evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages

GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment...

evolution-ews: all certificate errors ignored if error is ignored during initial account setup in gnome-online-accounts

It was discovered evolution-ews does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference...

Moderate: Red Hat Security Advisory: evolution security and bug fix update

An update for evolution, evolution-data-server, evolution-ews, and atk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Defender Behavior in 2019

Security is a team sport, or at least it should be. Given the constant behavior evolution we see from attackers and the vast IT footprint attackers can target, IT and security teams clearly face an uphill battle. Whereas attackers only have to be right once to succeed, defenders must be right 100...

What’s Coming in 2020: An RSA Recap

VMWare Carbon Black recently published our Outlook 2020 Threat Report largely fueled by the work of our amazing Threat Analysis Unit. Greg Foss @Heinzarelli and Andrew Costis @0x4143 did some in-depth research on Malware samples seen in 2019. As part of RSA, Greg and I had the chance to present o...

2019: Looking Back at Ransomware

In security, 2016 was “The Year of Ransomware.” Since then, ransomware has only gotten more pervasive, costing billions in damages. In that vein, 2019 could have been referred to as “The Year of Ransoming Governments.” More than 70 state and local governments across the U.S. suffered ransomware...

PT-2020-12913 · Gnome +2 · Gnome Evolution +2

Name of the Vulnerable Software and Affected Versions: GNOME Evolution versions prior to 3.35.91 Description: An issue was discovered where a website or other source of mailto links can make Evolution attach local files or directories to a composed email message without showing a warning to the...

openSUSE Security Update : webkit2gtk3 (openSUSE-2020-278)

This update for webkit2gtk3 to version 2.26.4 fixes the following issues : Security issues fixed : - CVE-2019-8835: Fixed multiple memory corruption issues bsc1161719. - CVE-2019-8844: Fixed multiple memory corruption issues bsc1161719. - CVE-2019-8846: Fixed a use-after-free issue bsc1161719. -...

UBUNTU-CVE-2020-9431

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations...

New LTE Network Flaw Could Let Attackers Impersonate 4G Mobile Users

A group of academics from Ruhr University Bochum and New York University Abu Dhabi have uncovered security flaws in 4G LTE and 5G networks that could potentially allow hackers to impersonate users on the network and even sign up for paid subscriptions on their behalf. The impersonation attack —...

SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:0468-1)

This update for webkit2gtk3 to version 2.26.4 fixes the following issues : Security issues fixed : CVE-2019-8835: Fixed multiple memory corruption issues bsc1161719. CVE-2019-8844: Fixed multiple memory corruption issues bsc1161719. CVE-2019-8846: Fixed a use-after-free issue bsc1161719...

A week in security (February 17 – 23)

Last week on Malwarebytes Labs, we highlighted the benefits and concerns of identity-as-a-service IDaaS, an identity management scheme deployed from the cloud; reported on scammers and squatters taking advantage of Rudy Giuliani’s Twitter typos; and gave a high-level overview of RobbinHood, the...

CVE-2013-4166

The gpgctxaddrecipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers...

DEBIAN-CVE-2013-4166

The gpgctxaddrecipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers...

CVE-2013-4166

The gpgctxaddrecipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers...

CVE-2013-4166

The CVE-2013-4166 issue affects GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier, where the function gpg_ctx_add_recipient in camel/camel-gpg-context.c does not correctly select the GPG key for email encryption. This could cause emails to be encrypted with the wrong k...

CVE-2013-4166

The gpgctxaddrecipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers...

CVE-2013-4166

The gpgctxaddrecipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers...

FTCODE Ransomware Now Steals Chrome, Firefox Credentials

FTCODE, a PowerShell-based ransomware that targets Italian-language users, has added new capabilities, including the ability to swipe saved web browser and email client credentials from victims. Samples of the ransomware, which has been around since 2013, were recently observed in September 2019...

openSUSE: Security Advisory for evolution (openSUSE-SU-2019:1431-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...