Alert: HotPage Adware Disguised as Ad Blocker Installs Malicious Kernel Driver

Cybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthily offloading a kernel driver component that grants attackers the ability to run arbitrary code with elevated permissions on Windows hosts. The malware, dubbed HotPage,...

Default configuration

A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing 1.3.6.1.5.5.7.3.3, valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of...

Mozilla Firefox Security Advisory (MFSA2013-113) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Cuvva: Subdomain take over oh-no.cuvva.co and ohno.cuvva.co

Cuvva has an old EV certificate which lists a very large number of subject alternative names SANs, as listed below. These were included because we anticipated potentially wanting to use these hostnames in the future and it was free to add them. Very few of the hostnames actually exist, and those...

openSUSE Security Update : seamonkey (openSUSE-SU-2014:0008-1)

This update fixes the following security issues with SeaMonkey : - update to SeaMonkey 2.23 bnc854370 - requires NSPR 4.10.2 and NSS 3.15.3.1 - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-105/CVE-2013-5611 bmo771294 Application Installation doorhanger...

Firefox ESR 24.x < 24.2 Multiple Vulnerabilities

The installed version of Firefox ESR 24.x is earlier than 24.2, and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2013-5609, CVE-2013-5610 - Two...

Firefox 26 Makes Java Plugins Click-to-Play, Fixes 14 Security Flaws

Mozilla has released a major new version of Firefox, which includes fixes for more than a dozen security vulnerabilities as well as an important change that makes all Java plugins click-to-play be default. This feature prevents those plugins from running automatically on Web pages, which helps...

About the security content of Mac OS X v10.6.8 and Security Update 2011-004

About the security content of Mac OS X v10.6.8 and Security Update 2011-004 Last Modified: June 23, 2011 Article: HT4723 Email this article Print this page Summary This document describes of Mac OS X v10.6.8 and Security Update 2011-004, which can be downloaded and installed via Software Update...

CVE-2009-1682

Apple Safari before 4.0 does not properly check for revoked Extended Validation EV certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate...

Apple Safari finally gets a malware blocker

After years of lagging behind on important security features, Apple has finally added a malware-blocker, a phishing filter and support for EV extended validation certificates into the latest refresh of its Safari Web browser. The malware roadblock headlines a list of Safari 4 security features th...