Lucene search

K

Bala Krishna, Sergey Yakovlev Security Vulnerabilities

altlinux
altlinux

Security fix for the ALT Linux 9 package clamav version 0.99.4-alt1

March 4, 2018 Sergey Y. Afonin 0.99.4-alt1 - 0.99.4 (CVE-2012-6706, CVE-2017-6419, CVE-2017-11423, CVE-2018-0202, and...

9.8CVSS

6.9AI Score

0.024EPSS

2018-03-04 12:00 AM
10
altlinux
altlinux

Security fix for the ALT Linux 10 package clamav version 0.99.4-alt1

March 4, 2018 Sergey Y. Afonin 0.99.4-alt1 - 0.99.4 (CVE-2012-6706, CVE-2017-6419, CVE-2017-11423, CVE-2018-0202, and...

9.8CVSS

6.9AI Score

0.024EPSS

2018-03-04 12:00 AM
10
altlinux
altlinux

Security fix for the ALT Linux 8 package clamav version 0.99.4-alt1

March 4, 2018 Sergey Y. Afonin 0.99.4-alt1 - 0.99.4 (CVE-2012-6706, CVE-2017-6419, CVE-2017-11423, CVE-2018-0202, and...

9.8CVSS

6.9AI Score

0.024EPSS

2018-03-04 12:00 AM
13
ics
ics

Siemens SIMATIC WinCC Add-On (Update A)

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC WinCC Add-On Vulnerabilities: Stack-based Buffer Overflow, Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Security Features, Improper...

9.9CVSS

10.3AI Score

0.155EPSS

2018-02-27 12:00 PM
35
ics
ics

Nortek Linear eMerge E3 Series

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Nortek Equipment: Linear eMerge E3 Series Vulnerability: Command Injection AFFECTED PRODUCTS The following Linear eMerge, an access control interface, versions are affected: Linear eMerge E3 series Versions V0.32-07e...

9.8CVSS

10AI Score

0.003EPSS

2018-02-19 12:00 PM
46
trendmicroblog
trendmicroblog

This Week in Security News: Senate Hearings and Equifax Breaches

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, leaders of six security agencies testified before the Senate Intelligence Committee, the Equifax hack grew in severity, and hackers used the.....

7AI Score

2018-02-16 02:00 PM
60
krebs
krebs

U.S. Arrests 13, Charges 36 in ‘Infraud’ Cybercrime Forum Bust

The U.S. Justice Department announced charges on Wednesday against three dozen individuals thought to be key members of 'Infraud," a long-running cybercrime forum that federal prosecutors say cost consumers more than a half billion dollars. In conjunction with the forum takedown, 13 alleged...

7.1AI Score

2018-02-08 06:04 PM
17
krebs
krebs

Alleged Spam Kingpin ‘Severa’ Extradited to US

Peter Yuryevich Levashov, a 37-year-old Russian computer programmer thought to be one of the world's most notorious spam kingpins, has been extradited to the United States to face federal hacking and spamming charges. Levashov, in an undated photo. Levashov, who allegedly went by the hacker names.....

6.8AI Score

2018-02-05 06:28 PM
11
altlinux
altlinux

Security fix for the ALT Linux 8 package clamav version 0.99.3-alt1

0.99.3-alt1 built Jan. 30, 2018 Sergey Y. Afonin in task #198652 Jan. 28, 2018 Sergey Y. Afonin - 0.99.3 (multiple CVE's, look to README) - removed cve-2017-6418.patch and cve-2017-6420.patch (in upstream...

5.5CVSS

5.9AI Score

0.008EPSS

2018-01-30 12:00 AM
5
altlinux
altlinux

Security fix for the ALT Linux 9 package clamav version 0.99.3-alt1

Jan. 28, 2018 Sergey Y. Afonin 0.99.3-alt1 - 0.99.3 (multiple CVE's, look to README) - removed cve-2017-6418.patch and cve-2017-6420.patch (in upstream...

5.5CVSS

6AI Score

0.008EPSS

2018-01-28 12:00 AM
7
altlinux
altlinux

Security fix for the ALT Linux 10 package clamav version 0.99.3-alt1

Jan. 28, 2018 Sergey Y. Afonin 0.99.3-alt1 - 0.99.3 (multiple CVE's, look to README) - removed cve-2017-6418.patch and cve-2017-6420.patch (in upstream...

