Databáze Hot News 2018 August - 2018 January February March April May June July August September October November December

30.8.2018

Bugtraq

 

Malware

 

Phishing

Apple Support

30th August 2018

RE: [ Notification Alerts ] [
Update Statement Info ] We
have sent an email about your
information account has

Vulnerebility

Microsoft Windows LSASS Buffer Overrun Vulnerability
2018-08-30
http://www.securityfocus.com/bid/10108

Apache Struts CVE-2018-11776 Remote Code Execution Vulnerability
2018-08-30
http://www.securityfocus.com/bid/105125

Microsoft Windows Task Scheduler ALPC Interface Local Privilege Escalation Vulnerability
2018-08-29
http://www.securityfocus.com/bid/105153

Wireshark Multiple Denial of Service Vulnerabilities
2018-08-29
http://www.securityfocus.com/bid/105174

Symantec Norton Identity Safe CVE-2018-12240 Privilege Escalation Vulnerability
2018-08-29
http://www.securityfocus.com/bid/105146

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-08-28
http://www.securityfocus.com/bid/102376

SANS News

 

Threatpost

Critical Flaws in Syringe Pump, Device Gateways Threaten Patient Safety

BusyGasper Malware Packs a Simple but Potent Punch

Exploint

DLink DIR-601 - Credential Disclosure

WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting

Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal

Nord VPN 6.14.31 - Denial of Service (PoC)

29.8.2018

Bugtraq

 

Malware

Backdoor.Datper

Phishing

 

Vulnerebility

Microsoft Windows Task Scheduler ALPC Interface Local Privilege Escalation Vulnerability
2018-08-29
http://www.securityfocus.com/bid/105153

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-08-28
http://www.securityfocus.com/bid/102376

Apache Struts CVE-2018-11776 Remote Code Execution Vulnerability
2018-08-28
http://www.securityfocus.com/bid/105125

Cisco Data Center Network Manager CVE-2018-0464 Directory Traversal Vulnerability
2018-08-28
http://www.securityfocus.com/bid/105159

Microsoft Windows CVE-2018-0886 Remote Code Execution Vulnerability
2018-08-27
http://www.securityfocus.com/bid/103265

SANS News

3D Printers in The Wild, What Can Go Wrong?

OctoPrint 3D Web Interfaces: EXPOSED, Port 5000 default

Threatpost

Microsoft Windows Zero-Day Found in Task Scheduler

Facebook Flaw Allowed Remote Commands

Adobe Pushes Out Unscheduled Creative Cloud Application Fix

Crashing Mobile Apps Capture Screens, Leak Private Data

Microsoft Windows Zero-Day Found in Task Scheduler

Exploint

Windows/x64 (10) - WoW64 Egghunter Shellcode (50 bytes)

Linux/x86 - IPv6 Reverse TCP Shellcode Generator (94 bytes)

Linux/x86 - Dual Network Stack (IPv4 and IPv6) Bind TCP Shellcode

Linux/ARM - execve("/bin/sh", ["/bin/sh"], NULL) Shellcode (32 Bytes)

Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes)

Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure

Argus Surveillance DVR 4.0.0.0 - Directory Traversal

Episerver 7 patch 4 - XML External Entity Injection

phpMyAdmin 4.7.x - Cross-Site Request Forgery

R 3.4.4 - Buffer Overflow (SEH)

SIPP 3.3 - Stack-Based Buffer Overflow

Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of ...

Fathom 2.4 - Denial Of Service (PoC)

ipPulse 1.92 - 'TCP Port' Denial of Service (PoC)

Immunity Debugger 1.85 - Denial of Service (PoC)

NASA openVSP 3.16.1 - Denial of Service (PoC)

28.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple CPU Hardware CVE-2017-5715 Information Disclosure Vulnerability
2018-08-28
http://www.securityfocus.com/bid/102376

Apache Struts CVE-2018-11776 Remote Code Execution Vulnerability
2018-08-28
http://www.securityfocus.com/bid/105125

Microsoft Windows CVE-2018-0886 Remote Code Execution Vulnerability
2018-08-27
http://www.securityfocus.com/bid/103265

OpenSSH CVE-2018-15473 User Enumeration Vulnerability
2018-08-27
http://www.securityfocus.com/bid/105140

SANS News

"When was this machine infected?"

Threatpost

AT Command Hitch Leaves Android Phones Open to Attack

Fortnite Android App Falls Victim to Man-in-the-Disk Flaw

Cross-Site Scripting Flaw in Apache ActiveMQ Threatens Web Visitors

Exploint

Cisco Network Assistant 6.3.3 - 'Cisco Login' Denial of Service (PoC)

Schneider Electric BMX P34 CPU B - Open Redirect

UltraISO 9.7.1.3519 - Buffer Overflow (SEH)

Microsoft Windows - JScript RegExp.lastIndex Use-After-Free

Instagram App 41.1788.50991.0 - Denial of Service (PoC)

27.8.2018

Bugtraq

 

Malware

Backdoor.Fallchill

Phishing

 

Vulnerebility

Microsoft Windows CVE-2018-0886 Remote Code Execution Vulnerability
2018-08-27
http://www.securityfocus.com/bid/103265

OpenSSH CVE-2018-15473 User Enumeration Vulnerability
2018-08-27
http://www.securityfocus.com/bid/105140

Ansible Tower CVE-2018-10884 Cross Site Request Forgery Vulnerability
2018-08-24
http://www.securityfocus.com/bid/105136

SANS News

"When was this machine infected?"

Threatpost

 

Exploint

Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC)

Firefox 55.0.3 - Denial of Service (PoC)

HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit)

Electron WebPreferences - Remote Code Execution

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1)

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2)

WordPress Plugin Plainview Activity Monitor 20161228 - Command Injection

Responsive FileManager < 9.13.4 - Directory Traversal

Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection

LiteCart 2.1.2 - Arbitrary File Upload

Sentrifugo HRMS 3.2 - 'deptid' SQL Injection

RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)

Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin)

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting

WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection

Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit)

CuteFTP 5.0 - Buffer Overflow

Adobe Flash - AVC Processing Out-of-Bounds Read

Libpango 1.40.8 - Denial of Service (PoC)

26.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Ansible Tower CVE-2018-10884 Cross Site Request Forgery Vulnerability
2018-08-24
http://www.securityfocus.com/bid/105136

Eclipse OpenJ9 CVE-2018-12539 Multiple Privilege Escalation Vulnerabilities
2018-08-23
http://www.securityfocus.com/bid/105126

IBM Java SDK CVE-2018-1517 Denial of Service Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105117

IBM Java SDK CVE-2018-1656 Directory Traversal Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105118

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-08-23
http://www.securityfocus.com/bid/103713

SANS News

Identifying numeric obfuscation

Threatpost

T-Mobile Alerts 2.3 Million Customers of Data Breach Tied to Leaky API

Exploint

Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)

SkypeApp 12.8.487.0 - 'Cuenta de Skype o Microsoft' Denial of Service (PoC)

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting

WordPress Plugin Gift Voucher 1.0.5 - 'template_id' SQL Injection

24.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Ansible Tower CVE-2018-10884 Cross Site Request Forgery Vulnerability
2018-08-24
http://www.securityfocus.com/bid/105136

Eclipse OpenJ9 CVE-2018-12539 Multiple Privilege Escalation Vulnerabilities
2018-08-23
http://www.securityfocus.com/bid/105126

IBM Java SDK CVE-2018-1517 Denial of Service Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105117

IBM Java SDK CVE-2018-1656 Directory Traversal Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105118

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-08-23
http://www.securityfocus.com/bid/103713

IBM Tivoli Application Dependency Discovery Manager Cross Site Request Forgery Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105135

EMC RSA Archer GRC CVE-2018-11065 SQL Injection Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105128

SANS News

Microsoft Publisher Files Delivering Malware

Threatpost

Apache Struts 2 Flaw Uncovered: ‘More Critical Than Equifax Bug’

Researchers Blame ‘Monolithic’ Linux Code Base for Critical Vulnerabilities

Recent App Issues Reveal Facebook’s Struggles to Temper Data Privacy Woes

DNC: Highly Publicized ‘Phishing Attempt’ Was Only a Security Test

Exploint

Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)

PCViewer vt1000 - Directory Traversal

Twitter-Clone 1 - 'code' SQL Injection

StyleWriter 4 1.0 - Denial of Service (PoC)

SkypeApp 12.8.487.0 - 'Cuenta de Skype o Microsoft' Denial of Service (PoC)

