Databáze Hot News 2015 October -

Databáze Hot News 2015 October - 2015 January February March April May June July August September October November December

30.10.2015

Bugtraq

[slackware-security] jasper (SSA:2015-302-02) 2015-10-29
Slackware Security Team (security slackware com)

PHP Server Monitor 3.1.1 Privilege Escalation 2015-10-30
apparitionsec gmail com

PHP Server Monitor 3.1.1 CSRF 2015-10-30
apparitionsec gmail com

[slackware-security] curl (SSA:2015-302-01) 2015-10-29
Slackware Security Team (security slackware com)

[slackware-security] ntp (SSA:2015-302-03) 2015-10-29
Slackware Security Team (security slackware com)

[SECURITY] [DSA 3384-1] virtualbox security update 2015-10-29
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3383-1] wordpress security update 2015-10-29
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3332-2] wordpress regression update 2015-10-29
Salvatore Bonaccorso (carnil debian org)

Malware

Infostealer.Banload

Exp.CVE-2015-5876

Phishing

Brayden	30th October 2015
BUSINESS IS CRAZY
MRS. JODI REULAND	30th October 2015
Ofornelas-F R_E..E..___A-C C-E_S_S_- T-O..__-L..O_C A..L___S-L..U T S..!
Yahoo.com	29th October 2015
PLEASE HELP ME.

Vulnerebility

SANS News

USB cleaning device for the masses

This Article is Brought to You By the Letter ノ

Threatpost

Web Hosting Service 000webhost Hacked, Information of 13 Million Leaked

Exploit

Sam Spade 1.14 - Scan From IP Address Field SEH Overflow Crash PoC

PHP Server Monitor 3.1.1- Multiple CSRF Vulnerabilities

PHP Server Monitor 3.1.1- CSRF Privilege Escalation

eBay Magento <= 1.9.2.1 - PHP FPM XML eXternal Entity Injection

Hitron Router CGN3ACSMR 4.5.8.16 - Arbitrary Code Execution

Pligg CMS 2.0.2 - Multiple SQL Injection Vulnerabilities

Pligg CMS 2.0.2 - Directory Traversal

Pligg CMS 2.0.2 - CSRF Code Execution

AIX 7.1 - lquerylv Local Privilege Escalation

Oxwall 1.7.4 - CSRF Vulnerability

29.10.2015

Bugtraq

[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability 2015-10-29
ERPScan inc (erpscan online gmail com)

[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability 2015-10-29
ERPScan inc (erpscan online gmail com)

[ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability 2015-10-29
ERPScan inc (erpscan online gmail com)

Cross-Site Request Forgery on Oxwall 2015-10-29
High-Tech Bridge Security Research (advisory htbridge ch)

CVE-2015-7723 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver 2015-10-29
Portcullis Advisories (advisories portcullis-security com)

CVE-2015-7724 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver 2015-10-29
Portcullis Advisories (advisories portcullis-security com)

[SECURITY] [DSA 3382-1] phpmyadmin security update 2015-10-28
Thijs Kinkhorst (thijs debian org)

Malware

Backdoor:PHP/SimpleShell.A

VBA/TrojanDownloader.Agent.ADX

Win32/TrojanDownloader.Nymaim.AY

EK_ExploitKit

Phishing

paypal	29th October 2015
Your Account Will Be Limited

Vulnerebility

SANS News

USB cleaning device for the masses

Threatpost

Rockwell Patches Serious ‘FrostyURL’ PLC Vulnerability

Exploit

Joomla JNews (com_jnews) Component 8.5.1 - SQL Injection

NetUSB Kernel Stack Buffer Overflow

28.10.2015

Bugtraq

Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE 2015-10-28
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 3381-1] openjdk-7 security update 2015-10-27
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 3380-1] php5 security update 2015-10-27
Florian Weimer (fw deneb enyo de)

[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability 2015-10-27
ERPScan inc (erpscan online gmail com)

Malware

Rogue:VBS/Trapwot
TrojanProxy:MSIL/Segyroxb.A
Trojan:JS/Iframeinject.AG

Phishing

PayPal	28th October 2015
âœ” [PAYPAL]CONFIRM YOUR ACCOUNT INFORMATION ! âœ‰

Vulnerebility

SANS News

Adobe Releases Surprise Shockwave Player Patch

Victim of its own success and (ab)used by malwares

Threatpost

Fewer IPsec VPN Connections at Risk from Weak Diffie-Hellman

Exploit

Th3 MMA mma.php Backdoor Arbitrary File Upload

Samsung SecEmailUI Script Injection

JIRA and HipChat for JIRA Plugin Velocity Template Injection Vulnerability

Sagem FAST3304-V2 - Authentication Bypass

Samsung m2m1shot Kernel Driver Buffer Overflow

Samsung seiren Kernel Driver Buffer Overflow

Samsung fimg2d FIMG2D_BITBLT_BLIT ioctl Concurrency Flaw

Samsung SecEmailComposer QUICK_REPLY_BACKGROUND Permissions Weakness

27.10.2015

Bugtraq

[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability 2015-10-27
ERPScan inc (erpscan online gmail com)

[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability 2015-10-27
ERPScan inc (erpscan online gmail com)

[ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability 2015-10-27
ERPScan inc (erpscan online gmail com)

MacOS X 10.11 hardlink bomb cause resource exhaustion (Avast PoC) 2015-10-26
submit cxsec org

MacOS X 10.11 FTS Deep structure of the file system Buffer Overflow 2015-10-26
submit cxsec org

Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities 2015-10-26
Secunia Research (remove-vuln secunia com)

Secunia Research: Google Picasa Phase One Tags Processing Integer Overflow Vulnerability 2015-10-26
Secunia Research (remove-vuln secunia com)

FreeBSD Security Advisory FreeBSD-SA-15:25.ntp 2015-10-26
FreeBSD Security Advisories (security-advisories freebsd org)

