Bala Krishna, Sergey Yakovlev Security Vulnerabilities

Security fix for the ALT Linux 9 package clamav version 0.99.4-alt1

March 4, 2018 Sergey Y. Afonin 0.99.4-alt1 - 0.99.4 (CVE-2012-6706, CVE-2017-6419, CVE-2017-11423, CVE-2018-0202, and...

Security fix for the ALT Linux 10 package clamav version 0.99.4-alt1

March 4, 2018 Sergey Y. Afonin 0.99.4-alt1 - 0.99.4 (CVE-2012-6706, CVE-2017-6419, CVE-2017-11423, CVE-2018-0202, and...

Security fix for the ALT Linux 8 package clamav version 0.99.4-alt1

March 4, 2018 Sergey Y. Afonin 0.99.4-alt1 - 0.99.4 (CVE-2012-6706, CVE-2017-6419, CVE-2017-11423, CVE-2018-0202, and...

Siemens SIMATIC WinCC Add-On (Update A)

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC WinCC Add-On Vulnerabilities: Stack-based Buffer Overflow, Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Security Features, Improper...

Nortek Linear eMerge E3 Series

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Nortek Equipment: Linear eMerge E3 Series Vulnerability: Command Injection AFFECTED PRODUCTS The following Linear eMerge, an access control interface, versions are affected: Linear eMerge E3 series Versions V0.32-07e...

This Week in Security News: Senate Hearings and Equifax Breaches

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, leaders of six security agencies testified before the Senate Intelligence Committee, the Equifax hack grew in severity, and hackers used the.....

U.S. Arrests 13, Charges 36 in ‘Infraud’ Cybercrime Forum Bust

The U.S. Justice Department announced charges on Wednesday against three dozen individuals thought to be key members of 'Infraud," a long-running cybercrime forum that federal prosecutors say cost consumers more than a half billion dollars. In conjunction with the forum takedown, 13 alleged...

Alleged Spam Kingpin ‘Severa’ Extradited to US

Peter Yuryevich Levashov, a 37-year-old Russian computer programmer thought to be one of the world's most notorious spam kingpins, has been extradited to the United States to face federal hacking and spamming charges. Levashov, in an undated photo. Levashov, who allegedly went by the hacker names.....

Security fix for the ALT Linux 8 package clamav version 0.99.3-alt1

0.99.3-alt1 built Jan. 30, 2018 Sergey Y. Afonin in task #198652 Jan. 28, 2018 Sergey Y. Afonin - 0.99.3 (multiple CVE's, look to README) - removed cve-2017-6418.patch and cve-2017-6420.patch (in upstream...

Security fix for the ALT Linux 9 package clamav version 0.99.3-alt1

Jan. 28, 2018 Sergey Y. Afonin 0.99.3-alt1 - 0.99.3 (multiple CVE's, look to README) - removed cve-2017-6418.patch and cve-2017-6420.patch (in upstream...

Security fix for the ALT Linux 10 package clamav version 0.99.3-alt1

Jan. 28, 2018 Sergey Y. Afonin 0.99.3-alt1 - 0.99.3 (multiple CVE's, look to README) - removed cve-2017-6418.patch and cve-2017-6420.patch (in upstream...

Denis and Co.

In April 2017, we published a detailed review of a malicious program that used DNS tunneling to communicate to its C&C. That study prompted us to develop a technology to detect similar threats, which allowed us to collect a multitude of malware samples using DNS tunneling. In this article, we will....

WECON Technology Co., Ltd. LeviStudio HMI Editor

CVSS v3 5.3 ATTENTION: Locally exploitable/low skill level to exploit. Vendor: WECON Technology Co., Ltd. (WECON) Equipment: LeviStudio HMI Editor Vulnerabilities: Buffer Overflows AFFECTED PRODUCTS The following versions of LEVI Studio HMI Editor, an HMI programming software product, are...

Wecon LeviStudioU General WriteAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of...

Siemens SIMATIC WinCC Add-On (Update A)

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC WinCC Add-On Vulnerabilities: Stack-based Buffer Overflow, Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Security Features, Improper...

Happy IR in the New Year!

At the end of last year Mr. Jake Williams from aka @MalwareJake asked a very important question about Lack of visibility during detecting APT intrusions in twitter. Results show us that endpoint analysis is the most important part of any research connected with APTs. Also, for sure endpoint...

Stable Channel Update for Desktop

The stable channel has been updated to 63.0.3239.108 for Windows, Mac and Linux which will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 63 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 63.0.3239.84 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming.....

Siemens industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation

CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation Vulnerability: Improper Restriction of XML External Entity Reference AFFECTED PRODUCTS Siemens...

Siemens Update Patches SIMATIC PCS 7 Bug in Some Versions

Siemens has made an update available for some of its SIMATIC PCS 7 distributed control systems that are impacted by a remotely exploitable input validation vulnerability. Siemens said version 8.2 and V8.1 prior to 8.1 SP1 with WinCC v7.3 Update 13 are affected. “Successful exploitation of this...

Silence Gang Borrows From Carbanak To Steal From Banks

A cybercrime outfit stealing from as many as 10 banks in Russia, Armenia and Malaysia has borrowed heavily from one of the kingpins in this realm, Carbanak, which is alleged to have stolen possibly as much as $1 billion worldwide from financial organizations. The new group has been called Silence.....

Tales from the blockchain

Cryptocurrency has gradually evolved from an element of a new world, utopian economy to a business that has affected even those sectors of society least involved in information technology. At the same time, it has acquired a fair number of "undesirable" supporters who aim to enrich themselves at...

Ayukov NFTP FTP Client Stack Buffer Overflow Analysis

Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code. Recent assessments: wchen-r7 at September 12, 2019 6:08pm UTC reported: Details Ayukov is an FTP client that was written by Sergey Ayukov back in 1994. Development stopped in 2011,...

Siemens Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation

CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation Vulnerability: Improper Restriction of XML External Entity Reference UPDATE INFORMATION This updated....

Siemens industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation (Update B)

CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation Vulnerability: Improper Restriction of XML External Entity Reference UPDATE INFORMATION This updated....

Stable Channel Update for Desktop

The stable channel has been updated to 61.0.3163.100 for Windows, Mac and Linux which will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 61 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 61.0.3163.79 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for...

Siemens Fixes Session Hijacking Bug in LOGO!, Warns of Man-in-the-Middle Attacks

Administrators who have Siemens’ LOGO! logic module deployed in automation setups are being urged to update its firmware. The German industrial manufacturing giant pushed out an update for its LOGO! 8 BM devices Wednesday morning to fix a vulnerability (CVE-2017-12734) that could let an attacker...

Revamped Nukebot Malware Changes Targets, Adds Functions

A revamped version of the Nukebot banking trojan dubbed Jimmy Nukebot has shifted focus from stealing bankcard data and now acts as a conduit for quietly downloading malicious payloads for web-injects, cryptocurrency mining, and taking screenshots of targeted systems. The code is a modification of....

Jimmy Nukebot: from Neutrino with love

_ "You FOOL! This isn't even my final form!"_ In one of our previous articles, we analyzed the NeutrinoPOS banker as an example of a constantly evolving malware family. A week after publication, this Neutrino modification delivered up a new malicious program classified by Kaspersky Lab as...

About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, see....

IT threat evolution Q2 2017

Targeted attacks and malware campaigns Back to the future: looking for a link between old and new APTs This year's Security Analyst Summit (SAS) included interesting research findings on several targeted attack campaigns. For example, researchers from Kaspersky Lab and King's College London...

Ukrainian Man Arrested For Distributing NotPetya Ransomware And Helping Tax Evaders

Ukrainian authorities have arrested a 51-year-old man accused of distributing the infamous Petya ransomware (Petya.A, also known as NotPetya) — the same computer virus that massively hit numerous businesses, organisations and banks in Ukraine as well as different parts of Europe around 45 days...

