Bala Krishna, Sergey Yakovlev Security Vulnerabilities

Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional

CVSS v3 4.9 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC WinCC and SIMATIC WinCC Runtime Professional Vulnerability: Denial of Service AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following versions of SIMATIC WinCC, SIMATIC....

Stable Channel Update for Desktop

The stable channel has been updated to 58.0.3029.96 for Windows, Mac, and Linux. This will roll out over the coming days/weeks. In order to improve stability, performance, and security, users who are currently on 32-bit version of Chrome, and 64-bit Windows with 4GB or more of memory and...

Why you can’t update it all at once?

It’s the second part of our talk with Daniil Svetlov at his radio show “Safe Environment” recorded 29.03.2017. In this part we talk about vulnerabilities in Linux and proprietary software, problems of patch an vulnerability management, and mention some related compliance requirements. Video with...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 58 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 58.0.3029.81 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for...

Hackers stole $800,000 from ATMs using Fileless Malware

Hackers targeted at least 8 ATMs in Russia and stole $800,000 in a single night, but the method used by the intruders remained a complete mystery with CCTV footage just showing a lone culprit walking up to the ATM and collecting cash without even touching the machine. Even the affected banks...

Lazarus APT Spinoff Linked to Banking Hacks

SINT MAARTEN—The Lazarus Group, a nation-state level of attacker tied to the 2014 attacks on Sony Pictures Entertainment, has splintered off a portion of its operation to concentrate on stealing money to fund itself. The group, widely believed to be North Korean, has been linked to a February 2016....

Fileless Banking Malware Attackers Break In, Cash Out, Disappear

SINT MAARTEN—Cybercriminals who used fileless, memory-based malware to carry out attacks on nearly 150 enterprises worldwide earlier this year were onto something. The attackers already had remote access to the bank’s networks through the malware, described in February, but once they were inside,.....

Stable Channel Update for Desktop

The stable channel has been updated to 57.0.2987.133 for Windows, Mac, and Linux. This will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain...

About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite

About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite This document describes the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite. About Apple security...

Security fix for the ALT Linux 7 package adobe-flash-player version 3:25-alt0.M70P.1

3:25-alt0.M70P.1 built March 20, 2017 Sergey V Turchin in task #180552 March 20, 2017 Sergey V Turchin - new version - security fixes: CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002,...

Schneider Electric ClearSCADA

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: ClearSCADA Vulnerability: Improper Input Validation AFFECTED PRODUCTS The following versions of ClearSCADA, server and communications driver processes, are affected: All supported...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 57 to the stable channel - 57.0.2987.98 for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 57.0.2987.98 contains a number of fixes and improvements -- a list of changes is available in the log. Watch...

Security fix for the ALT Linux 7 package adobe-flash-player version 3:24-alt0.M70P.3

3:24-alt0.M70P.3 built Feb. 17, 2017 Sergey V Turchin in task #178313 Feb. 17, 2017 Sergey V Turchin - new version - security fixes: CVE-2017-2982, CVE-2017-2984, CVE-2017-2985, CVE-2017-2986, CVE-2017-2987, CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2992, CVE-2017-2993,...

Fileless Memory-Based Malware Plagues 140 Banks, Enterprises

Attackers have been using well-known, standard utilities to carry out attacks on organizations around the world, and covering their tracks by wiping their activity from the machine’s memory before its rebooted. The attackers, who may be connected to the GCMAN and Carbanak groups, aren’t using...

Security fix for the ALT Linux 6 package adobe-flash-player version 3:24-alt0.M70P.2

3:24-alt0.M70P.2 built Jan. 12, 2017 Sergey V Turchin in task #176070 Jan. 11, 2017 Sergey V Turchin - new version - security fixes: CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935,...

Security fix for the ALT Linux 7 package adobe-flash-player version 3:24-alt0.M70P.2

3:24-alt0.M70P.2 built Jan. 12, 2017 Sergey V Turchin in task #176069 Jan. 11, 2017 Sergey V Turchin - new version - security fixes: CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935,...