Malware

SoftwareBundler:Win32/Zubtui.A
Backdoor:Win32/Xtrat.Q
TrojanDownloader:Win32/Captorveen.B
PWS:MSIL/Stimilini.S
Trojan:Win32/Tulim.B!plock
Trojan:Win32/Spallowz.A!plock

Phishing

PayPaI	27th October 2015
YOUR ACCOUNT HAS BEEN IIMITED UNTII WE HEAR FROM YOU
MRS. LUCILA LAMME	27th October 2015
Re:Find Ofornelass NEW MESSAGE sent by Mrs. Lucila Lamme

Vulnerebility

SANS News

Typo Squatting Charities for Fake Tech Support Schemes

The "Yes, but..." syndrome

Threatpost

Novel NTP Attacks Roll Back Time

Yahoo Hires Bob Lord as its CISO

New Campaign Shows Dridex Active, Targeting French

Exploit

Th3 MMA mma.php Backdoor Arbitrary File Upload

Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation

Win10Pcap - Local Privilege Escalation Vulnerability

26.10.2015

Bugtraq

MacOS X 10.11 hardlink bomb cause resource exhaustion (Avast PoC) 2015-10-26
submit cxsec org

MacOS X 10.11 FTS Deep structure of the file system Buffer Overflow 2015-10-26
submit cxsec org

Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities 2015-10-26
Secunia Research (remove-vuln secunia com)

Secunia Research: Google Picasa Phase One Tags Processing Integer Overflow Vulnerability 2015-10-26
Secunia Research (remove-vuln secunia com)

FreeBSD Security Advisory FreeBSD-SA-15:25.ntp 2015-10-26
FreeBSD Security Advisories (security-advisories freebsd org)

AlienVault OSSIM 4.3 CSRF 2015-10-26
mohammadreza mohajerani gmail com

AlienVault OSSIM 4.3 CSRF vulnerability report 2015-10-25
mohammadreza mohajerani gmail com

[SECURITY] [DSA 3379-1] miniupnpc security update 2015-10-25
Salvatore Bonaccorso (carnil debian org)

Fwd: Timing attack vulnerability in most Zeus server-sides 2015-10-25
rotem kerner (nullfield gmail com)

[SECURITY] [DSA 3377-1] mysql-5.5 security update 2015-10-24
Salvatore Bonaccorso (carnil debian org)

[security bulletin] HPSBGN03429 rev.1 - HP Arcsight Logger, Remote Disclosure of Information 2015-10-23
security-alert hp com

[security bulletin] HPSBGN03428 rev.1 - HP Asset Manager, Local Disclosure of Sensitive Information 2015-10-23
security-alert hp com

CVE-2015-6576: Bamboo - Deserialisation resulting in remote code execution 2015-10-23
David Black (dblack atlassian com)

Malware

PWS:MSIL/Stimilina.G
PWS:MSIL/Stimilina.H
PWS:MSIL/Stimilina.I
Win32/Upatre

Phishing

Holly Bass	25th October 2015
A REQUEST FROM A VIRGIN
Chase(SM)spalerts4secure3@comc	25th October 2015
URGENT: CONFIRMATION OF ONLINE BANKING INFORMATION
Apple	25th October 2015
Notification From Apple

Vulnerebility

SANS News

Threatpost

Exploit

Windows 10 - pcap Driver Local Privilege Escalation

Alreader 2.5 .fb2 - SEH Based Stack Overflow (ASLR and DEP bypass)

Safari User-Assisted Applescript Exec Attack

23.10.2015

Bugtraq

CVE-2015-6576: Bamboo - Deserialisation resulting in remote code execution 2015-10-23
David Black (dblack atlassian com)

Re: TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE 2015-10-22
scurippio autistici org

SEC Consult SA-20151022-0 :: Lime Survey Multiple Critical Vulnerabilities 2015-10-22
SEC Consult Vulnerability Lab (research sec-consult com)

Re: TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE 2015-10-22
scurippio autistici org

TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE 2015-10-22
scurippio autistici org

Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 2015-10-22
Cisco Systems Product Security Incident Response Team (psirt cisco com)

APPLE-SA-2015-10-21-8 OS X Server 5.0.15 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-10-21-7 Xcode 7.1 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-10-21-5 iTunes 12.3.1 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

Malware

Adware:Win32/Doma
TrojanClicker:Win32/Buoveco.A
TrojanDownloader:Win32/Dowfeld.A

Trojan.Plugfakeav

W32.Belvira

Phishing

PayPal	23rd October 2015
You submitted an order amounting of 59.99 GBP to Asda Stores Limited
WEB	22nd October 2015
MAINTENANCE MAIL-BOX YOUR ACCOUNT DETECTED ACTIVITIES AND WILL BE BLOCKED
PayPal_ID 42310	22nd October 2015
Your account is limited now must be updated now \| Case (PP-35-TB-23-90-SN)
Chase	21st October 2015
An Important Notice From Chase(SM)
APPLE INC.	21st October 2015
Thank You for Your Order [Order iTunes Verification required]

Vulnerebility

SANS News

OS X 10.11.1 (El Capitan) File System Deep Directory Buffer Overflow

Botnets spreading Dridex still active

Threatpost

Joomla Update Patches Critical SQL Injection Vulnerability

Exploit

Realtyna RPL Joomla Extension 8.9.2 - Multiple SQL Injection Vulnerabilities

Realtyna RPL Joomla Extension 8.9.2 - Persistent XSS And CSRF Vulnerabilities

Subrion 3.X.X - Multiple Vulnerabilities

Beckhoff CX9020 CPU Module - Remote Code Execution Exploit

22.10.2015

Bugtraq

TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE 2015-10-22
scurippio autistici org

Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 2015-10-22
Cisco Systems Product Security Incident Response Team (psirt cisco com)