Security fix for the ALT Linux 9 package libssh version 0.7.5-alt1

Aug. 8, 2017 Sergey V Turchin 0.7.5-alt1 - new version - security fix:...

Security fix for the ALT Linux 8 package libssh version 0.7.5-alt1

Aug. 8, 2017 Sergey V Turchin 0.7.5-alt1 - new version - security fix:...

Nmap 7.60 - Free Security Scanner For Network Exploration & Security Audits

Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP...

CowerSnail — Windows Backdoor from the Creators of SambaCry Linux Malware

Last month, we reported about a group of hackers exploiting SambaCry—a 7-year-old critical remote code execution vulnerability in Samba networking software—to hack Linux computers and install malware to mine cryptocurrencies. The same group of hackers is now targeting Windows machines with a new...

CowerSnail, from the creators of SambaCry

We recently reported about SambaCry, a new family of Linux Trojans exploiting a vulnerability in the Samba protocol. A week later, Kaspersky Lab analysts managed to detect a malicious program for Windows that was apparently created by the same group responsible for SambaCry. It was the common C&C.....

Modified Versions of Nukebot in Wild Since Source Code Leak

Some opportunistic criminals have put the leaked source code for the Nukebot banking Trojan to use, targeting banks in the United States and France with variants of the malware, while another group has adapted it to steal mail client and browser passwords. The leak was disclosed in early March...

The NukeBot banking Trojan: from rough drafts to real threats

This spring, the author of the NukeBot banking Trojan published the source code of his creation. He most probably did so to restore his reputation on a number of hacker forums: earlier, he had been promoting his development so aggressively and behaving so erratically that he was eventually...

The Magala Trojan Clicker: A Hidden Advertising Threat

One large group will slowly conquer another large group, reduce its numbers, and thus lessen its chance of further variation and improvement. <…> Small and broken groups and sub-groups will finally tend to disappear. Charles Darwin. 'On the Origin of Species' The golden age of Trojans and vir...

Neutrino modification for POS-terminals

From time to time authors of effective and long-lived Trojans and viruses create new modifications and forks of them, like any other software authors. One of the brightest examples amongst them is Zeus (Trojan-Spy.Win32.Zbot, based on classification of "Kaspersky Lab"), which continues to spawn...

Siemens SICAM PAS Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-336-01 Siemens SICAM PAS Vulnerabilities that was published December 1, 2016, on the NCCIC/ICS-CERT web site. Siemens has released an advisory to inform its users on how to mitigate vulnerabilities that affect...

IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Hea

Exploit for windows platform in category web...

IBM Informix Dynamic Server DLL Injection / Code Execution

...

IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Heap Buffer Overflow

...

IBM Informix Dynamic Server Informix Open Admin Tool - DLL Injection Remote Code Execution Heap Buffer Overflow

IBM Informix Dynamic Server Informix Open Admin Tool - DLL Injection Remote Code Execution Heap Buffer...

IBM Informix Dynamic Server Open Admin Tool RCE (CVE-2017-1092)

Vulnerabilities Summary The following advisory describes six (6) vulnerabilities found in Informix Dynamic Server and Informix Open Admin Tool. IBM Informix Dynamic Server Exceptional, low maintenance online transaction processing (OLTP) data server for enterprise and workgroup computing. IBM...

Security fix for the ALT Linux 8 package kde5-smb4k version 2.0.1-alt1.M80P.1

2.0.1-alt1.M80P.1 built May 19, 2017 Sergey V Turchin in task #183142 May 19, 2017 Sergey V Turchin - security fixes:...

Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional

CVSS v3 4.9 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC WinCC and SIMATIC WinCC Runtime Professional Vulnerability: Denial of Service AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following versions of SIMATIC WinCC, SIMATIC....