Obama Expels 35 Russian Spies Over Election Hacking; Russia Responds With Duck Meme

The United States has expelled 35 Russian spies in response to Russia's alleged interference in last month's presidential election, further escalating tensions between the countries. The US state department has declared 35 diplomatic intelligence officials from the Russian embassy in Washington...

Krishna Multi Recharge - Customized SSL, External URLs, KeyStore usage vulnerabilities

HackApp vulnerability scanner discovered that application Krishna Multi Recharge published at the 'play' market has multiple...

Security fix for the ALT Linux 7 package adobe-flash-player version 3:24-alt0.M70P.1

3:24-alt0.M70P.1 built Dec. 16, 2016 Sergey V Turchin in task #174387 Dec. 15, 2016 Sergey V Turchin - new version - security fixes: CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876,...

Security fix for the ALT Linux 6 package adobe-flash-player version 3:24-alt0.M70P.1

3:24-alt0.M70P.1 built Dec. 16, 2016 Sergey V Turchin in task #174388 Dec. 15, 2016 Sergey V Turchin - new version - security fixes: CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876,...

Siemens SICAM PAS Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-336-01 Siemens SICAM PAS Vulnerabilities that was published December 1, 2016, on the NCCIC/ICS-CERT web site. Siemens has released an advisory to inform its users on how to mitigate vulnerabilities that affect...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 55 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 55.0.2883.75 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for...

Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt68

3:11-alt68 built Nov. 9, 2016 Sergey V Turchin in task #172079 Nov. 9, 2016 Sergey V Turchin - new version - security fixes: CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, ...

Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt68

Nov. 9, 2016 Sergey V Turchin 3:11-alt68 - new version - security fixes: CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, ...

Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities (Update C)

OVERVIEW This updated advisory is a follow-up to the advisory update titled ICSA-16-208-01B Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities that was published October 4, 2016, on the NCCIC/ICS-CERT web site. Siemens has identified two vulnerabilities in SIMATIC WinCC,.....

Android Security Bulletin—November 2016

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Google devices through an over-the-air (OTA) update. The Google device firmware images have also been released to the Google Developer....

Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt67

Oct. 27, 2016 Sergey V Turchin 3:11-alt67 - new version - security fixes:...

Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt67

3:11-alt67 built Oct. 27, 2016 Sergey V Turchin in task #171487 Oct. 27, 2016 Sergey V Turchin - new version - security fixes:...

[ASA-201610-13] python-django: cross-site request forgery

Arch Linux Security Advisory ASA-201610-13 Severity: Medium Date : 2016-10-21 CVE-ID : CVE-2016-7401 Package : python-django Type : cross-site request forgery Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary The package python-django before version 1.10.1-1 is...

[ASA-201610-12] python2-django: cross-site request forgery

Arch Linux Security Advisory ASA-201610-12 Severity: Medium Date : 2016-10-21 CVE-ID : CVE-2016-7401 Package : python2-django Type : cross-site request forgery Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary The package python2-django before version 1.10.1-1 is...

Siemens Automation License Manager Vulnerabilities

OVERVIEW Siemens has identified vulnerabilities in Siemen’s Automation License Manager (ALM). These vulnerabilities were reported directly to Siemens by Sergey Temnikov and Vladimir Dashchenko from Critical Infrastructure Defence Team, Kaspersky Lab. Siemens has produced a new version to mitigate.....

Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt66

Oct. 12, 2016 Sergey V Turchin 3:11-alt66 - new version - security fixes: CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990,...

Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt66

Oct. 12, 2016 Sergey V Turchin 3:11-alt66 - new version - security fixes: CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990,...

Django security restrictions bypass Vulnerability(CVE-2 0 1 6-7 4 0 1)-vulnerability warning-the black bar safety net

Affected system: Django Django < 1.8.15 Django Django 1.9. x < 1.9.10 Description: BUGTRAQ ID: 9 3 1 8 2 CVE(CAN) ID: CVE-2 0 1 6-7 4 0 1 Django is the Python programming language to drive an open source Web application framework. Django < 1.8.15, and 1.9. x < 1.9.10 version, cookie par...