APPLE-SA-2015-10-21-8 OS X Server 5.0.15 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-10-21-7 Xcode 7.1 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-10-21-5 iTunes 12.3.1 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-10-21-3 Safari 9.0.1 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-10-21-2 watchOS 2.0.1 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-10-21-1 iOS 9.1 2015-10-21
Apple Product Security (product-security-noreply lists apple com)

Cisco Security Advisory: Cisco ASA Software VPN ISAKMP Denial of Service Vulnerability 2015-10-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco ASA Software DNS Denial of Service Vulnerability 2015-10-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability 2015-10-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)

SiteWIX - (edit_photo2.php id) SQL Injection Exploit 2015-10-21
ZoRLu Bugrahan (zorlu milw00rm com)

Malware

TrojanDownloader:Win32/Dowfeld.A
TrojanDropper:Win32/Soloniti.A
TrojanDownloader:BAT/Truvaeril.A
TrojanSpy:Win32/Banker.APB
Adware:Win32/Loones
TrojanSpy:MSIL/Omaneat.C
TrojanDownloader:Win32/Xeliam.A

Phishing

WEB	22nd October 2015
MAINTENANCE MAIL-BOX YOUR ACCOUNT DETECTED ACTIVITIES AND WILL BE BLOCKED
PayPal_ID 42310	22nd October 2015
Your account is limited now must be updated now \| Case (PP-35-TB-23-90-SN)
Chase	21st October 2015
An Important Notice From Chase(SM)

Vulnerebility

SANS News

Compromised Magento sites led to Neutrino exploit kit

Threatpost

Google Moving Gmail to Strict DMARC Implementation

Custom Google App Engine Tweak Still Leads to Java Sandbox Escapes

Exploit

Beckhoff CX9020 CPU Module - Remote Code Execution Exploit

21.10.2015

Bugtraq

SiteWIX - (edit_photo2.php id) SQL Injection Exploit 2015-10-21
ZoRLu Bugrahan (zorlu milw00rm com)

[SE-2014-02] Google App Engine Java security sandbox bypasses (Issue 42) 2015-10-21
Security Explorations (contact security-explorations com)

[SECURITY] [DSA 3376-1] chromium-browser security update 2015-10-21
Michael Gilbert (mgilbert debian org)

[SECURITY] [DSA 3375-1] wordpress security update 2015-10-19
Yves-Alexis Perez (corsac debian org)

[SECURITY] [DSA 3374-1] postgresql-9.4 security update 2015-10-19
Salvatore Bonaccorso (carnil debian org)

Malware

TrojanDownloader:Win32/Xeliam.A

Bloodhound.RTF.5

Phishing

APPLE INC.	21st October 2015
Thank You for Your Order [Order iTunes Verification required]
MENS TOP SECRET GUIDE	20th October 2015
Satisfy Your Woman In Bed. Stay Hard And Longer Minutes.

Vulnerebility

SANS News

Oracle Critical Patch Update for Q1 2015 (Includes Java Updates)

Odd DNS TXT Record. Anybody Seen This Before?

Threatpost

Microsoft Opens .NET Core, ASP.NET Bug Bounties

Let’s Encrypt Hits Another Free HTTPS Milestone

Academics Find Critical Flaws in Self-Encrypting Hardware Drives - See more at: https://threatpost.com/#sthash.7fFNlffq.dpuf

Exploit

Zpanel Remote Unauthenticated RCE

HandyPassword 4.9.3 - SEH Over-Write Exploit

20.10.2015

Bugtraq

[SECURITY] [DSA 3375-1] wordpress security update 2015-10-19
Yves-Alexis Perez (corsac debian org)

[SECURITY] [DSA 3374-1] postgresql-9.4 security update 2015-10-19
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3373-1] owncloud security update 2015-10-18
Salvatore Bonaccorso (carnil debian org)

ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access 2015-10-16
ERPScan inc (erpscan online gmail com)

Events Made Easy WordPress plugin CSRF + Persistent XSS 2015-10-16
David Sopas (davidsopas gmail com)

Malware

DDoS:Win32/Flusihoc.A
TrojanDownloader:Win32/Upatre.CO
TrojanSpy:MSIL/Yakbeex.C
TrojanDownloader:MSIL/Fleendow.A
TrojanDownloader:Win32/Bamvleds.A

JS.Fakeransom

Trojan.Ransomcrypt.V

Phishing

PayPal	20th October 2015
UPDATE YOUR INFORMATION
SGT MONICA L BROWN	20th October 2015
Let Discuss

Vulnerebility

SANS News

When encoding saves the day

Threatpost

Apple to Remove 256 iOS Apps Using Private APIs, Collecting Personal Data

Exploit

19.10.2015

Bugtraq

[SECURITY] [DSA 3374-1] postgresql-9.4 security update 2015-10-19
Salvatore Bonaccorso (carnil debian org)

[SECURITY] [DSA 3373-1] owncloud security update 2015-10-18
Salvatore Bonaccorso (carnil debian org)

ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access 2015-10-16
ERPScan inc (erpscan online gmail com)

Malware

TrojanDownloader:MSIL/Dolia.A

JS.Fakeransom

Phishing

APPLE INC	19th October 2015
Your Account has been limited

Vulnerebility

SANS News

Ransomware & Entropy

Security Awareness for Security Professionals

Threatpost

Exploit

Wordpress Ajax Load More Plugin < 2.8.2 - File Upload Vulnerability

Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow

Nibbleblog File Upload Vulnerability

Belkin Router N150 1.00.08, 1.00.09 - Path Traversal Vulnerability

Adobe Flash IExternalizable.writeExternal - Type Confusion

16.10.2015

Bugtraq

ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access 2015-10-16
ERPScan inc (erpscan online gmail com)

Events Made Easy WordPress plugin CSRF + Persistent XSS 2015-10-16
David Sopas (davidsopas gmail com)

Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) 2015-10-16
Qualys Security Advisory (qsa qualys com)

[ISecAuditors Security Advisories] URL Open Redirect in Google generic TLD and ccTLD 2015-10-15
ISecAuditors Security Advisories (advisories isecauditors com)

APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 2015-10-15
Apple Product Security (product-security-noreply lists apple com)

[security bulletin] HPSBOV03503 rev.1 - HP OpenVMS CSWS_JAVA running Tomcat, Multiple Remote Vulnerabilities 2015-10-15
security-alert hp com

[security bulletin] HPSBUX03512 SSRT102254 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) and Other Vulnerabilities 2015-10-15
security-alert hp com

Freemake Video Downloader 3.7.1 - Code Execution Vulnerability 2015-10-15
Vulnerability Lab (research vulnerability-lab com)

PayPal Inc Bug Bounty #117 - Session Fixation Vulnerability 2015-10-15
Vulnerability Lab (research vulnerability-lab com)

Malware

TrojanDownloader:Win32/Brucryp.C
PWS:MSIL/Petun
TrojanDownloader:Win32/Bagoox.A
TrojanClicker:Win32/Bagoox.A
DDoS:Win32/Nitol.K
Backdoor:Win32/Slingup.A
SoftwareBundler:Win32/InstallMonster
TrojanDownloader:Win32/Strumapine.A

Trojan.Broluxa

Phishing

PAYPal info	16th October 2015
Your Account PayPal Has Been Limited
HSBC Bank	16th October 2015
INTERNET BANKING: ACCOUNT ACCESS NOTIFICATION
PalyPal Support	16th October 2015
YOUR PAYPAL ACCOUNT HAS BEEN LIMITED âœ”
Account Support	16th October 2015
UPDATE YOUR ACCOUNT INFORMATION

Vulnerebility

SANS News

Ongoing Flash Vulnerabilities

Threatpost

WordPress Fixes Critical Stored XSS Error in Akismet

Latest Microsoft Transparency Report Details Content Removal Requests

Exploit

AdobeWorkgroupHelper 2.8.3.3 - Stack Based Buffer Overflow

Linux x86_64 Bindshell with Password (92 bytes)

15.10.2015

Bugtraq

Freemake Video Downloader 3.7.1 - Code Execution Vulnerability 2015-10-15
Vulnerability Lab (research vulnerability-lab com)

PayPal Inc Bug Bounty #117 - Session Fixation Vulnerability 2015-10-15
Vulnerability Lab (research vulnerability-lab com)

Blat.exe v2.7.6 SMTP / NNTP Mailer Buffer Overflow 2015-10-14
apparitionsec gmail com

US DoD's Dc3dd v7.2.6 suffers from a Buffer Overflow vulnerability - Advanced Information Security Corporation - Zero Day Research 2015-10-14
Nicholas Lemonias. (lem nikolas googlemail com)

[CVE-2015-2552] Windows 8+ - Trusted Boot Security Feature Bypass Vulnerability 2015-10-14
Myria (myriachan gmail com)

[security bulletin] HPSBGN03515 rev.1 - HP Smart Profile Server Data Analytics Layer (SPS DAL), Remote Cross-Site-Scripting (XSS), Disclosure of Information 2015-10-13
security-alert hp com

Malware

Backdoor:Win32/Noancooe
Backdoor:Win32/Bergat.C
TrojanDownloader:Win32/Kalumino.A
SoftwareBundler:Win32/Coolnetry
TrojanDownloader:Win32/Hospizrox.A
TrojanDownloader:Win32/Redosdru
TrojanDownloader:Win32/Banload.BET
TrojanDownloader:MSIL/Banload.AB
TrojanDownloader:AutoIt/Banload.V
TrojanDownloader:AutoIt/Banload.T

Backdoor.Owashell

W32.Expiro

Backdoor.Gonymdos

Phishing

Exploit kit roundup: Less Angler, more Nuclear

Vulnerebility

SANS News

Google Patches Chrome, Changes Mixed Content Warnings

Law Enforcement Shuts Down Dridex Operation

Threatpost

Exploit

netis RealTek Wireless Router / ADSL Modem - Multiple Vulnerabilities

PROLiNK H5004NK ADSL Wireless Modem - Multiple Vulnerabilities

AdobeWorkgroupHelper 2.8.3.3 - Stack Based Buffer Overflow

Blat.exe 2.7.6 SMTP / NNTP Mailer - Buffer Overflow

14.10.2015

Bugtraq

US DoD's Dc3dd v7.2.6 suffers from a Buffer Overflow vulnerability - Advanced Information Security Corporation - Zero Day Research 2015-10-14
Nicholas Lemonias. (lem nikolas googlemail com)

[CVE-2015-2552] Windows 8+ - Trusted Boot Security Feature Bypass Vulnerability 2015-10-14
Myria (myriachan gmail com)

[security bulletin] HPSBGN03515 rev.1 - HP Smart Profile Server Data Analytics Layer (SPS DAL), Remote Cross-Site-Scripting (XSS), Disclosure of Information 2015-10-13
security-alert hp com

Boolean-based SQL injection Vulnerability in K2 Platforms 2015-10-13
wissam bashour helpag com

[SECURITY] [DSA 3372-1] linux security update 2015-10-13
Ben Hutchings (benh debian org)

Malware

TrojanSpy:MSIL/Yakbeex.B
TrojanDropper:Win32/Sulunch
TrojanDownloader:MSIL/Bladabindi.J
TrojanSpy:Win32/Nivdort!acf
TrojanSpy:Win32/Banker.AOX
TrojanSpy:MSIL/Quoler.A
Adware:Win32/Sogou
TrojanDownloader:BAT/Unwgent.A
Trojan:Win32/Damingvat.A
Adware:Win32/Putalo0l

Boot.HDRoot

Phishing

Paypal	14th October 2015
We are unable to validate important details about your account.
MRS MONICA ASLAM	13th October 2015
Dear.....,,,..........,.,..,.. ..
PayPal Support	13th October 2015
YOUR PAYPAL ACCOUNT HAS BEEN LIMITED âœ”

