March 2019 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...

The vulnerability of the library package responsible for performing security transformations using GOST algorithms in the Astra Linux operating system allows a perpetrator to trigger a service failure. This vulnerability is related to a configuration error in the package.

The vulnerability of the library package responsible for performing security transformations based on GOST algorithms in the Astra Linux operating system is related to a configuration error in the package. This error causes the security transformation to be enabled automatically during package...

March 12, 2019—KB4491736 Update for Windows 10 Mobile (OS Build 15254.556)

March 12, 2019—KB4491736 Update for Windows 10 Mobile OS Build 15254.556 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: This build includes all the improvements from KB4489871. If you...

Action Recommended to Secure the Cisco Nexus PowerOn Auto Provisioning Feature

Cisco Nexus devices support an automatic provisioning or zero-touch deployment feature called PowerOn Auto Provisioning POAP. This feature assists in automating the initial deployment and configuration of Nexus switches. POAP is enabled by default and activates on devices that have no startup...

CVE-2019-5786: chrome in the wild exploit 0day vulnerability alerts-a vulnerability alert-the black bar safety net

! 0x00 vulnerability background Beijing 3 month 6 days, 360CERT monitoring to chrome release version update72.0.3626.119-72.0.3626.121, fixes in the wild using CVE-2019-5786。 The vulnerability to harm is more serious, a greater impact. 0x01 vulnerability details CVE-2019-5786 is located on the...

Scalable Fuzzing Infrastructure: ClusterFuzz

ClusterFuzz is a scalable fuzzing infrastructure which finds security and stability issues in software. It is used by Google for fuzzing the Chrome Browser, and serves as the fuzzing backend for OSS-Fuzz . ClusterFuzz provides many features which help seamlessly integrate fuzzing into a software...

February 2019 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...

February 2019 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...

February 2019 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...

Servicing stack update for Windows Server version 1803 and Windows 10 version 1803: February 12, 2019

Servicing stack update for Windows Server version 1803 and Windows 10 version 1803: February 12, 2019 Summary This update makes quality improvements to the servicing stack component that installs Windows updates. Microsoft strongly recommends you install the latest servicing stack update SSU for...

tidy-html5/tidy_fuzzer: Crash in GetSurrogatePair

Detailed report: https://oss-fuzz.com/testcase?key=5741081738608640 Project: tidy-html5 Fuzzer: libFuzzertidy-html5tidyfuzzer Fuzz target binary: tidyfuzzer Job Type: libfuzzerasantidy-html5 Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x604000010000 Crash State: GetSurrogatePair...

Evince CBT File Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in Evince before version 3.24.1 when opening comic book .cbt files. Some file manager software, such as Nautilus and Atril, may allow automatic exploitation without user interaction due to thumbnailer preview functionality. Note th...

February 12, 2019—KB4487695 Update for Windows 10 Mobile (OS Build 15254.552)

February 12, 2019—KB4487695 Update for Windows 10 Mobile OS Build 15254.552 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: This build includes all the improvements from KB4487020. If you...

Threat Roundup for Jan. 18 to Jan. 25

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 18 and Jan. 25. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

openthread/cli-uart-received-fuzzer: Crash in ot::Mac::LinkRaw::IsEnabled

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5764065970880512 Project: openthread Fuzzer: aflopenthreadcli-uart-received-fuzzer Fuzz target binary: cli-uart-received-fuzzer Job Type: aflasanopenthread Platform Id: linux Crash Type: UNKNO...

Razy in search of cryptocurrency

Last year, we discovered malware that installs a malicious browser extension on its victim's computer or infects an already installed extension. To do so, it disables the integrity check for installed extensions and automatic updates for the targeted browser. Kaspersky Lab products detect the...

Information Disclosure

libreoffice is vulnerable to information disclosure. It was discovered that LibreOffice did not properly restrict automatic link updates. By tricking a victim into opening specially crafted documents, an attacker could possibly use this flaw to disclose contents of files accessible by the victim...

CVE-2018-1969

IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750...

January 2019 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...

January 2019 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide...