[SECURITY] Fedora 30 Update: cronie-1.5.4-1.fc30

Cronie contains the standard UNIX daemon crond that runs specified programs at scheduled times and related tools. It is a fork of the original vixie-cron and has security and configuration enhancements like the ability to use pam and SELinux...

Awakening the beast: BatMobi adware

On February 12, a patron of the Malwarebytes Forum alerted us of an issue with ad redirects that seemed to come out of nowhere. An outcry from other commenters filled the forum thread, all experiencing the same redirects to the same exact websites. Our web protection team traced the offending...

CVE-2019-3827

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running unde...

FreeBSD : mozilla -- multiple vulnerabilities (05da6b56-3e66-4306-9ea3-89fafe939726)

Mozilla Foundation reports : CVE-2019-9790: Use-after-free when removing in-use DOM elements CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey CVE-2019-9792: IonMonkey leaks JSOPTIMIZEDOUT magic value to script CVE-2019-9793: Improper...

Linux: SGID files

When the SGID set group ID bit is set on an executable, it executes with the GID of the owner. This may be intended for some executables. Add files with SGID bit which should be allowed to have this bit set in the preference. This script checks if any other local files than the given have the SGI...

Linux: SUID files

When the SUID set user ID bit is set on an executable, it executes with the UID of the owner. This may be intended for some executables. Add files with SUID bit which should be allowed to have this bit set in the preference. This script checks if any other local files than the given have the SUID...

Join Microsoft Security Response at the Product Security Operations forum at LocoMocoSec!

The MSRC is more than managing vulnerability reports, publishing Microsoft security updates, and defending the cloud. The MSRC is passionate about helping everyone improve internal engineering practices and supporting the defender community, and are excited to partner with Blackberry to host a...

[SECURITY] Fedora 29 Update: postgresql-jdbc-42.2.5-2.fc29

PostgreSQL is an advanced Object-Relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database...

[SECURITY] Fedora 28 Update: postgresql-jdbc-42.2.5-2.fc28

PostgreSQL is an advanced Object-Relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database...

WinRAR aeration elder has a major vulnerability that hackers can be malicious programs implanted in the boot process-vulnerability warning-the black bar safety net

Foreign security agencies to Check Point disclosed that of the famous compression software WinRAR the presence of a elder level of security vulnerability once used by hackers, hackers could a malicious app implant user's computer by a boot program, the vulnerability in 2005 already exists. WinRAR...

CDF - Crypto Differential Fuzzing

CDF is a tool to automatically test the correctness and security of cryptographic software. CDF can detect implementation errors, compliance failures, side-channel leaks, and so on. CDF implements a combination of unit tests with "differential fuzzing", an approach that compares the behavior of...

MS05-001: Vulnerability in HTML Help could allow code execution

MS05-001: Vulnerability in HTML Help could allow code execution Microsoft has released security bulletin MS05-001. The security bulletin contains all the relevant information about the security update. This includes file manifest information and deployment options. To view the complete security...

CVE-2018-19015

An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor Versions 3.42 and prior through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application...

A user’s right to choose: Why Malwarebytes detects Potentially Unwanted Programs (PUPs)

Potentially Unwanted Programs PUPs: the name says it all. While the programs themselves might have legitimate uses, their vendors often use inappropriate methods to drive downloads or hide within a program bundle. At Malwarebytes, we feel we have an obligation to help protect our customers from...

Announcing the Microsoft Azure DevOps Bounty program

The Microsoft Security Response Center MSRC is pleased to announce the launch of the Azure DevOps Bounty program, a program dedicated to providing rock-solid security for our DevOps customers. Starting January 17, 2019, we’re excited to offer rewards up to US$20,000 for eligible vulnerabilities i...

Arbitrary Code Execution

spice-gtk is vulnerable to arbitrary code execution attacks. The vulnerability exists as libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment...

CVE-2018-16084

The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page...

Design/Logic Flaw

The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page...

Linux: Check options for /dev/shm directory

/dev/shm implements traditional shared memory concept. It is an efficient means of passing data between programs. This script tests options set on /dev/shm filesystem. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

RISE in the Community

Hope House of Colorado is metro-Denvers only resource for providing free self-sufficiency programs to teen moms, including residential, General Educational Development GED, and college and career programs. Additional supportive services include parenting and healthy relationship classes, life...