Dr0p1t Framework 1.3 - A Framework That Creates An Advanced FUD Dropper With Some Tricks

Have you ever heard about trojan droppers ? In short dropper is type of trojans that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks! Features Generated executable properties: The executable size is smaller compar...

[SECURITY] Fedora 26 Update: kdepim4-4.14.10-31.fc26

KDE4 PIM Personal Information Manager applications, including: knode: newsreader ktimetracker: Time and task management...

Important: Red Hat Security Advisory: ansible security update

An update for ansible is now available for Red Hat Storage Console 2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Information Disclosure

ansible is vulnerable to information disclosure. It is possible because .result attribute of an ansible.executor.taskresult.TaskResult is being sent to the callback plugins without obscuring stdout information when using a nolog directive...

FIN7 Hitting Restaurants with Fileless Malware

FIN7, closely associated with the notorious Carbanak group, is behind a targeted phishing campaign singling out restaurants with fileless malware that is difficult to detect. The recent campaign incorporates, “never before seen evasive techniques that allow malware to bypass most security...

Description of the security update for Project Server 2013: June 13, 2017

Description of the security update for Project Server 2013: June 13, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Comm...

[SECURITY] Fedora 25 Update: ansible-2.3.1.0-1.fc25

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 24 Update: ansible-2.3.1.0-1.fc24

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 26 Update: ansible-2.3.1.0-1.fc26

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

kernel security and bug fix update

2.6.32-696.3.1.OL6 - Update genkey bug 25599697 2.6.32-696.3.1 - netdrv be2net: Fix endian issue in logical link config command Ivan Vecera 1442979 1436527 - scsi lpfc: update for r 11.0.0.6 Maurizio Lombardi 1439636 1429881 - scsi lpfc: The lpfc driver does not issue RFFID and RFTID in the corre...

Conexant Systems MicTray64 Information Disclosure Vulnerability

Conexant Systems MicTray64 is an application that Conexant Systems USA installs with the Conexant Audio Driver package and registers as a Microsoft Scheduled Task to run after each user logs on. The program monitors all keystrokes taken by the user to capture and respond to functions such as...

Session fixation

Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data keystrokes to any process. In mictray64.exe mic tray icon 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: deb...

CVE-2017-8360

Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data keystrokes to any process. In mictray64.exe mic tray icon 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: deb...

business-central: Multiple stored XSS in task and process filters

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly...

Product update: Virtuozzo Automator 7.0 Update 2 (VA MN: 7.0.2-266, VA Agent: 7.0.2-115)

The Update 2 for Virtuozzo Automator 7.0 provides new features and stability and usability bug fixes. Vulnerability id: PVA-36694 No 'Renew backup' button on virtual environment's backups tab. Vulnerability id: PVA-36693 Existing bridges were not used when attaching interfaces to virtual networks...

[SECURITY] Fedora 24 Update: ansible-2.3.0.0-3.fc24

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

kernel security and bug fix update

2.6.32-696.1.1.0.1.el6.OL6 - kernel sched/fair: Initialize throttlecount for new task-groups lazily orabug 25071015 - kernel sched/fair: Do not announce throttled next buddy in dequeuetaskfair orabug 25071015 - kernel sched/fair: Reorder cgroup creation code orabug 25071015 - kernel sched/fair:...

[SECURITY] Fedora 25 Update: ansible-2.3.0.0-3.fc25

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

FIN7 Evolution and the Phishing LNK

FIN7 is a financially-motivated threat group that has been associated with malicious operations dating back to late 2015. FIN7 is referred to by many vendors as “Carbanak Group”, although we do not equate all usage of the CARBANAK backdoor with FIN7. FireEye recently observed a FIN7 spear phishin...

FIN7 Evolution and the Phishing LNK

FIN7 is a financially-motivated threat group that has been associated with malicious operations dating back to late 2015. FIN7 is referred to by many vendors as “Carbanak Group”, although we do not equate all usage of the CARBANAK backdoor with FIN7. FireEye recently observed a FIN7 spear phishin...