Epiphany Web Browser 3.28.1 - Denial of Service (PoC)

23.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Eclipse OpenJ9 CVE-2018-12539 Multiple Privilege Escalation Vulnerabilities
2018-08-23
http://www.securityfocus.com/bid/105126

IBM Java SDK CVE-2018-1517 Denial of Service Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105117

IBM Java SDK CVE-2018-1656 Directory Traversal Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105118

Paramiko CVE-2018-7750 Authentication Bypass Vulnerability
2018-08-23
http://www.securityfocus.com/bid/103713

EMC RSA Archer GRC CVE-2018-11065 SQL Injection Vulnerability
2018-08-23
http://www.securityfocus.com/bid/105128

SANS News

Simple Phishing Through formcrafts.com

Threatpost

Researchers Blame ‘Monolithic’ Linux Code Base for Critical Vulnerabilities

Unpatched Ghostscript Flaws Allow Remote Takeover of Systems

DNC: Highly Publicized ‘Phishing Attempt’ Was Only a Security Test

Triout Malware Carries Out Extensive, Targeted Android Surveillance

Exploint

PCViewer vt1000 - Directory Traversal

Twitter-Clone 1 - 'code' SQL Injection

Windows 10 Diagnostics Hub Standard Collector Service - Privilege Escalation

Epiphany Web Browser 3.28.1 - Denial of Service (PoC)

CuteFTP 8.3.1 - Denial of Service (PoC)

22.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Openlinux\SunOS\Windows NT\HP-UX Denial of Service Vulnerability
2018-08-22
http://www.securityfocus.com/bid/80175

Unix Echo and Chargen CVE-1999-0103 Remote Security Vulnerability
2018-08-22
http://www.securityfocus.com/bid/80171

Apache Struts CVE-2018-11776 Remote Code Execution Vulnerability
2018-08-22
http://www.securityfocus.com/bid/105125

Microsoft Internet Explorer VBScript Engine CVE-2018-8174 Arbitrary Code Execution Vulnerability
2018-08-21
http://www.securityfocus.com/bid/103998

SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-08-21
http://www.securityfocus.com/bid/104106

RETIRED: SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-08-21
http://www.securityfocus.com/bid/105076

Microsoft Internet Explorer CVE-2018-8373 Remote Memory Corruption Vulnerability
2018-08-21
http://www.securityfocus.com/bid/105037

SANS News

 

Threatpost

Airmail 3 Exploit Instantly Steals Info from Apple Users

Belkin IoT Smart Plug Flaw Allows Remote Code Execution in Smart Homes

Exploint

Geutebrueck re_porter 16 - Cross-Site Scripting

Geutebrueck re_porter 7.8.974.20 - Credential Disclosure

KingMedia 4.1 - Remote Code Execution

ZyXEL VMG3312-B10B - Cross-Site Scripting

Windows 10 Diagnostics Hub Standard Collector Service - Privilege Escalation

Ghostscript - Multiple Vulnerabilities

Project64 2.3.2 - Buffer Overflow (SEH)

Easyboot 6.6.0 - Denial Of Service (PoC)

UltraISO 9.7.1.3519 - Denial Of Service (PoC)

Textpad 7.6.4 - Denial Of Service (PoC)

21.8.2018

Bugtraq

 

Malware

 

Phishing

Amazon Order

21st August 2018

Amazon Order Confirmation

Walmart Order

21st August 2018

Thank You For Buying From
Walmart

eBay Collections

21st August 2018

KEEP YOUR ACCOUNT IN GOOD
STANDING - PAYMENT NEEDED

Vulnerebility

Microsoft Internet Explorer VBScript Engine CVE-2018-8174 Arbitrary Code Execution Vulnerability
2018-08-21
http://www.securityfocus.com/bid/103998

SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-08-21
http://www.securityfocus.com/bid/104106

RETIRED: SAP Identity Management CVE-2018-2416 XML External Entity Injection Vulnerability
2018-08-21
http://www.securityfocus.com/bid/105076

Microsoft Internet Explorer CVE-2018-8373 Remote Memory Corruption Vulnerability
2018-08-21
http://www.securityfocus.com/bid/105037

Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
2018-08-20
http://www.securityfocus.com/bid/105080