5.5CVSS

6.3AI Score

0.008EPSS

2018-01-28 12:00 AM
4
securelist
securelist

Denis and Co.

In April 2017, we published a detailed review of a malicious program that used DNS tunneling to communicate to its C&C. That study prompted us to develop a technology to detect similar threats, which allowed us to collect a multitude of malware samples using DNS tunneling. In this article, we will....

7.2AI Score

2018-01-25 11:00 AM
37
ics
ics

WECON Technology Co., Ltd. LeviStudio HMI Editor

CVSS v3 5.3 ATTENTION: Locally exploitable/low skill level to exploit. Vendor: WECON Technology Co., Ltd. (WECON) Equipment: LeviStudio HMI Editor Vulnerabilities: Buffer Overflows AFFECTED PRODUCTS The following versions of LEVI Studio HMI Editor, an HMI programming software product, are...

7.8CVSS

8.6AI Score

0.019EPSS

2018-01-18 12:00 PM
15
zdi
zdi

Wecon LeviStudioU General WriteAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...

7.8CVSS

3.4AI Score

0.019EPSS

2018-01-18 12:00 AM
471
ics
ics

Siemens SIMATIC WinCC Add-On (Update A)

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC WinCC Add-On Vulnerabilities: Stack-based Buffer Overflow, Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Security Features, Improper...

9.8CVSS

1AI Score

0.155EPSS

2018-01-18 12:00 AM
15
securelist
securelist

Happy IR in the New Year!

At the end of last year Mr. Jake Williams from aka @MalwareJake asked a very important question about Lack of visibility during detecting APT intrusions in twitter. Results show us that endpoint analysis is the most important part of any research connected with APTs. Also, for sure endpoint...

7.1AI Score

2017-12-28 11:56 AM
41
chrome
chrome

Stable Channel Update for Desktop

The stable channel has been updated to 63.0.3239.108 for Windows, Mac and Linux which will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain...

6.1CVSS

7.4AI Score

0.003EPSS

2017-12-14 12:00 AM
13
chrome
chrome

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 63 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 63.0.3239.84 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming.....

8.8CVSS

8AI Score

0.028EPSS

2017-12-06 12:00 AM
23
ics
ics

Siemens industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation

CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation Vulnerability: Improper Restriction of XML External Entity Reference AFFECTED PRODUCTS Siemens...

8.2CVSS

8.2AI Score

0.006EPSS

2017-12-04 12:00 PM
18
threatpost
threatpost

Siemens Update Patches SIMATIC PCS 7 Bug in Some Versions

Siemens has made an update available for some of its SIMATIC PCS 7 distributed control systems that are impacted by a remotely exploitable input validation vulnerability. Siemens said version 8.2 and V8.1 prior to 8.1 SP1 with WinCC v7.3 Update 13 are affected. “Successful exploitation of this...

2.8AI Score

0.167EPSS

2017-11-03 11:00 AM
20
threatpost
threatpost

Silence Gang Borrows From Carbanak To Steal From Banks

A cybercrime outfit stealing from as many as 10 banks in Russia, Armenia and Malaysia has borrowed heavily from one of the kingpins in this realm, Carbanak, which is alleged to have stolen possibly as much as $1 billion worldwide from financial organizations. The new group has been called Silence.....

0.9AI Score

2017-11-01 12:24 PM
5
securelist
securelist

Tales from the blockchain

Cryptocurrency has gradually evolved from an element of a new world, utopian economy to a business that has affected even those sectors of society least involved in information technology. At the same time, it has acquired a fair number of "undesirable" supporters who aim to enrich themselves at...

7AI Score

2017-10-31 09:00 AM
46
attackerkb
attackerkb

Ayukov NFTP FTP Client Stack Buffer Overflow Analysis

Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code. Recent assessments: wchen-r7 at September 12, 2019 6:08pm UTC reported: Details Ayukov is an FTP client that was written by Sergey Ayukov back in 1994. Development stopped in 2011,...

