Dridex and Locky Return Via PDF Attachments in Latest Campaigns

Dridex and Locky, two prolific malware families that made waves in 2016 after being distributed in several high-volume spam campaigns, have returned after a brief hiatus. FireEye observed a decline in the volume of Dridex and Locky in the latter half of 2016, but we recently observed two new larg...

Dridex and Locky Return Via PDF Attachments in Latest Campaigns

Dridex and Locky, two prolific malware families that made waves in 2016 after being distributed in several high-volume spam campaigns, have returned after a brief hiatus. FireEye observed a decline in the volume of Dridex and Locky in the latter half of 2016, but we recently observed two new larg...

CVE-2017-5481

Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation...

CVE-2017-5481

Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation...

CVE-2017-7229

PGP/MIME encrypted messages injected into a Vaultive O365 before 4.5.21 frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this results in the encrypted...

CVE-2017-5481

Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation...

CVE-2017-7229

CVE-2017-7229 affects the Vaultive O365 appliance (pre-4.5.21). The vulnerability arises when PGP/MIME encrypted messages passing through IMAP/SMTP have their Content-Type header changed from multipart/encrypted to text/plain, causing most PGP/MIME-capable clients to fail decryption. This results...

Mozilla Firefox ClearKeyDecryptor Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

WikiLeaks Reveals CIA Tool 'Scribbles' For Document Tracking

Update WikiLeaks released details on what it said is a Central Intelligence Agency document tracking program called Scribbles, part of the agency’s effort to keep tabs on documents leaked to whistleblowers and journalists. Scribbles allegedly embeds a web beacon-style tag into watermarks located ...

Jenkins User Login Information Disclosure Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Jenkin...

Jenkins Multiple Vulnerabilities (Apr 2017) - Windows

Multiple cross-site request forgery CSRF vulnerabilities in Jenkins allow malicious users to perform several administrative actions by tricking a victim into opening a web page. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

Information disclosure

An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted,...

CVE-2017-2334

An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted,...

CVE-2017-2334

An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted,...

Weak SSL DES Cipher Suites

DES is a widely supported stream cipher often preferred by TLS servers and other servers using encrypted sessions. Recent cryptanalysis results one of which is the SWEET32 exploit biases in the DES keystroke to recover repeatedly encrypted plain-texts. As a result DES can no longer be seen as...

CVE-2017-5448

An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin GMP sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data with...

CVE-2017-5653

JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers...

ProtonMail - Encrypted Email - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application ProtonMail - Encrypted Email published at the 'play' market has multiple vulnerabilities...

Suing to See the Feds’ Encrypted Messages? Good Luck

Conservative watchdog Judicial Watch is suing the EPA for staffers' Signal messages. It may hit the encrypted limits of federal transparency. The post Suing to See the Feds' Encrypted Messages? Good Luck appeared first on WIRED...

libreoffice security and bug fix update

1:5.0.6.2-5.0.1.1 - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile - Build with --with-vendor='Oracle America, Inc.' 1:5.0.6.2-5.1 - Resolves: rhbz1435534 CVE-2017-3157 Arbitrary file disclosure in Calc and Writer 1:5.0.6.2-5 - Resolves:...