Symantec Encryption Management Server CVE-2018-5243 Denial of Service Vulnerability
2018-08-20
http://www.securityfocus.com/bid/105062

SANS News

OpenSSH user enumeration (CVE-2018-15473)

Malicious DLL Loaded Through AutoIT

Threatpost

Side-Channel PoC Attack Lifts Private RSA Keys from Mobile Phones

Google Faces Legal Turmoil After Location Tracking Debacle

Canadian Telcos Patch an APT-Ready Flaw in Disability Services

Exploint

Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)

Twitter-Clone 1 - 'userid' SQL Injection

Project64 2.3.2 - Denial Of Service (PoC)

OpenSSH 7.7 - Username Enumeration

Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection

20.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
2018-08-20
http://www.securityfocus.com/bid/105080

Symantec Encryption Management Server CVE-2018-5243 Denial of Service Vulnerability
2018-08-20
http://www.securityfocus.com/bid/105062

Cisco Web Security Appliance CVE-2018-0428 Local Privilege Escalation Vulnerability
2018-08-17
http://www.securityfocus.com/bid/105104

Adobe Flash Player CVE-2018-12828 Unspecified Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105071

Adobe Flash Player CVE-2018-12825 Unspecified Security Bypass Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105070

SANS News

 

Threatpost

GandCrab’s Rotten EGGs Hatch Ransomware in South Korea

Darkhotel Exploits Microsoft Zero-Day VBScript Flaw

Philips Vulnerability Exposes Sensitive Cardiac Patient Information

Exploint

Easylogin Pro 1.3.0 - Encryptor.php Unserialize Remote Code Execution

SEIG Modbus 3.4 - Remote Code Execution

SEIG SCADA System 9 - Remote Code Execution

WordPress Plugin Tagregator 0.6 - Cross-Site Scripting

MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Request Forgery

WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection

Prime95 29.4b7 - Denial Of Service (PoC)

Restorator 1793 - Denial of Service (PoC)

Zortam MP3 Media Studio 23.95 - Denial of Service (PoC)

SEIG Modbus 3.4 - Denial of Service (PoC)

19.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Video: Peeking into msg files - revisited

Threatpost

Severe PHP Exploit Threatens WordPress Sites with Remote Code Execution

Exploint

 

17.8.2018

Bugtraq

 

Malware

Exp.CVE-2018-8414

Exp.CVE-2018-8373

RANSOM_PRINCESSLOCKER.B

Win32/Filecoder.Ouroboros.A

Win32/TrojanDownloader.Agent.EAT

MSIL/Agent.RY

Phishing

Apple Support

17th August 2018

[ News Statements Reports ] [
Updated Privacy Policy ] New
Update Your Payments - Thanks!
your order from App

Vulnerebility

Cisco Web Security Appliance CVE-2018-0428 Local Privilege Escalation Vulnerability
2018-08-17
http://www.securityfocus.com/bid/105104

Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
2018-08-17
http://www.securityfocus.com/bid/105080

Adobe Flash Player CVE-2018-12828 Unspecified Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105071

Adobe Flash Player CVE-2018-12825 Unspecified Security Bypass Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105070

Adobe Flash Player APSB18-25 Multiple Information Disclosure Vulnerabilities
2018-08-16
http://www.securityfocus.com/bid/105066

Microsoft .NET Framework CVE-2018-8284 Remote Code Execution Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104667

Microsoft Windows Device Guard CVE-2018-8221 Local Security Bypass Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104338

Microsoft Windows DirectX Graphics Kernel CVE-2018-8406 Local Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105012

Microsoft Windows DirectX Graphics Kernel CVE-2018-8405 Local Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105011

Microsoft Windows GDI Component CVE-2018-8394 Information Disclosure Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105001

Microsoft Windows Graphics Component CVE-2018-8344 Remote Code Execution Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104983

Microsoft Windows NDIS CVE-2018-8343 Local Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104982

Microsoft Windows Shell CVE-2018-8414 Remote Code Execution Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105016

Emerson DeltaV Multiple Security Vulnerabilities
2018-08-16
http://www.securityfocus.com/bid/105105

Multiple Philips Products Buffer Overflow and Hardcoded Credentials Security Bypass Vulnerabilities
2018-08-16
http://www.securityfocus.com/bid/105103

Tridium Niagara Directory Traversal and Authentication-Bypass Vulnerabilities
2018-08-16
http://www.securityfocus.com/bid/105101

SANS News

Back to the 90's: FragmentSmack

Threatpost

Severe PHP Exploit Threatens WordPress Sites with Remote Code Execution

AT&T Faces $224M Legal Challenge Over SIM-Jacking Rings

Highly Flexible Marap Malware Enters the Financial Scene

‘China’s MIT’ Linked to Espionage Campaign Against Alaska, Economic Partners

Exploint

Microsoft Edge Chakra JIT - InitializeNumberFormat and InitializeDateTimeFormat Type...