9.8CVSS

0.8AI Score

0.589EPSS

2017-10-24 12:00 AM
12
ics
ics

Siemens Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation

CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation Vulnerability: Improper Restriction of XML External Entity Reference UPDATE INFORMATION This updated....

8.2CVSS

0.8AI Score

0.006EPSS

2017-10-03 12:00 AM
28
ics
ics

Siemens industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation (Update B)

CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation Vulnerability: Improper Restriction of XML External Entity Reference UPDATE INFORMATION This updated....

8.2CVSS

0.6AI Score

0.006EPSS

2017-10-03 12:00 AM
18
chrome
chrome

Stable Channel Update for Desktop

The stable channel has been updated to 61.0.3163.100 for Windows, Mac and Linux which will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain...

8.8CVSS

8.3AI Score

0.046EPSS

2017-09-21 12:00 AM
11
chrome
chrome

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 61 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 61.0.3163.79 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for...

8.8CVSS

7.8AI Score

0.275EPSS

2017-09-05 12:00 AM
12
threatpost
threatpost

Siemens Fixes Session Hijacking Bug in LOGO!, Warns of Man-in-the-Middle Attacks

Administrators who have Siemens’ LOGO! logic module deployed in automation setups are being urged to update its firmware. The German industrial manufacturing giant pushed out an update for its LOGO! 8 BM devices Wednesday morning to fix a vulnerability (CVE-2017-12734) that could let an attacker...

2.3AI Score

0.001EPSS

2017-08-30 01:11 PM
12
threatpost
threatpost

Revamped Nukebot Malware Changes Targets, Adds Functions

A revamped version of the Nukebot banking trojan dubbed Jimmy Nukebot has shifted focus from stealing bankcard data and now acts as a conduit for quietly downloading malicious payloads for web-injects, cryptocurrency mining, and taking screenshots of targeted systems. The code is a modification of....

-0.1AI Score

2017-08-29 02:54 PM
10
securelist
securelist

Jimmy Nukebot: from Neutrino with love

_ "You FOOL! This isn't even my final form!"_ In one of our previous articles, we analyzed the NeutrinoPOS banker as an example of a constantly evolving malware family. A week after publication, this Neutrino modification delivered up a new malicious program classified by Kaspersky Lab as...

7.3AI Score

2017-08-29 09:00 AM
36
apple
apple

About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, see....

9.8CVSS

0.7AI Score

0.582EPSS

2017-08-29 02:52 AM
41
securelist
securelist

IT threat evolution Q2 2017

Targeted attacks and malware campaigns Back to the future: looking for a link between old and new APTs This year's Security Analyst Summit (SAS) included interesting research findings on several targeted attack campaigns. For example, researchers from Kaspersky Lab and King's College London...

7.2AI Score

0.511EPSS

2017-08-15 09:00 AM
124
thn
thn

Ukrainian Man Arrested For Distributing NotPetya Ransomware And Helping Tax Evaders

Ukrainian authorities have arrested a 51-year-old man accused of distributing the infamous Petya ransomware (Petya.A, also known as NotPetya) — the same computer virus that massively hit numerous businesses, organisations and banks in Ukraine as well as different parts of Europe around 45 days...

6.9AI Score

2017-08-10 09:29 AM
7
altlinux
altlinux

Security fix for the ALT Linux 9 package libssh version 0.7.5-alt1

Aug. 8, 2017 Sergey V Turchin 0.7.5-alt1 - new version - security fix:...

5.9CVSS

6AI Score

0.004EPSS

2017-08-08 12:00 AM
5
altlinux
altlinux

Security fix for the ALT Linux 8 package libssh version 0.7.5-alt1

Aug. 8, 2017 Sergey V Turchin 0.7.5-alt1 - new version - security fix:...

5.9CVSS

6AI Score

0.004EPSS

2017-08-08 12:00 AM
8
kitploit
kitploit

Nmap 7.60 - Free Security Scanner For Network Exploration & Security Audits

Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP...

7.5AI Score

2017-08-02 03:09 PM
106
thn
thn

CowerSnail — Windows Backdoor from the Creators of SambaCry Linux Malware

Last month, we reported about a group of hackers exploiting SambaCry—a 7-year-old critical remote code execution vulnerability in Samba networking software—to hack Linux computers and install malware to mine cryptocurrencies. The same group of hackers is now targeting Windows machines with a new...

