Debian DSA-4670-1 : tiff - security update

Several vulnerabilities have been found in the TIFF library, which may result in denial of service or the execution of arbitrary code if malformed image files are processed. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...

‘Black Rose Lucy’ is Back, Now Pushing Ransomware

Cybercriminals behind the Android-based dropper malware Black Rose Lucy have shifted attacks from info-stealing to ransomware – with a sextortion twist. The malware family, operated by the Lucy Gang, encrypts targeted Android devices and delivers a spoofed FBI message. The ransom note claims the...

Debian: Security Advisory (DSA-4664-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4665-1] qemu security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4665-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 27, 2020 https://www.debian.org/security/faq -...

CVE-2020-12271: Sophos XG Firewall Pre-Auth SQL Injection Vulnerability

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration HTTPS service or the User Portal exposed on the WAN zone. A successful attack...

OpenSSL: EDIPARTYNAME NULL Pointer De-reference Vulnerability (CVE-2020-1971) - Linux

OpenSSL is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...

Banking.BR Android Trojan Emerges in Credential-Stealing Attacks

A recently uncovered banking trojan aims to steal Android victims’ online banking credentials and take over their bank accounts, using “elaborate” overlay attack capabilities. The malware, dubbed “Banker.BR” by researchers with IBM X-Force, was spotted in messages targeting users in countries tha...

Description of the update for Communicator 2007 R2: July 2009

Describes the update for Communicator 2007 R2 that is dated July 2009.SummaryThis article describes the Microsoft Office Communicator 2007 R2 issues that are fixed in the update for Communicator 2007 R2 that is dated June 2009.This article describes the following items about the update:The issues...

SCANNER-INURLBR

It is an offensive tool for web application vulnerability scanning. The primary CVE ID present in the context is not explicitly mentioned, but the tool is designed for Google Hacking and web application vulnerability scanning. The target product/service or framework is not explicitly stated, but...

Fedora: Security Advisory for pacman (FEDORA-2020-096fbcc91f)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for pacman (FEDORA-2020-781d0b2efe)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Arbitrary Code Execution

freetype is vulnerable to arbitrary code execution. The vulnerability exists as multiple flaws were found in the way FreeType handled TrueType Font TTF, Glyph Bitmap Distribution Format BDF, Windows .fnt and .fon, and PostScript Type 1 fonts. If a specially-crafted font file was loaded by an...

The vulnerability of the managed-keys function in the DNS BIND server allows for unlimited resource distribution, enabling attackers to cause service failures.

The vulnerability of the managed-keys function in the DNS BIND server is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

Debian DLA-2171-1 : ceph security update

It was discovered that there was a header-splitting vulnerability in ceph, a distributed storage and file system. For Debian 8 'Jessie', this issue has been fixed in ceph version 0.80.7-2+deb8u4. We recommend that you upgrade your ceph packages. NOTE: Tenable Network Security has extracted the...

[SECURITY] Fedora 30 Update: pacman-5.2.1-2.fc30

Pacman is the package manager used by the Arch distribution. It can be used to install Arch into a container or to recover an Arch installation from a Fedora system see arch-install-scripts package for instructions. Pacman is a frontend for the ALPM Arch Linux Package Management library Pacman do...

CVE-2018-5735

The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. Other packages from other distributions who did similar...

Unveiled: How xHelper Android Malware Re-Installs Even After Factory Reset

Remember xHelper? A mysterious piece of Android malware that re-installs itself on infected devices even after users delete it or factory reset their devices—making it nearly impossible to remove. xHelper reportedly infected over 45,000 devices last year, and since then, cybersecurity researchers...

Seeing Book Shelves on Virtual Calls

I have a confession... for me, the best part of virtual calls, or seeing any reporter or commentator working for home, is being able to check out their book shelves. I never use computer video, because I want to preserve the world's bandwidth. That means I don't share what my book shelves look li...

Denial Of Service (DoS)

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

Social Engineering Based on Stimulus Bill and COVID-19 Financial Compensation Schemes Expected to Grow in Coming Weeks

Given the community interest and media coverage surrounding the economic stimulus bill currently being considered by the United States House of Representatives, we anticipate attackers will increasingly leverage lures tailored to the new stimulus bill and related recovery efforts such as stimulus...