Changing Healthcare Delivery Requires Evolving Security Strategies

...

Decrypting Cyber Risk Quantification

Discover the evolution of cyber risk quantification, criteria for an accurate risk score, and its benefits across the organization...

A Deep Dive into the Evolution of Ransomware Part 3

This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends...

A Deep Dive into the Evolution of Ransomware Part 2

This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends...

Amazon Linux 2 : nspr (ALAS-2023-1953)

The version of nspr installed on the remote host is prior to 4.32.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1953 advisory. NSS Network Security Services up to and including 3.73 is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS...

Amazon Linux 2 : nss-util (ALAS-2023-1954)

The version of nss-util installed on the remote host is prior to 3.67.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1954 advisory. NSS Network Security Services up to and including 3.73 is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS...

Amazon Linux 2 : nss-softokn (ALAS-2023-1955)

The version of nss-softokn installed on the remote host is prior to 3.67.0-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1955 advisory. NSS Network Security Services up to and including 3.73 is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-P...

The Intricate Evolution of SoulSearcher Loader for Multi-Stage Malware Execution

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary SoulSearcher is a second-stage loader that has been seen in the wild since October 2017, and it is responsible for executing the Soul module payload and parsing its configuration. The samples found in th...

A Deep Dive into the Evolution of Ransomware Part 1

This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends...

ESXiArgs Ransomware Hits Over 500 New Targets in European Countries

More than 500 hosts have been newly compromised en masse by the ESXiArgs ransomware strain, most of which are located in France, Germany, the Netherlands, the U.K., and Ukraine. The findings come from attack surface management firm Censys, which discovered "two hosts with strikingly similar ranso...

SUSE CVE-2005-0102

Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow...

SUSE CVE-2005-0806

Evolution 2.0.3 allows remote attackers to cause a denial of service application crash or hang via crafted messages, possibly involving charsets in attachment filenames...

SUSE CVE-2005-2550

Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab...

SUSE CVE-2005-2549

Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 full vCard data, 2 contact data from remote LDAP servers, or 3 task list data from remote servers...

SUSE CVE-2006-0040

GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service CPU and memory consumption via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml...

SUSE CVE-2006-0528

The cairo library libcairo, as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service persistent client crash via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the...

SUSE CVE-2006-2789

Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service persistent crash via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used...

SUSE CVE-2007-1002

Format string vulnerability in the writehtml function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo...

SUSE CVE-2007-1266

Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message...

SUSE CVE-2007-3257

Camel camel-imap-folder.c in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index...