Bala Krishna, Sergey Yakovlev Security Vulnerabilities

KoffeyMaker: notebook vs. ATM

Despite CCTV and the risk of being caught by security staff, attacks on ATMs using a direct connection — so-called black box attacks — are still popular with cybercriminals. The main reason is the low "entry requirements" for would-be cyber-robbers: specialized sites offer both the necessary tools....

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 71 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 71.0.3578.80 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for...

FBI Takes Down a Massive Advertising Fraud Ring

The FBI announced that it dismantled a large Internet advertising fraud network, and arrested eight people: A 13-count indictment was unsealed today in federal court in Brooklyn charging Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, Sergey Ovsyannikov, Aleksandr.....

FBI Sinkholes $38M Global Ad Fraud Operation

The FBI has taken control of 31 web domains in a widespread takedown of a multi-year, global ad fraud campaign, believed to have stolen at least $38 million, partly via a botnet strategy. In addition, eight defendants face a 13-count indictment from a federal court in Brooklyn in the case. The...

FBI Shuts Down Multimillion Dollar – 3ve – Ad Fraud Operation

Google, the FBI, ad-fraud fighting company WhiteOps and a collection of cyber security companies worked together to shut down one of the largest and most sophisticated digital ad-fraud schemes that infected over 1.7 million computers to generate fake clicks used to defraud online advertisers for...

VirtualBox virtual machine latest escape vulnerability E1000 0day detailed analysis of under-vulnerability warning-the black bar safety net

Recently, Russian security researcher Sergey Zelenyuk released for VirtualBox 5.2.20 early version of the zero-day exploit detailed information, these versions can allow an attacker to escape the virtual machine and executed on the host RING 3-layer code. Then, the attacker can take advantage of...

VirtualBox virtual machine latest escape vulnerability E1000 0 day detailed analysis of the on-vulnerability warning-the black bar safety net

Recently, Russian security researcher Sergey Zelenyuk released for VirtualBox 5.2. 20 early versions of the 0 day vulnerabilities detailed information, these versions can allow an attacker to escape the virtual machine and executed on the host RING 3-layer code. Then, the attacker can take...

Russian exploit developer publicly disclosed VirtualBox zero-day vulnerability

By Waqas An independent IT security researcher and exploit developer from Russia has publicly revealed a zero-day vulnerability in all versions of VirtualBox (VB) 5.2.20 and prior. VB is commonly used open source virtualization software that has been developed by Oracle. According to the analysis.....

Unpatched VirtualBox Zero-Day Vulnerability and Exploit Released Online

An independent exploit developer and vulnerability researcher has publicly disclosed a zero-day vulnerability in VirtualBox—a popular open source virtualization software developed by Oracle—that could allow a malicious program to escape virtual machine (guest OS) and execute code on the operating.....

Security fix for the ALT Linux 7 package libssh version 0.7.6-alt1.M70P.1

0.7.6-alt1.M70P.1 built Oct. 22, 2018 Sergey Y. Afonin in task #215330 Oct. 20, 2018 Sergey Y. Afonin - new version - security fix:...

Security fix for the ALT Linux 8 package libssh version 0.8.4-alt2

Oct. 17, 2018 Sergey V Turchin 0.8.4-alt2 - fix changelog - security fixes:...

Security fix for the ALT Linux 9 package libssh version 0.8.4-alt1

Oct. 17, 2018 Sergey V Turchin 0.8.4-alt1 - new version - security fix:...

Security fix for the ALT Linux 9 package libssh version 0.8.4-alt2

Oct. 17, 2018 Sergey V Turchin 0.8.4-alt2 - fix changelog - security fixes:...

Security fix for the ALT Linux 10 package clamav version 0.100.2-alt1

Oct. 17, 2018 Sergey Y. Afonin 0.100.2-alt1 - 0.100.2 (CVE-2018-15378, CVE-2018-14680, CVE-2018-14681,...

Security fix for the ALT Linux 8 package libssh version 0.8.4-alt1

Oct. 17, 2018 Sergey V Turchin 0.8.4-alt1 - new version - security fix:...

Security fix for the ALT Linux 9 package clamav version 0.100.2-alt1

Oct. 17, 2018 Sergey Y. Afonin 0.100.2-alt1 - 0.100.2 (CVE-2018-15378, CVE-2018-14680, CVE-2018-14681,...

Security fix for the ALT Linux 8 package clamav version 0.100.2-alt1

Oct. 17, 2018 Sergey Y. Afonin 0.100.2-alt1 - 0.100.2 (CVE-2018-15378, CVE-2018-14680, CVE-2018-14681,...

Debian DLA-1545-1 : tomcat8 security update

Sergey Bobrov discovered that when the default servlet returned a redirect to a directory (e.g. redirecting to /foo/ when the user requested /foo) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. For Debian 8 'Jessie', this problem has....

[SECURITY] [DLA 1545-1] tomcat8 security update

Package : tomcat8 Version : 8.0.14-1+deb8u14 CVE ID : CVE-2018-11784 Sergey Bobrov discovered that when the default servlet returned a redirect to a directory (e.g. redirecting to /foo/ when the user requested /foo) a specially crafted URL could be used to cause the redirect...

Debian DLA-1544-1 : tomcat7 security update

Sergey Bobrov discovered that when the default servlet returned a redirect to a directory (e.g. redirecting to /foo/ when the user requested /foo) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. For Debian 8 'Jessie', this problem has....

[SECURITY] [DLA 1544-1] tomcat7 security update

Package : tomcat7 Version : 7.0.56-3+really7.0.91-1 CVE ID : CVE-2018-11784 Sergey Bobrov discovered that when the default servlet returned a redirect to a directory (e.g. redirecting to /foo/ when the user requested /foo) a specially crafted URL could be used to cause the...

Emerson AMS Device Manager

EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Emerson Equipment: AMS Device Manager Vulnerabilities: Improper Access Control, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

Fixed in Apache Tomcat 7.0.91

Moderate: Open Redirect CVE-2018-11784 When the default servlet returned a redirect to a directory (e.g. redirecting to /foo/ when the user requested /foo) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. This was fixed in revision...

Russian Hacker Pleads Guilty to Operating Kelihos Botnet

The Russian man who was accused of operating the infamous Kelihos botnet has finally pleaded guilty in a U.S. federal court. Peter Yuryevich Levashov, 38, of St. Petersburg, Russia, pleaded guilty on Wednesday in U.S. federal court in Connecticut to computer crime, wire fraud, conspiracy and...

Stable Channel Update for Desktop

The stable channel has been updated to 69.0.3497.92 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain...

Fixed in Apache Tomcat 8.5.34

Moderate: Open Redirect CVE-2018-11784 When the default servlet returned a redirect to a directory (e.g. redirecting to /foo/ when the user requested /foo) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. This was fixed in revision...

Fixed in Apache Tomcat 9.0.12

Moderate: Open Redirect CVE-2018-11784 When the default servlet returned a redirect to a directory (e.g. redirecting to /foo/ when the user requested /foo) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. This was fixed in revision...

Siemens SIMATIC WinCC Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-205-02 Siemens SIMATIC WinCC Vulnerabilities that was published July 24, 2014, on the NCCIC/ICS-CERT web site. Researchers Sergey Gordeychik, Alexander Tlyapov, Dmitry Nagibin, and Gleb Gritsai of Positive...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 69 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 69.0.3497.81 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for...

Schneider Electric Wonderware Vulnerabilities

OVERVIEW Timur Yunusov, Ilya Karpov, Sergey Gordeychik, Alexey Osipov, and Dmitry Serebryannikov of the Positive Technologies Research Team have identified four vulnerabilities in the Schneider Electric Wonderware Information Server (WIS). Schneider Electric has produced an update that mitigates...

Siemens SIMATIC WinCC TIA Portal Vulnerabilities

OVERVIEW Gleb Gritsai, Roman Ilin, Aleksandr Tlyapov, and Sergey Gordeychik from Positive Technologies have identified authentication vulnerabilities in the Siemens SIMATIC WinCC TIA Portal application. Siemens has produced a service pack that mitigates these vulnerabilities. These vulnerabilities....

Siemens SIMATIC NET PC-Software Denial-of-Service Vulnerability

OVERVIEW Siemens has identified a denial-of-service vulnerability in SIMATIC NET PC-Software. Vladimir Dashchenko and Sergey Temnikov from Kaspersky Labs reported this issue directly to Siemens. Siemens has produced a new version to mitigate this vulnerability. This vulnerability could be...

Security assessment of corporate information systems in 2017

Each year, Kaspersky Lab's Security Services department carries out dozens of cybersecurity assessment projects for companies worldwide. In this publication, we present a general summary and statistics for the cybersecurity assessments we have conducted of corporate information systems throughout.....

12 Russian Intelligence Agents Indicted For Hacking DNC Emails

The US Justice Department has announced criminal indictments against 12 Russian intelligence officers tied to the hack of the Democratic National Committee (DNC) during the 2016 US presidential election campaign. The charges were drawn up as part of the investigation of Russian interference in...

Olympic Destroyer Returns to Target Biochemical Labs

Olympic Destroyer, the threat actor that caused a crippling sabotage attack on the networks supporting this year’s Winter Games in Pyeongchang, South Korea, has resurfaced with a spy campaign – and with a wider target range. The new campaign began last month and is ongoing, employing...

Olympic Destroyer is still alive

In March 2018 we published our research on Olympic Destroyer, an advanced threat actor that hit organizers, suppliers and partners of the Winter Olympic Games 2018 held in Pyeongchang, South Korea. Olympic Destroyer was a cyber-sabotage attack based on the spread of a destructive network worm. The....

Siemens SIMATIC PCS 7 (Update A)

EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC PCS 7 Vulnerabilities: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-306-01 Siemens...

Stable Channel Update for Desktop

The stable channel has been updated to 67.0.3396.87 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain...

Stable Channel Update for Desktop

The stable channel has been updated to 67.0.3396.79 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain...

Trojan watch

We continue to research how proliferation of IoT devices affects the daily lives of users and their information security. In our previous study, we touched upon ways of intercepting authentication data using single-board microcomputers. This time, we turned out attention to wearable devices:...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 67 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 67.0.3396.62 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for...

Wecon LeviStudioU DataLogTool Edit Stack-based Buffer Overflow Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DataLogTool.exe....

Wecon LeviStudioU DataLogTool History Curve Set Stack-based Buffer Overflow Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DataLogTool.exe....

Wecon LeviStudioU DataLogTool INI Parser Stack-based Buffer Overflow Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DataLogTool.exe. When.....

CISO Forum and the problems of Vulnerability Databases

Last Tuesday, April 24, I was at "CISO FORUM 2020: glance to the future". I presented there my report "Vulnerability Databases: sifting thousands tons of verbal ore". In this post, I'll briefly talk about this report and about the event itself. My speech was the last in the program. At the same...

WECON Technology Co., Ltd. LeviStudio HMI Editor and PI Studio HMI Project Programmer

EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Low skill level to exploit. Vendor: WECON Technology Co., Ltd. (WECON) Equipment: LeviStudio HMI Editor, and PI Studio HMI Project Programmer Vulnerabilities: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these...

Siemens Building Technologies Products (Update A)

EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Siemens Equipment: Building Technologies Products Vulnerabilities: Stack-based Buffer Overflows, Security Features, Improper Restriction of Operations within the Bounds of a Memory Buffer, NULL...

Your new friend, KLara

While doing threat research, teams need a lot of tools and systems to aid their hunting efforts – from systems storing Passive DNS data and automated malware classification to systems allowing researchers to pattern-match a large volume of data in a relatively short period of time. These tools are....

Cyber Espionage Campaign ‘Slingshot’ Targets Victims Via Routers

CANCUN, Mexico – Researchers have uncovered a new cyber-espionage threat, dubbed Slingshot, that targets routers and uses them as a springboard to attack computers within a network. Kaspersky Lab, which released details of its discovery during its Security Analyst Summit on Friday, said that the...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 65 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 65.0.3325.146 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for...