Microsoft Edge Chakra JIT - 'InlineArrayPush' Type Confusion

Microsoft Edge Chakra JIT - 'DictionaryPropertyDescriptor::CopyFrom' Type Confusion

Microsoft Edge Chakra JIT - Scope Parsing Type Confusion

Microsoft Edge Chakra JIT - ImplicitCallFlags Check Bypass with Intl

CEWE Photoshow 6.3.4 - Denial of Service (PoC)

Central Management Software 1.4.13 - Denial of Service (PoC)

OpenSSH 2.3 < 7.4 - Username Enumeration (PoC)

Mikrotik WinBox 6.42 - Credential Disclosure (golang)

ADM 3.1.2RHG1 - Remote Code Execution

WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData()' Buffer Overflow (PoC)

16.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
2018-08-16
http://www.securityfocus.com/bid/105080

Adobe Flash Player CVE-2018-12828 Unspecified Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105071

Adobe Flash Player CVE-2018-12825 Unspecified Security Bypass Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105070

Adobe Flash Player APSB18-25 Multiple Information Disclosure Vulnerabilities
2018-08-16
http://www.securityfocus.com/bid/105066

Microsoft .NET Framework CVE-2018-8284 Remote Code Execution Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104667

Microsoft Windows Device Guard CVE-2018-8221 Local Security Bypass Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104338

Microsoft Windows DirectX Graphics Kernel CVE-2018-8406 Local Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105012

Microsoft Windows DirectX Graphics Kernel CVE-2018-8405 Local Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105011

Microsoft Windows GDI Component CVE-2018-8394 Information Disclosure Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105001

Microsoft Windows Graphics Component CVE-2018-8344 Remote Code Execution Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104983

Microsoft Windows NDIS CVE-2018-8343 Local Privilege Escalation Vulnerability
2018-08-16
http://www.securityfocus.com/bid/104982

Microsoft Windows Shell CVE-2018-8414 Remote Code Execution Vulnerability
2018-08-16
http://www.securityfocus.com/bid/105016

NTP CVE-2016-1549 Remote Security Vulnerability
2018-08-15
http://www.securityfocus.com/bid/88200

NTP CVE-2018-7185 Denial of Service Vulnerability
2018-08-15
http://www.securityfocus.com/bid/103339

NTP CVE-2018-7184 Denial of Service Vulnerability
2018-08-15
http://www.securityfocus.com/bid/103192

NTP CVE-2018-7170 Incomplete Fix Remote Security Vulnerability
2018-08-15
http://www.securityfocus.com/bid/103194

NTP CVE-2018-7182 Information Disclosure Vulnerability
2018-08-15
http://www.securityfocus.com/bid/103191

NTP CVE-2018-7183 Buffer Overflow Vulnerability
2018-08-15
http://www.securityfocus.com/bid/103351

Multiple SAP Products Multiple Unspecified Security Vulnerabilities
2018-08-15
http://www.securityfocus.com/bid/103723

NTP CVE-2018-12327 Stack Buffer Overflow Vulnerability
2018-08-15
http://www.securityfocus.com/bid/104517

SAP BusinessObjects Business Intelligence CVE-2018-2446 Information Disclosure Vulnerability
2018-08-15
http://www.securityfocus.com/bid/105089

OpenSSL CVE-2018-0737 Side Channel Attack Information Disclosure Vulnerability
2018-08-14
http://www.securityfocus.com/bid/103766

OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-08-14
http://www.securityfocus.com/bid/104442

Multiple VMware Products CVE-2018-6973 Out-Of-Bounds Write Local Code Execution Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105094

Apache HTTP Server CVE-2016-4975 HTTP Response Splitting Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105093

