Neutralization reaction

Incident Response Guide PDF Despite there being no revolutionary changes to the cyberthreat landscape in the last few years, the growing informatization of business processes provides cybercriminals with numerous opportunities for attacks. They are focusing on targeted attacks and learning to use...

openSUSE Security Update : MozillaThunderbird (openSUSE-2017-955)

This update for MozillaThunderbird to version 52.3 fixes security issues and bugs. The following vulnerabilities were fixed : - CVE-2017-7798: XUL injection in the style editor in devtools - CVE-2017-7800: Use-after-free in WebSockets during disconnection - CVE-2017-7801: Use-after-free with...

Security update for MozillaThunderbird (important)

This update for MozillaThunderbird to version 52.3 fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2017-7798: XUL injection in the style editor in devtools - CVE-2017-7800: Use-after-free in WebSockets during disconnection - CVE-2017-7801: Use-after-free with marqu...

Foxit PDF reader there 2 at high-risk vulnerabilities, the vendor has refused to fix? - Vulnerability warning-the black bar safety net

Use Foxit Foxit PDF reader's user to pay special attention to the security researchers which discovered two serious 0day vulnerability, such as not the reader is configured in the secure read mode open file, it would let the attacker on the target computer to execute arbitrary code. Foxit company...

Locky Ransomware Variant Slips Past Some Defenses

A variant of the notorious Locky ransomware is part of a large scale email-based campaign managing to slip past the defenses of some unsuspecting companies. Beginning on Aug. 9, and lasting three days, ransomware called IKARUSdilapidated landed in tens of thousands of inboxes with email that...

Spam Domains Imitating Popular Banks Spreading Trickbot Banking Trojan

Santander Bank customers should be aware of an effective spam campaign spreading the Trickbot banking Trojan that is coming from domains similar to those used by the financial institution. Researchers at My Online Security and the SANS Institute’s Internet Storm Center say that Santander is not t...

Warning: Two Dangerous Ransomware Are Back – Protect Your Computers

Ransomware has been around for a few years but has become an albatross around everyone's neck—from big businesses and financial institutions to hospitals and individuals worldwide—with cyber criminals making millions of dollars. In just past few months, we saw a scary strain of ransomware attacks...

Adobe Acrobat/Reader Security Bypass Vulnerability (CNVD-2017-28430)

Adobe Acrobat and Reader are the United States of America Audobee Adobe company's products. The former is a set of PDF file editing and conversion tools, the latter is a set of PDF document reading software. There is a security bypass vulnerability in Adobe Acrobat and Reader. An attacker could...

CVE-2017-3118

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious attachments...

CVE-2017-3118

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious attachments...

Security feature bypass

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious attachments...

CVE-2017-3118

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious attachments...

Serverless, Real-time Malware Detection: BinaryAlert

BinaryAlert is an open-source serverless AWS pipeline where any file uploaded to an S3 bucket is immediately scanned with a configurable set of YARA rules. An alert will fire as soon as any match is found, giving an incident response team the ability to quickly contain the threat before it spread...

CVE-2017-10244

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite subcomponent: Attachments. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP ...

CVE-2017-10244

CVE-2017-10244 affects Oracle E-Business Suite Application Object Library (Attachments). The flaw allows an unauthenticated, network-based attacker to read documents stored in AOL via HTTP, as described in the CVE entry and corroborated by Oracle CPUJuly2017 and ThreatPost coverage. Affected vers...

CVE-2017-10244

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite subcomponent: Attachments. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP ...

Design/Logic Flaw

The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files $gviewprojdocthreshold is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the fileid parameter to...

CVE-2015-5059

The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files $gviewprojdocthreshold is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the fileid parameter to...

CVE-2015-5059

The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files $gviewprojdocthreshold is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the fileid parameter to...

CVE-2015-5059

The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files $gviewprojdocthreshold is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the fileid parameter to...