EUVD-2016-3590

Malware in sbrugna...

SUSE CVE-2014-8641

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data...

IHG Confirms Second Credit Card Breach Impacting 1,000-Plus Hotels

In what’s becoming a familiar refrain to guests, InterContinental Hotels Group, said late last week that payment card systems at more than 1,000 of its hotels had been breached. It’s the second breach that IHG, a multinational hotel conglomerate that counts Holiday Inn and Crowne Plaza among its...

CVE-2016-2508

media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate certain track data, which allows remote attackers to execute arbitrary code or cause a denial of service memory...

POS Malware Nitlove Seen Dropped in Spam Campaign

Toss another strain of point-of-sale POS malware onto the growing heap discovered this year. The latest variant, a variant dubbed NitlovePOS, was spotted being dropped on victims who were compromised by a spam operation. Researchers with the firm FireEye were in the middle of tracking a campaign ...

CVE-2014-8641

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data...

Design/Logic Flaw

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data...

CVE-2014-8641

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data...

CVE-2014-8641

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data...

UBUNTU-CVE-2014-8641

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data...

Mozilla: Read-after-free in WebRTC (MFSA 2015-06)

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data...

New Backoff Variant ROM Tougher to Detect, Analyze

A new and more fine-tuned version of the Backoff point of sale malware known as ROM has been spotted in the wild, according to researchers. While the latest iteration is similar to the preceding version, ROM has tweaks that help the malware better evade detection and hinder the analysis process,...

Target Corp. Suffers Black Friday Data Breach

UPDATE – TJX and Heartland Payment Systems may soon have company atop the list of the worst retail data breaches in U.S. history after reports surfaced that Target Corp. was breached around Black Friday and millions of credit and debit cards were stolen. Target confirmed the breach this morning a...

ATM Makers Release Fixes for 'Jackpotting' Flaw

Two ATM manufacturers have released software updates to address the remotely exploitable vulnerabilities in their machines’ firmware that IOActive researcher Barnaby Jack demonstrated line on stage at the Black Hat conference last month. In response to the demonstration, in which Jack was able to...

NullSoft Winamp 2.81/2.91/3.0/3.1 - MIDI Plugin 'IN_MIDI.dll' Track Data Size Buffer Overflow (PoC)

source: https://www.securityfocus.com/bid/8567/info Winamp MIDI plugin, INMIDI.DLL has been reported prone to a buffer overflow issue when handling malicious MIDI files. The issue presents itself when a malicious value is passed as the Track Data Size of a malicious MIDI file header. Although...