SAP HANA Extended Application Services CVE-2018-2451 Information Disclosure Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105091

SAP Kernel and Change and Transport System CVE-2018-2441 Security Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105090

SAP User Interface Technology CVE-2018-2434 Unspecified Content Spoofing Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105088

SAP BusinessObjects Financial Consolidation CVE-2018-2444 Cross Site Scripting Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105087

Samba CVE-2018-10858 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105085

SANS News

Truncating Payloads and Anonymizing PCAP files

More malspam pushing password-protected Word docs for AZORult and Hermes Ransomware

Threatpost

Open MQTT Servers Raise Physical Threats in Smart Homes

Google Chrome Bug Opens Access to Private Facebook Information

BlackIoT Botnet: Can Water Heaters, Washers Bring Down the Power Grid?

Office 365 Phishing Campaign Hides Malicious URLs in SharePoint Files

Microsoft Flaw Allows Full Multi-Factor Authentication Bypass

Exploint

Pimcore 5.2.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery

Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection

OpenEMR 5.0.1.3 - Arbitrary File Actions

WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData()' Buffer Overflow (PoC)

Central Management Software 1.4.13 - Denial of Service (PoC)

ObserverIP Scan Tool 1.4.0.1 - Denial of Service (PoC)

TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC)

15.8.2018

Bugtraq

 

Malware

Exp.CVE-2018-12799

Exp.CVE-2018-12824

Exp.CVE-2018-12827

Exp.CVE-2018-12826

Phishing

 

Vulnerebility

Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
2018-08-15
http://www.securityfocus.com/bid/105080

OpenSSL CVE-2018-0737 Side Channel Attack Information Disclosure Vulnerability
2018-08-14
http://www.securityfocus.com/bid/103766

OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-08-14
http://www.securityfocus.com/bid/104442

Samba CVE-2018-1139 Remote Security Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105084

Samba CVE-2018-10918 Remote Denial of Service Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105083

Samba CVE-2018-1140 Remote Denial of Service Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105082

Samba CVE-2018-10919 Access Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105081

Adobe Experience Manager CVE-2018-5005 Cross Site Scripting Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105073

Adobe Flash Player CVE-2018-12828 Unspecified Privilege Escalation Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105071

Adobe Flash Player CVE-2018-12825 Unspecified Security Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105070

Adobe Acrobat and Reader APSB18-29 Multiple Arbitrary Code Execution Vulnerabilities
2018-08-14
http://www.securityfocus.com/bid/105069

Adobe Experience Manager CVE-2018-12807 Security Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105068

Adobe Experience Manager CVE-2018-12806 Cross Site Scripting Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105067

Adobe Flash Player APSB18-25 Multiple Information Disclosure Vulnerabilities
2018-08-14
http://www.securityfocus.com/bid/105066

Adobe Creative Cloud Desktop Application DLL Loading Local Privilege Escalation Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105065

Microsoft Windows Diagnostics Hub CVE-2018-0952 Local Privilege Escalation Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105048

Microsoft Edge CVE-2018-8390 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105041

Microsoft Internet Explorer and Edge CVE-2018-8385 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105039

Microsoft Internet Explorer and Edge CVE-2018-8372 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105038

Microsoft Internet Explorer CVE-2018-8373 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105037

Microsoft Internet Explorer CVE-2018-8389 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105036

Microsoft Internet Explorer CVE-2018-8371 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105035

Microsoft Internet Explorer CVE-2018-8353 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105034

Microsoft Internet Explorer and Edge CVE-2018-8403 Remote Memory Corruption Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105033

Microsoft Windows Installer CVE-2018-8339 DLL Loading Local Privilege Escalation Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105030

Microsoft Windows ADFS CVE-2018-8340 Security Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105029

Microsoft Windows LNK CVE-2018-8346 Remote Code Execution Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105028

Microsoft Windows LNK CVE-2018-8345 Remote Code Execution Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105027

Microsoft Edge CVE-2018-8388 Spoofing Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105025

Microsoft Edge CVE-2018-8383 Spoofing Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105024

SANS News

Microsoft August 2018 Patch Tuesday

Threatpost

Intel CPUs Undermined By Fresh Speculative Execution Flaws

Podcast: Bugcrowd Founder on Printer Bugs, IoT Bounty Hunting and New VDP Project

