$2.5 Million-a-Year Ransomware-as-a-Service Ring Uncovered

Researchers claim to have found the largest ransomware-as-a-service RaaS ring to date. The operation generates an estimated $2.5 million annually and targets computer users with a new variant of the notorious Cerber ransomware. According to a research report published today by Check Point Softwar...

Fedora 24 : cryptobone (2016-432f067a80)

This is a major update that re-organizes the Crypto Bone daemon to include all message encryption and decryption code. This obsoletes the openpgp binary. In addition, the private cryptlib library has been reduced in size considerably. Note that Tenable Network Security has extracted the preceding...

Mozilla Firefox and Firefox ESR Stack Buffer Overflow Vulnerability

Mozilla Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox. A stack buffer overflow vulnerability exists in the ClearKey Content Decryption Module CDM in the Encrypted Media Extensions EME API of Mozilla Firefox and Firefox, which allows remote attackers ...

USN-3044-1: Firefox vulnerabilities

Gustavo Grieco discovered an out-of-bounds read during XML parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. CVE-2016-0718...

USN-3044-1 firefox vulnerabilities

Gustavo Grieco discovered an out-of-bounds read during XML parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. CVE-2016-0718...

CVE-2016-2837

Heap-based buffer overflow in the ClearKey Content Decryption Module CDM in the Encrypted Media Extensions EME API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media...

DEBIAN-CVE-2016-2837

Heap-based buffer overflow in the ClearKey Content Decryption Module CDM in the Encrypted Media Extensions EME API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media...

CVE-2016-2837

Heap-based buffer overflow in the ClearKey Content Decryption Module CDM in the Encrypted Media Extensions EME API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media...

firefox: multiple issues

CVE-2016-0718 arbitrary code execution Out-of-bounds read during XML parsing in Expat library. - CVE-2016-2830 information disclosure Favicon network connection can persist when page is closed. - CVE-2016-2835 CVE-2016-2836 arbitrary code execution Mozilla developers and community members...

CVE-2016-2379

The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to 1 decrypt hashed passwords by leveraging knowledge of client registration codes or 2 gain login access by eavesdropping on login messages and re-using the hashed passwords...

CVE-2016-6489

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack...

Petya Sabotages Rival Ransomware Chimera, Leaks 3,500 Decryption Keys

There is no honor among thieves, as the saying goes, and that includes ransomware crooks. In an apparent move to sabotage a ransomware competitor, the authors of the Mischa and Petya ransomware-as-a-service leaked 3,500 decryption keys for its competitor Chimera ransomware. The move appears to be...

SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0 SSLv2 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack ...

Public, Private Sector Team to Fight Ransomware

Knowing where to turn for help when victimized by ransomware isn’t always clear. Should you pay the ransom? Are there alternatives to getting your precious data back? Who can you turn to for help? In an effort to answer those questions and help victims retrieve data encrypted by ransomware a uniq...

Technicolor TC7200 Modem / Router STD6.02.11 - Multiple Vulnerabilities

Exploit for hardware platform in category web applications ''' Technicolor TC7200 modem/router multiple vulnerabilities -------------------------------------------------------- Platforms / Firmware confirmed affected: - Technicolor TC7200, STD6.02.11 - Product page:...

Misys FusionCapital Opics Plus contains multiple vulnerabilities

Overview Misys FusionCapital Opics Plus is used by regional and local financial institutions to manage treasuries. FusionCapital Opics Plus contains several vulnerabilities. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' -...

Stampado Ransomware Sells on Dark Web for $39

Dirt cheap ransomware selling for as little as $39 on the dark web has security experts concerned the low price coupled with its potency could trigger a wave of new infections. The ransomware is called Stampado and besides its hallmark low price, the ransomware is also unique because it threatens...

Fedora 22 : botan (2016-fe0d8f126a)

From the upstream release notes : Botan 1.10.13 has been released backporting some side channel protections for ECDSA signatures CVE-2016-2849 and PKCS 1 RSA decryption CVE-2015-7827. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...

Jigsaw Ransomware Decrypted, Again

The four-month-old Jigsaw ransomware has been defeated again. The ransomware, that packs an emotional punch with its creepy graphics and hallmark countdown clock, can be overcome simply by tricking the ransomware code into thinking you’ve already paid. Researchers at Check Point published a fix f...

CVE-2016-0252

IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors...