Microsoft February Patch Tuesday Now Rolled into March Update, (Thu, Feb 16th)
Microsoft earlier today updated its blog post about the skipped February patch Tuesday with a note that We will deliver updates as part of the planned March Update Tuesday, March 14, 2017. March 14th...
View ArticleISC Stormcast For Thursday, February 16th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleBugtraq: [SYSS-2017-004] Simplessus Files: Path Traversal
[SYSS-2017-004] Simplessus Files: Path Traversal
View ArticleBugtraq: [SYSS-2017-001] Simplessus Files: SQL Injection
[SYSS-2017-001] Simplessus Files: SQL Injection
View ArticleOpenSSL 1.1.0e Update: No need to panic #openssl, (Thu, Feb 16th)
OpenSSL released an update for OpenSSL 1.1.0. The latest version is now OpenSSL 1.1.0e. OpenSSL 1.0.2 is not affected. The vulnerability, %%cve:2017-3733%% can lead to a crash in either clients or...
View ArticleAVM Private Key Leak Puts Cable Modems Worldwide At Risk, (Thu, Feb 16th)
In November, Heise, a german technology news publisher, broke a story that AVM cable modems included not only the manufacturers certificate authority certificate as part of the firmwarebut also the...
View ArticleBugtraq: [SECURITY] [DSA 3790-1] spice security update
[SECURITY] [DSA 3790-1] spice security update
View ArticleISC Stormcast For Friday, February 17th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleRTRBK - Router / Switch / Firewall Backups in PowerShell (tool drop), (Fri,...
Have you ever been asked for the config of a router or switch you (or someone else) put in so long ago you didnt remember that device was there? So long ago that the layer of dust inside that switch...
View ArticleClik here to view.
USB Killer now lets you fry most Lightning and USB-C devices for $55
Remember the USB Killer stick that indiscriminately and immediately fries about 95 percent of devices? Well, now the company has released a new version that is even more lethal! And you can also buy...
View ArticleClik here to view.
Researchers discover security problems under the hood of automobile apps
Enlarge / Some connected car apps may be like leaving owners' keys on the dash for malware to steal. In a presentation at this week's RSA security conference in San Francisco, researchers from...
View ArticleBrazilian malspam sends Autoit-based malware, (Sat, Feb 18th)
Introduction Nothing really exciting this week, so lets review malicious spam (malspam) we received at our ISC handers email distro. The message is in Portuguese, and it claims to be from Detran....
View ArticleClik here to view.
“Secure” Trump website defaced by hacker claiming to be from Iraq
Enlarge / Oops. Someone calling themselves "Pro_Mast3r" managed to deface a server associated with President Donald Trump's presidential campaign fundraising on Sunday, The server,...
View ArticleClik here to view.
Trump’s apparent security faux-pas-palooza triggers call for House investigation
Enlarge / U.S. President Donald Trump met with a group of government cyber security at the White House January 31, 2017 in Washington, DC, and said the government must do more to protect against cyber...
View ArticleISC Stormcast For Monday, February 20th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleBugtraq: PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability
PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability
View ArticleClik here to view.
Hackers who took control of PC microphones siphon >600 GB from 70 targets
Enlarge (credit: Defense Advanced Research Projects Agency) Researchers have uncovered an advanced malware-based operation that siphoned more than 600 gigabytes from about 70 targets in a broad range...
View ArticleHardening Postfix Against FTP Relay Attacks, (Mon, Feb 20th)
Yesterday, I read an interesting blog post about exploiting XXE (XML eXternal Entity) flaws to send e-mails [1]. In short: It is possible to trick the application to connect to an FTP server, but...
View Article