Vulnerebility

SANS News

AV Phone Scan via Fake BSOD Web Pages

Threatpost

Dow Jones & Company Latest Financial Firm Hit With Data Breach

Exploit

ZyXEL PMG5318-B20A - OS Command Injection Vulnerability

Linux/MIPS Kernel NetUSB - Remote Code Execution Exploit

13.10.2015

Bugtraq

Boolean-based SQL injection Vulnerability in K2 Platforms 2015-10-13
wissam bashour helpag com

[SECURITY] [DSA 3372-1] linux security update 2015-10-13
Ben Hutchings (benh debian org)

AdobeWorkgroupHelper Stack Based Buffer Overflow 2015-10-13
apparitionsec gmail com

CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin 2015-10-12
grajalerts gmail com

CVE-2015-7682: Multiple Blind SQL Injections in Pie Register WordPress Plugin 2015-10-12
grajalerts gmail com

CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin 2015-10-12
grajalerts gmail com

Multiple Remote Code Execution found in ZHONE 2015-10-12
lyon yang s gmail com

Malware

PWS:MSIL/Logbro.A
Backdoor:Win32/Slackbot.F
TrojanDropper:MSIL/Mutra
Backdoor:Win32/Dradkiter.A
HackTool:Win64/Mikatz
TrojanDownloader:O97M/Daoyap.A
TrojanDropper:MSIL/Hostwack.A
TrojanDownloader:Win32/Fikoter.A
Backdoor:Win32/Warood.B
Backdoor:Win32/Warood.A

Phishing

PayPal	13th October 2015
YOUR PAYPAL ACCOUNT WILL BE CLOSED !
Services Info	13th October 2015
RESTORE
Chase	13th October 2015
Your account has been temporary locked !
Barclays PLC.	12th October 2015
NEW DOCUMENT IS AVAILABLE.

Vulnerebility

SANS News

October 2015 Microsoft Patch Tuesday

Threatpost

Adobe Patches 69 Vulnerabilities in Reader, Acrobat, Flash

Netgear Published Patched Firmware for Routers Under Attack

Exploit

ZHONE < S3.0.501 - Multiple Vulnerabilities

F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - File Path Traversal Vulnerability

Netgear Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities

Kerio Control <= 8.6.1 - Multiple Vulnerabilities

libsndfile 1.0.25 - Heap Overflow

CDex Genre 1.79 - Stack Buffer Overflow

12.10.2015

Bugtraq

CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin 2015-10-12
grajalerts gmail com

CVE-2015-7682: Multiple Blind SQL Injections in Pie Register WordPress Plugin 2015-10-12
grajalerts gmail com

CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin 2015-10-12
grajalerts gmail com

Multiple Remote Code Execution found in ZHONE 2015-10-12
lyon yang s gmail com

[SYSS-2015-034] MATESO Password Safe and Repository Enterprise - SQL Injection 2015-10-12
matthias deeg syss de

[SYSS-2015-037] MATESO Password Safe and Repository Enterprise - Insufficiently Protected Credentials 2015-10-12
matthias deeg syss de

Multiple Vulnerabilities found in ZHONE 2015-10-12
lyon yang s gmail com

ESA-2015-153 EMC SourceOne Email Supervisor Security Update for Multiple Security Vulnerabilities 2015-10-11
Security Alert (Security_Alert emc com)

[SECURITY] [DSA 3371-1] spice security update 2015-10-09
Salvatore Bonaccorso (carnil debian org)

Malware

TrojanDownloader:Win32/Maliku.A
TrojanDownloader:Win32/Upatre.CQ
HackTool:Win32/Gambigubo.A
Backdoor:Win32/Venik.O
TrojanDownloader:Win32/Zawwi.A
Win32/Brambul
Win32/Joanap

Infostealer.Shifu

Phishing

AOL	12th October 2015
Essential Maintenance for sunmtnsft@aol.com
Lloyds	11th October 2015
Lloyds Bank Alert

Vulnerebility

SANS News

Data Visualization,What is your Tool of Choice

Threatpost

Exploit

Tomabo MP4 Converter 3.10.12 - 3.11.12 (.m3u) Denial of service (Crush application)

10.10.2015

Bugtraq

[SECURITY] [DSA 3371-1] spice security update 2015-10-09
Salvatore Bonaccorso (carnil debian org)

Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows) 2015-10-09
Nicholas Lemonias. (lem nikolas googlemail com)

FreeYouTubeToMP3 Converter 4.0.1 - Buffer Overflow Vulnerability 2015-10-09
Vulnerability Lab (research vulnerability-lab com)

W150D Wireless N 150 ADSL2 Modem Router - Cross Site Request Forgery Vulnerability 2015-10-09
Vulnerability Lab (research vulnerability-lab com)

PayPal Inc Bug Bounty #119 - URL Redirect Web Vulnerability 2015-10-09
Vulnerability Lab (research vulnerability-lab com)

WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability 2015-10-09
Vulnerability Lab (research vulnerability-lab com)

Malware

Phishing

MR DAVID	9th October 2015
**** BULK** GREETINGS MY DEAR
Info	9th October 2015
****The Yahoo ! Mail Team*****

Vulnerebility

SANS News

ISC Two Factor Authentication Update

GnuPG (GPG) 2.1.9 release announced

Threatpost

Exploit

9.10.2015

Bugtraq

Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows) 2015-10-09
Nicholas Lemonias. (lem nikolas googlemail com)

FreeYouTubeToMP3 Converter 4.0.1 - Buffer Overflow Vulnerability 2015-10-09
Vulnerability Lab (research vulnerability-lab com)

W150D Wireless N 150 ADSL2 Modem Router - Cross Site Request Forgery Vulnerability 2015-10-09
Vulnerability Lab (research vulnerability-lab com)

PayPal Inc Bug Bounty #119 - URL Redirect Web Vulnerability 2015-10-09
Vulnerability Lab (research vulnerability-lab com)

WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability 2015-10-09
Vulnerability Lab (research vulnerability-lab com)