Stable Channel Update for Desktop

The stable channel has been updated to 53.0.2785.143 for Windows, Mac, and Linux. This will roll out over the coming days/weeks. Security Fixes and Rewards Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity or LibFuzzer. Note: Access to bug...

Django vulnerability

Releases Ubuntu 16.04 ESM Ubuntu 14.04 ESM Ubuntu 12.04 Packages python-django - High-level Python web development framework Details Sergey Bobrov discovered that Django incorrectly parsed cookies when being used with Google Analytics. A remote attacker could possibly use this issue to set...

Debian DSA-3678-1 : python-django - security update

Sergey Bobrov discovered that cookie parsing in Django and Google Analytics interacted such a way that an attacker could set arbitrary cookies. This allows other malicious websites to bypass the Cross-Site Request Forgery (CSRF) protections built into...

[SECURITY] [DSA 3678-1] python-django security update

Debian Security Advisory DSA-3678-1 [email protected] https://www.debian.org/security/ Florian Weimer September 26, 2016 https://www.debian.org/security/faq Package : python-django CVE ID : CVE-2016-7401 Sergey Bobrov...

Debian Security Advisory DSA 3678-1 (python-django - security update)

Sergey Bobrov discovered that cookie parsing in Django and Google Analytics interacted such a way that an attacker could set arbitrary cookies. This allows other malicious web sites to bypass the Cross-Site Request Forgery (CSRF) protections built into...

Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt65

3:11-alt65 built Sept. 22, 2016 Michael Shigorin in task #169622 Sept. 19, 2016 Sergey V Turchin - new version CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, ...

Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt65

3:11-alt65 built Sept. 20, 2016 Sergey V Turchin in task #169477 Sept. 19, 2016 Sergey V Turchin - new version CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, ...

Stable Channel Update for Desktop

The stable channel has been updated to 53.0.2785.113 for Windows, Mac, and Linux. This will roll out over the coming days/weeks (MSI points to M53). Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 53 to the stable channel - 53.0.2785.89 for Windows, Mac and 53.0.2785.92 for Linux. This will roll out over the coming days/weeks (Note: MSI still points to M52 and will be updated later). Chrome 53.0.2785.89 and 53.0.2785.92...

Harvest: Extracting private info of estimates.

Hey there, So when someone creates a new estimate for a client it is not accessible to anyone except the admin and the person with the private URL of the web invoice. Now their is an option to convert estimate into invoice through...

Debian DSA-3645-1 : chromium-browser - security update

Several vulnerabilites have been discovered in the chromium web browser. CVE-2016-5139 GiWan Go discovered a use-after-free issue in the pdfium library. CVE-2016-5140 Ke Liu discovered a use-after-free issue in the pdfium library. CVE-2016-5141 Sergey Glazunov discovered...

[SECURITY] [DSA 3645-1] chromium-browser security update

Debian Security Advisory DSA-3645-1 [email protected] https://www.debian.org/security/ Michael Gilbert August 09, 2016 https://www.debian.org/security/faq Package : chromium-browser CVE ID : CVE-2016-5139...

[SECURITY] [DSA 3645-1] chromium-browser security update

Debian Security Advisory DSA-3645-1 [email protected] https://www.debian.org/security/ Michael Gilbert August 09, 2016 https://www.debian.org/security/faq Package : chromium-browser CVE ID : CVE-2016-5139...

Debian Security Advisory DSA 3645-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5139 GiWan Go discovered a use-after-free issue in the pdfium library. CVE-2016-5140 Ke Liu discovered a use-after-free issue in the pdfium library. CVE-2016-5141 Sergey Glazunov discovered a URL spoofing issue....

chromium-browser - security update

Several vulnerabilites have been discovered in the chromium web browser. CVE-2016-5139 GiWan Go discovered a use-after-free issue in the pdfium library. CVE-2016-5140 Ke Liu discovered a use-after-free issue in the pdfium library. CVE-2016-5141 Sergey Glazunov discovered a URL spoofing issue....

Stable Channel Update for Desktop

The stable channel has been updated to 52.0.2743.116 for Windows, Mac, and Linux. This will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain...