DEBIAN-CVE-2019-25031

Unbound before 1.9.5 allows configuration injection in createunboundadservers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. createunboundadservers.sh is a contributed script from the...

120 Compromised Ad Servers Target Millions of Internet Users

An ongoing malvertising campaign tracked as "Tag Barnakle" has been behind the breach of more than 120 ad servers over the past year to sneakily inject code in an attempt to serve malicious advertisements that redirect users to rogue websites, thus exposing victims to scamware or malware. Unlike...

Revive Adserver: Open redirect in ck.php and lg.php

An opportunity for open redirects has been available by design since the early versions of Revive Adserver's predecessors in the impression and click tracking scripts to allow third party ad servers to track such metrics when delivering ads. Historically the display advertising industry has...

Malvertising: Online advertising's darker side

By Nick Biasini, Chris Neal and Matt Valites. Executive summary One of the trickiest challenges enterprises face is managing the balance between aggressively blocking malicious advertisements aka malvertising and allowing content to remain online, accessible for the average user. The days of...

GreenFlash Sundown exploit kit expands via large malvertising campaign

Exploit kit activity has been relatively quiet for some time, with the occasional malvertising campaign reminding us that drive-by downloads are still a threat. However, during the past few days we noticed a spike in our telemetry for what appeared to be a new exploit kit. Upon closer inspection ...

Volkswagen Giveaway Scam Peddles Ad Networks

A fake Volkswagen campaign is making its way across social media platforms, luring in victims with promises of a free Volkswagen car giveaway – but instead redirecting them to third-party ad servers. Victims are first sent messages via WhatsApp or Facebook, purporting to be from Volkswagen and...

Still Getting Served: A Look at Recent Malvertising Campaigns Involving Exploit Kits

Malvertising occurs when an online advertising network knowingly or unknowingly serves up malicious advertisements on a website. Malvertisements are a type of “drive-by” threat that tend to result in users being infected with malware for simply visiting a website. The victims of this threat are...

CVE-2015-4228

CVE-2015-4228 affects Cisco Digital Content Manager (DCM) 15.0.0. The issue arises from the DCM’s handling of malformed ad messages from the ad server, which can be exploited by a remote attacker to cause a denial of service via a system reboot (DoS). Root cause: processing malformed ad content l...

Exploit Released for Internet Explorer zero-day attacks : CVE-2012-4969

Microsoft has confirmed reports that a zero-day vulnerability in its Internet Explorer browser is being actively attacked in the wild. Four active exploits of a zero-day vulnerability in the browser exists. Microsoft will push out an out-of-cycle Windows patch to temporarily fix the critical...

Fedora 12 : krb5-1.7.1-2.fc12 (2010-1722)

This update adds the upstream patch to avoid a potential denial of service in the KDC in versions 1.7 and later CVE-2010-0283. It obsoletes a previous pending update to version 1.7.1, which incorporates a fix to avoid accidentally tripping account lockout logic on AD servers when the user types i...