Veeam Backup & Replication Local Privilege Escalation Vulnerability 2015-10-08
ascii (ascii ush it)

[RT-SA-2015-006] Buffalo LinkStation Authentication Bypass 2015-10-08
RedTeam Pentesting GmbH (release redteam-pentesting de)

Potential vulnerabilites in PayPal Beacons 2015-10-08
securityresearch shaftek biz

Malware

TrojanSpy:BAT/Separ.C
SoftwareBundler:Win32/Pokavampo
Trojan:Win32/Patched.AP

Trojan.Stimilik

MSIL.Stimilik

Trojan.Cidox.E

Phishing

Info	9th October 2015
****The Yahoo ! Mail Team*****
Halifax UK	7th October 2015
Fw: new message

Vulnerebility

SANS News

Adobe Acrobat and Reader Pre-Announcement

Threatpost

Amazon Inspector Addresses Compliance and Security Challenge

Adobe to Patch Reader and Acrobat Next Week

Exploit

VeryPDF Image2PDF Converter SEH Buffer Overflow

8.10.2015

Bugtraq

Advanced Information Security Corporation, Security Advisory (Oracle's MYSQL v5.6.24 Latest - Buffer Overflows) Repost 2015-10-07
Nicholas Lemonias. (lem nikolas googlemail com)

[REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities 2015-10-07
Matteo Beccati (matteo beccati com)

A comprehensive study of Huawei 3G routers - XSS, CSRF, DoS, unauthenticated firmware update, RCE 2015-10-07
Pierre Kim (pierre kim sec gmail com)

RE: Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img 2015-10-07
Alexandre Herzog (Alexandre Herzog csnc ch)

Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows) 2015-10-07
lem nikolas gmail com

[SECURITY] [DSA 3369-1] zendframework security update 2015-10-06
Alessandro Ghedini (ghedo debian org)

[SECURITY] [DSA 3370-1] freetype security update 2015-10-06
Alessandro Ghedini (ghedo debian org)

Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows) 2015-10-07
Nicholas Lemonias. (lem nikolas googlemail com)

Zope Management Interface CSRF vulnerabilities 2015-10-07
apparitionsec gmail com

[CVE-2015-7670] Multiple SQL Injection in Support Ticket System 1.2 WordPress plugin 2015-10-06
ibeptaz gmail com

Malware

TrojanDownloader:Win32/Upatre.CG
TrojanDownloader:Win32/Upatre.CF
TrojanDownloader:Win32/Brucryp.D
TrojanDropper:Win32/Latot.A
TrojanDownloader:Win32/Latot.A
TrojanSpy:MSIL/Logkayi.A
TrojanSpy:MSIL/Logadat.A

Phishing

Halifax UK	7th October 2015
Fw: new message
Summary Billing Account	7th October 2015
WE DISCOVERED IRREGULARITIES IN YOUR ACCOUNT, WE WILL CLOSE YOUR ACCOUNT FOR A WHILEâ€?

Vulnerebility

SANS News

Malicious spam with Word document

Threatpost

New Moker RAT Bypasses Detection

Kemoge Android Adware Campaign Can Lead to Device Takeover

Exploit

Zope Management Interface 4.3.7 - CSRF Vulnerabilities

7.10.2015

Bugtraq

Advanced Information Security Corporation, Security Advisory (Oracle's MYSQL v5.6.24 Latest - Buffer Overflows) Repost 2015-10-07
Nicholas Lemonias. (lem nikolas googlemail com)

[REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities 2015-10-07
Matteo Beccati (matteo beccati com)

A comprehensive study of Huawei 3G routers - XSS, CSRF, DoS, unauthenticated firmware update, RCE 2015-10-07
Pierre Kim (pierre kim sec gmail com)

RE: Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img 2015-10-07
Alexandre Herzog (Alexandre Herzog csnc ch)

Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows) 2015-10-07
lem nikolas gmail com

[SECURITY] [DSA 3369-1] zendframework security update 2015-10-06
Alessandro Ghedini (ghedo debian org)

[SECURITY] [DSA 3370-1] freetype security update 2015-10-06
Alessandro Ghedini (ghedo debian org)

Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows) 2015-10-07
Nicholas Lemonias. (lem nikolas googlemail com)

Zope Management Interface CSRF vulnerabilities 2015-10-07
apparitionsec gmail com

[CVE-2015-7670] Multiple SQL Injection in Support Ticket System 1.2 WordPress plugin 2015-10-06
ibeptaz gmail com

TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390 2015-10-07
Onur Yilmaz (onur netsparker com)

TestLink Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-7391 2015-10-07
Onur Yilmaz (onur netsparker com)

Local RedHat Enterprise Linux DoS â?? RHEL 7.3 Kernel crashes on invalid USB device descriptors (usbvision driver) 2015-10-07
Ralf Spenneberg (info os-t de) (1 replies)

Re: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (usbvision driver) 2015-10-07
Ralf Spenneberg (ralf os-t de)

Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img 2015-10-06
Alexandre Herzog (Alexandre Herzog csnc ch)

Malware

Hacktool.HDRoot

TrojanDownloader:MSIL/Banload.AA
TrojanDownloader:VBS/Banload.V
TrojanDownloader:Win32/Banload.CAC
TrojanDownloader:Win32/Quireap.B
TrojanSpy:Win32/Batlopma.A
PWS:Win32/Sekur.A!dha
TrojanDownloader:SWF/Esaprof.B
TrojanDropper:Win32/Tramox.A
Backdoor:Win32/Warood.C
TrojanDownloader:Win32/Badiehi.B

Phishing

Summary Billing Account	7th October 2015
WE DISCOVERED IRREGULARITIES IN YOUR ACCOUNT, WE WILL CLOSE YOUR ACCOUNT FOR A WHILEâ€?
PayPal	7th October 2015
[PAYPAL]: WARNING YOUR PAYPAL ACCOUNT WILL BE CLOSED !âœ” 06/10/2015 05:22:28
Apple ID	7th October 2015
YOUR APPIE ID HAS BEEN DISABLED FOR SECURITY REASONS !
Amazon	7th October 2015
Your Amazon Account Has Been Compromised
SGT.MONICA L BROWN	7th October 2015
Re

Vulnerebility

SANS News

Do Extortionists Get Paid?