10.2AI Score

0.973EPSS

2017-07-27 12:40 AM
54
securelist
securelist

CowerSnail, from the creators of SambaCry

We recently reported about SambaCry, a new family of Linux Trojans exploiting a vulnerability in the Samba protocol. A week later, Kaspersky Lab analysts managed to detect a malicious program for Windows that was apparently created by the same group responsible for SambaCry. It was the common C&C.....

6.9AI Score

2017-07-25 01:32 PM
62
threatpost
threatpost

Modified Versions of Nukebot in Wild Since Source Code Leak

Some opportunistic criminals have put the leaked source code for the Nukebot banking Trojan to use, targeting banks in the United States and France with variants of the malware, while another group has adapted it to steal mail client and browser passwords. The leak was disclosed in early March...

AI Score

2017-07-19 09:56 AM
11
securelist
securelist

The NukeBot banking Trojan: from rough drafts to real threats

This spring, the author of the NukeBot banking Trojan published the source code of his creation. He most probably did so to restore his reputation on a number of hacker forums: earlier, he had been promoting his development so aggressively and behaving so erratically that he was eventually...

7.1AI Score

2017-07-19 09:20 AM
99
securelist
securelist

The Magala Trojan Clicker: A Hidden Advertising Threat

One large group will slowly conquer another large group, reduce its numbers, and thus lessen its chance of further variation and improvement. <…> Small and broken groups and sub-groups will finally tend to disappear. Charles Darwin. 'On the Origin of Species' The golden age of Trojans and vir...

6.8AI Score

2017-07-12 09:29 AM
36
securelist
securelist

Neutrino modification for POS-terminals

From time to time authors of effective and long-lived Trojans and viruses create new modifications and forks of them, like any other software authors. One of the brightest examples amongst them is Zeus (Trojan-Spy.Win32.Zbot, based on classification of "Kaspersky Lab"), which continues to spawn...

6.9AI Score

2017-06-27 11:01 AM
25
ics
ics

Siemens SICAM PAS Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-336-01 Siemens SICAM PAS Vulnerabilities that was published December 1, 2016, on the NCCIC/ICS-CERT web site. Siemens has released an advisory to inform its users on how to mitigate vulnerabilities that affect...

9.8CVSS

9.2AI Score

0.014EPSS

2017-06-15 12:00 PM
6
zdt

8.2AI Score

0.966EPSS

2017-05-31 12:00 AM
584
packetstorm

0.1AI Score

0.966EPSS

2017-05-31 12:00 AM
265
exploitpack
exploitpack

IBM Informix Dynamic Server Informix Open Admin Tool - DLL Injection Remote Code Execution Heap Buffer Overflow

IBM Informix Dynamic Server Informix Open Admin Tool - DLL Injection Remote Code Execution Heap Buffer...

9.8CVSS

0.5AI Score

0.966EPSS

2017-05-30 12:00 AM
396
seebug
seebug

IBM Informix Dynamic Server Open Admin Tool RCE (CVE-2017-1092)

Vulnerabilities Summary The following advisory describes six (6) vulnerabilities found in Informix Dynamic Server and Informix Open Admin Tool. IBM Informix Dynamic Server Exceptional, low maintenance online transaction processing (OLTP) data server for enterprise and workgroup computing. IBM...

10.4AI Score

0.966EPSS

2017-05-24 12:00 AM
3347
altlinux
altlinux

Security fix for the ALT Linux 8 package kde5-smb4k version 2.0.1-alt1.M80P.1

2.0.1-alt1.M80P.1 built May 19, 2017 Sergey V Turchin in task #183142 May 19, 2017 Sergey V Turchin - security fixes:...

7.8CVSS

2.6AI Score

0.0004EPSS

2017-05-19 12:00 AM
5
ics
ics

Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional

CVSS v3 4.9 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC WinCC and SIMATIC WinCC Runtime Professional Vulnerability: Denial of Service AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following versions of SIMATIC WinCC, SIMATIC....

4.9CVSS

5.7AI Score

0.003EPSS

2017-05-09 12:00 PM
87
Total number of security vulnerabilities1083