft .NET Framework 4 when installed on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (2898855). This is an informational change only. Customers running this affected software on Server Core installations who have already applied the 2898855 update do not need to take any action. Customers running this affected software on Server Core installations who have not already installed the update should do so to be protected from the vulnerabilities addressed in MS14-009. See the bulletin for download links.
Summary: This bulletin summary lists security bulletins released for February 2014.
MS14-009 – Important: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege – Version: 1.3
Severity Rating: Important
Revision Note: V1.3 (September 24, 2014): Bulletin revised to correct a missing Server Core installation entry in the Affected Software table for Microsoft .NET Framework 4 when installed on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (2898855). This is an informational change only. Customers running this affected software on Server Core installations who have already applied the 2898855 update do not need to take any action. Customers running this affected software on Server Core installations who have not already installed the update should do so to be protected from the vulnerabilities addressed in this bulletin.
Summary: This security update resolves two publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft .NET Framework. The most severe vulnerability could allow elevation of privilege if a user visits a specially crafted website or a website containing specially crafted web content. In all cases, however, an attacker would have no way to force users to visit such websites. Instead, an attacker would have to convince users to visit the compromised website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker’s website.
MS14-049 – Important: Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490) – Version: 1.2
Severity Rating: Important
Revision Note: V1.2 (September 24, 2014): Bulletin revised to change Known issues entry in the Knowledge Base Article section from None to Yes.
Summary: This security update resolves a privately disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application that attempts to repair a previously-installed application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
DSA-3032 bash – security update
Stephane Chazelas discovered a vulnerability in bash, the GNU
Bourne-Again Shell, related to how environment variables are
processed. In many common configurations, this vulnerability is
exploitable over the network, especially if bash has been configured
as the system shell.
Microsoft Starts Online Services Bug Bounty
Microsoft today launched the Microsoft Online Services Bug Bounty Program which will pay out a minimum of $500 for vulnerabilities found in its cloud services such as Office 365.
High-Volume, High-Rate DDoS Attacks Persist
A new report illustrates the continued proliferation of both high-volume and high-rate distributed denial of service attacks, like the ones executed via NTP amplification, over the last few months.