Threatpost

Researchers Disrupt Angler Exploit Kit Ecosystem, Derail $30M Ransomware Campaign

Exploit

Zope Management Interface 4.3.7 - CSRF Vulnerabilities

6.10.2015

Bugtraq

Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img 2015-10-06
Alexandre Herzog (Alexandre Herzog csnc ch)

Advisory: web-based VM detection and coarse-grained fingerprinting 2015-10-05
Amit Klein (aksecurity gmail com)

LanWhoIs.exe 1.0.1.120 Stack Buffer Overflow 2015-10-06
apparitionsec gmail com

[security bulletin] HPSBUX03359 SSRT102094 rev.2 - HP-UX pppoec, local elevation of privilege 2015-10-05
security-alert hp com

[slackware-security] seamonkey (SSA:2015-274-03) 2015-10-01
Slackware Security Team (security slackware com)

[slackware-security] mozilla-thunderbird (SSA:2015-274-01) 2015-10-01
Slackware Security Team (security slackware com)

[slackware-security] php (SSA:2015-274-02) 2015-10-01
Slackware Security Team (security slackware com)

[security bulletin] HPSBST03418 rev.2 - HP P6000 Command View Software, Remote Disclosure of Information 2015-10-02
security-alert hp com

FTGate 2009 Build 6.4.00 CSRF Vulnerabilities 2015-10-02
apparitionsec gmail com

Malware

Backdoor:Win64/Warood.A

HTML/Costacas
Win32/Blakamba
TrojanProxy:MSIL/Utafajax.A

MSIL / Smeazymo.B

MSIL / Smeazymo.A

Phishing

Summary Billing Account	6th October 2015
WE DISCOVERED IRREGULARITIES IN YOUR ACCOUNT, WE WILL CLOSE YOUR ACCOUNT FOR A WHILEâ€?
Vanessa Craig	6th October 2015
SUPER QUICK FASTDOWN REQUEST
Apple	6th October 2015
Votre identifiant Apple vient d’être utilisé pour acheter « On Noir par Kaaris
MR DAVID	6th October 2015
**** BULK** GREETINGS MY DEAR
PayPal	6th October 2015
Your Account is Suspended

Vulnerebility

SANS News

Threatpost

YiSpecter iOS Malware Abuses Apple Enterprise Certs to Push Adware

Google Pushes Stagefright 2.0 Patches to Nexus Devices

Scottrade Breach Affects 4.6 Million Customers

Canceled Talk Re-Ignites Controversy Over Legitimate Security Research

Exploit

LanSpy 2.0.0.155 - Buffer Overflow

PHP-Fusion <= v7.02.07 - Blind SQL Injection

GLPI 0.85.5 - RCE Through File Upload Filter Bypass

LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow

Last PassBroker 3.2.16 - Stack-Based Buffer Overflow

5.10.2015

Bugtraq

[security bulletin] HPSBST03418 rev.2 - HP P6000 Command View Software, Remote Disclosure of Information 2015-10-02
security-alert hp com

FTGate 2009 Build 6.4.00 CSRF Vulnerabilities 2015-10-02
apparitionsec gmail com

CVE-2015-6237 - Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability 2015-10-02
Specto (specto custodela com)

[SYSS-2015-039] CSRF in OpenText Secure MFT 2015-10-02
adrian vollmer syss de

[ZDI-15-396] ManageEngine ServiceDesk Plus remote code execution 2015-10-02
Pedro Ribeiro (pedrib gmail com)

Qualys Security Advisory - OpenSMTPD Audit Report 2015-10-02
Qualys Security Advisory (qsa qualys com)

FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind [REVISED] 2015-10-02
FreeBSD Security Advisories (security-advisories freebsd org)

ZTE GPON F427 and possibly F460/F600 - authorization bypass and cleartext password storage 2015-10-02
jerzy patraszewski gmail com

Reflected Cross-Site Scripting (XSS) in SourceBans 2015-10-03
High-Tech Bridge Security Research (advisory htbridge ch)

Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin 2015-10-04
ibemed gmail com

Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin 2015-10-04
ibemed gmail com

Malware

TrojanProxy:MSIL/Utafajax.A

Phishing

PayPal	5th October 2015
[PAYPAL]: WARNING YOUR PAYPAL ACCOUNT WILL BE CLOSED !âœ” 05/10/2015 07:05:58
Web TeamÂ©2015	5th October 2015
*YOUR MAIL SECURITY ALART*
WelIs Fargo	5th October 2015
ACCOUNT UNUSUAL SIGN-ON ACTIVITY
Email Admin Center	5th October 2015
E-mail Suspension warning upgrade

Vulnerebility

SANS News

Cyber Security Awareness Month: Protecting Your Network From "Dave"

Threatpost

Experian Breach Spills Data on 15 Million T-Mobile Customers

Exploit

ManageEngine ServiceDesk Plus <= 9.1 build 9110 - Path Traversal

Zemra Botnet CnC Web Panel Remote Code Execution

Kaseya VSA uploader.aspx Arbitrary File Upload

Truecrypt 7 / VeraCrypt 1.13 - Drive Letter Symbolic Link Creation Privilege Escalation

LanSpy 2.0.0.155 - Buffer Overflow

2.10.2015

Bugtraq

[security bulletin] HPSBPV03516 rev.1 - HP VAN SDN Controller, Multiple Vulnerabilities 2015-10-01
security-alert hp com

[security bulletin] HPSBGN03424 rev.1 - HP Cloud Service Automation, Remote Authentication Bypass 2015-10-01
security-alert hp com

