9293 matches found
Scammers use old browser trick to create fake virus download
Tech support scammers are reusing an old technique in their existing browser locker browlock schemes to force a special kind of file download. Contrary to past attacks, where the purpose was to flood the machine with a large amount of file requests in order to crash the browser, this one is purel...
WinSpy - A Windows Reverse Shell Backdoor Creator With An Automatic IP Poisener
WinSpy: Windows Reverse Shell Backdoor Creator With ip poisener. Dependencies 1 - metasploit-framework 2 - xterm 3 - apache2 4 - whiptail Installation sudo apt-get install git git clone https://github.com/TunisianEagles/winspy.git cd winspy chmod +x setup.sh ./setup.sh chmod +x winspy.sh...
[SECURITY] Fedora 27 Update: clamav-0.100.2-2.fc27
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...
October 2018 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. MSRC team...
October 2018 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. MSRC team...
October 2018 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. MSRC team...
Description of the security update for Outlook 2016: October 9, 2018
Description of the security update for Outlook 2016: October 9, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Security Advisory...
[SECURITY] Fedora 28 Update: clamav-0.100.2-2.fc28
Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...
ghostscript - executeonly Bypass with errorhandler Setup
ghostscript - executeonly Bypass with errorhandler Setup While documenting bug 1675, I noticed another problem with errordict in ghostscript. Full working exploit that works in the last few versions is attached, viewing it in evince, imagemagick, gimp, okular, etc should add a line to /.bashrc...
Google’s Forced Sign-in to Chrome Raises Privacy Red Flags
An update to Google Chrome’s sign-in mechanism could clear a path to compromising the privacy of users’ browser data, according to a researcher who stumbled across the change. Matthew Green, a cryptographer and professor at Johns Hopkins University, noticed his Gmail profile pic strangely and...
unicorn/fuzz_emu_arm64_arm: Crash in reset_temp_aarch64
Project: https://github.com/unicorn-engine/unicorn.git Detailed report: https://oss-fuzz.com/testcase?key=5758411325571072 Project: unicorn Fuzzer: aflunicornfuzzemuarm64arm Fuzz target binary: fuzzemuarm64arm Job Type: aflasanunicorn Platform Id: linux Crash Type: UNKNOWN READ Crash Address:...
unicorn/fuzz_emu_arm_thumb: Index-out-of-bounds in store_reg_arm
Project: https://github.com/unicorn-engine/unicorn.git Detailed report: https://oss-fuzz.com/testcase?key=5655596519391232 Project: unicorn Fuzzer: libFuzzerunicornfuzzemuarmthumb Fuzz target binary: fuzzemuarmthumb Job Type: libfuzzerubsanunicorn Platform Id: linux Crash Type: Index-out-of-bound...
September 2018 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. MSRC team...
September 2018 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. MSRC team...
September 2018 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. MSRC team...
Threat Roundup for August 31 to September 7
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Aug. 31 and Sept. 7. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed b...
Path Traversal Vulnerability in JP1/Automatic Operation
Overview A Path Traversal Vulnerability was found in JP1/Automatic Operation. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
CVE-2018-15668
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment" prefix designate attachment parameters. If the...
mutt: Remote Code Execution via backquote characters
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription...
August 2018 Security Update Release
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team...