[SYSS-2015-001] Kaspersky Endpoint Security - Authentication Bypass 2015-10-01
matthias deeg syss de

[SYSS-2015-003] Kaspersky Small Office Security - Authentication Bypass 2015-10-01
matthias deeg syss de

[SYSS-2015-002] Kaspersky Endpoint Security - Use of One-Way Hash withouth a Salt 2015-10-01
matthias deeg syss de

[SYSS-2015-004] Kaspersky Small Office Security - Use of One-Way Hash withouth a Salt 2015-10-01
matthias deeg syss de

[SYSS-2015-006] Kaspersky Total Security - Use of One-Way Hash withouth a Salt 2015-10-01
matthias deeg syss de

[SYSS-2015-005] Kaspersky Total Security - Authentication Bypass 2015-10-01
matthias deeg syss de

[SYSS-2015-008] Kaspersky Internet Security - Use of One-Way Hash withouth a Salt 2015-10-01
matthias deeg syss de

[SYSS-2015-009] Kaspersky Anti-Virus - Authentication Bypass 2015-10-01
matthias deeg syss de

[SYSS-2015-007] Kaspersky Internet Security - Authentication Bypass 2015-10-01
matthias deeg syss de

[SYSS-2015-010] Kaspersky Anti-Virus - Use of One-Way Hash withouth a Salt 2015-10-01
matthias deeg syss de

APPLE-SA-2015-09-30-3 OS X El Capitan 10.11 2015-09-30
Apple Product Security (product-security-noreply lists apple com)

Malware

ELF_XORDDOS.AP

OSX/WireLurker.A

Win32/ToyPet.A

Phishing

Paypal Inc	2nd October 2015
[TEAM PAYPAL] : YOUR PAYPAL ACCOUNT WILL BE CLOSED !
Paypal Inc	1st October 2015
[TEAM PAYPAL] : YOUR PAYPAL ACCOUNT WILL BE CLOSED !

Vulnerebility

SANS News

BizCN gate actor update

Threatpost

HTTPS Available as Opt-In for Blogspot

Apple Patches 100+ Vulnerabilities in OS X, Safari, iOS

Dridex Banking Malware Back in Circulation

Exploit

Avast Antivirus X.509 Error Rendering Command Execution

PIXORD Vehicle 3G Wi-Fi Router 3GR-431P - Multiple Vulnerabilities

Bosch Security Systems Dinion NBN-498 Web Interface - XML Injection

Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation

FTGate 2009 Build 6.4.00 - Multiple Vulnerabilities

FTGate 7 - CSRF Vulnerabilities

ElasticSearch 1.6.0 - Arbitrary File Download

WinRar < 5.30 beta 4 - Settings Import Command Execution

1.10.2015

Bugtraq

[security bulletin] HPSBGN03424 rev.1 - HP Cloud Service Automation, Remote Authentication Bypass 2015-10-01
security-alert hp com

[SYSS-2015-001] Kaspersky Endpoint Security - Authentication Bypass 2015-10-01
matthias deeg syss de

[SYSS-2015-003] Kaspersky Small Office Security - Authentication Bypass 2015-10-01
matthias deeg syss de

[SYSS-2015-002] Kaspersky Endpoint Security - Use of One-Way Hash withouth a Salt 2015-10-01
matthias deeg syss de

[SYSS-2015-004] Kaspersky Small Office Security - Use of One-Way Hash withouth a Salt 2015-10-01
matthias deeg syss de

[SYSS-2015-006] Kaspersky Total Security - Use of One-Way Hash withouth a Salt 2015-10-01
matthias deeg syss de

[SYSS-2015-005] Kaspersky Total Security - Authentication Bypass 2015-10-01
matthias deeg syss de

[SYSS-2015-008] Kaspersky Internet Security - Use of One-Way Hash withouth a Salt 2015-10-01
matthias deeg syss de

[SYSS-2015-009] Kaspersky Anti-Virus - Authentication Bypass 2015-10-01
matthias deeg syss de

[SYSS-2015-007] Kaspersky Internet Security - Authentication Bypass 2015-10-01
matthias deeg syss de

[SYSS-2015-010] Kaspersky Anti-Virus - Use of One-Way Hash withouth a Salt 2015-10-01
matthias deeg syss de

APPLE-SA-2015-09-30-3 OS X El Capitan 10.11 2015-09-30
Apple Product Security (product-security-noreply lists apple com)

APPLE-SA-2015-09-30-2 Safari 9 2015-09-30
Apple Product Security (product-security-noreply lists apple com)

[security bulletin] HPSBST03502 rev.1 - HP 3PAR Service Processor (SP) SPOCC, Remote Disclosure of Information 2015-09-30
security-alert hp com

APPLE-SA-2015-09-30-01 iOS 9.0.2 2015-09-30
Apple Product Security (product-security-noreply lists apple com)

Malware

Trojan:Win32/Cuffahlt.B
Adware:Win32/Bayads
Ransom:Win32/Orxlocker.A

Infostealer.Centerpos

Downloader.Sapaviro

Trojan.Uverat

Phishing

Amazon Support Inc	30th September 2015
ACCOUNT VERIFICATION PROCESSES - HELP \| AMAZON PAYMENTS
activation	30th September 2015
YOU HAVE RECEIVED A VOICEMAIL
Mail	30th September 2015
UPDATE
service@intl-paypal.com	30th September 2015
[ PAYPAL ] : VIEW YOUR RECENT ACTIVITY . âœ” #PP =

Vulnerebility

SANS News

Recent trends in Nuclear Exploit Kit activity

Threatpost

Unsupported Honeywell Experion PKS Vulnerable to Public Attacks

Suspicious Windows 7 Update Actually an Accidental Microsoft ‘Test’ Update

Apple Gatekeeper Bypass Opens Door for Malicious Code

Exploit

Dropbox < 3.3.x - OSX FinderLoadBundle Local Root Exploit

MakeSFX.exe 1.44 - Stack Buffer Overflow