Microsoft Flaw Allows Full Multi-Factor Authentication Bypass

ThreatList: Financial-Themed Phishing Hooks Targets in Q2

Patch Tuesday: Microsoft Addresses Two Zero-Days in 60-Flaw Roundup

Victims Lose Access to Thousands of Photos as Instagram Hack Spreads

Patch Tuesday: Microsoft Addresses Two Zero-Days in 60-Flaw Roundup

Intel CPUs Undermined By Fresh Speculative Execution Flaws

Adobe Patch Tuesday: Fixes for Critical Acrobat and Reader Flaws

Victims Lose Access to Thousands of Photos as Instagram Hack Spreads

Google Services Track User Movements In Privacy Faux Pas

Exploint

ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass

ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution / SQL Injection

JioFi 4G M2S 1.0.2 - Denial of Service (PoC)

Cloudme 1.9 - Buffer Overflow (DEP) (Metasploit)

Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit)

cgit 1.2.1 - Directory Traversal (Metasploit)

Wansview 1.0.2 - Denial of Service (PoC)

14.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Adobe Experience Manager CVE-2018-5005 Cross Site Scripting Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105073

Adobe Flash Player CVE-2018-12828 Unspecified Privilege Escalation Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105071

Adobe Acrobat and Reader APSB18-29 Multiple Arbitrary Code Execution Vulnerabilities
2018-08-14
http://www.securityfocus.com/bid/105069

Adobe Experience Manager CVE-2018-12807 Security Bypass Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105068

Adobe Experience Manager CVE-2018-12806 Cross Site Scripting Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105067

Adobe Flash Player APSB18-25 Multiple Information Disclosure Vulnerabilities
2018-08-14
http://www.securityfocus.com/bid/105066

Adobe Creative Cloud Desktop Application DLL Loading Local Privilege Escalation Vulnerability
2018-08-14
http://www.securityfocus.com/bid/105065

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-08-13
http://www.securityfocus.com/bid/104232

Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/102893

VMware vCenter Server CVE-2015-1047 Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76932

VMware vCenter Server CVE-2015-2342 Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76930

OpenSLP 'SLPDProcessMessage()' Function Double Free Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76635

Linux Kernel 'tcp_input.c' Remote Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/104976

SANS News

New Extortion Tricks: Now Including Your (Partial) Phone Number!

Threatpost

Adobe Patch Tuesday: Fixes for Critical Acrobat and Reader Flaws

Google Services Track User Movements In Privacy Faux Pas

Black Hat Exclusive Video: The IoT Security Threat Looms for Enterprises

Microsoft Flaw Allows Full Multi-Factor Authentication Bypass

Researchers Break IPsec VPN Connections with 20-Year-Old Protocol Flaw

Exploint

Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit)

cgit 1.2.1 - Directory Traversal (Metasploit)

Cloudme 1.9 - Buffer Overflow (DEP) (Metasploit)

Wansview 1.0.2 - Denial of Service (PoC)

13.8.2018

Bugtraq

 

Malware

JS.Cesaletat

Phishing

 

Vulnerebility

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability
2018-08-13
http://www.securityfocus.com/bid/104232

Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/102893

SANS News

A URL shortener handy for phishers

Threatpost

DEF CON 2018: Voting Hacks Prompt Push Back from Election Officials, Vendors

DEF CON 2018: Apple 0-Day (Re)Opens Door to ‘Synthetic’ Mouse-Click Attack

Black Hat Video Exclusive: Mobile APTs Redefining Phishing Attacks

DEF CON 2018: ‘Man in the Disk’ Attack Surface Affects All Android Phones

Black Hat 2018: IoT Security Issues Will Lead to Legal ‘Feeding Frenzy’

GoDaddy Leaks ‘Map of the Internet’ via Amazon S3 Cloud Bucket Misconfig

DEF CON 2018: Critical Bug Opens Millions of HP OfficeJet Printers to Attack

DEF CON 2018: Hacking Medical Protocols to Change Vital Signs

Exploint

Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit)

Android - Directory Traversal over USB via Injection in blkid Output

PostgreSQL 9.4-0.5.3 - Privilege Escalation

Monitoring software iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow

Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC)

PLC Wireless Router GPN2.4P21-C-CN - Denial of Service

Acunetix WVS 10.0 Build 20150623 - Denial of Service (PoC)

IP Finder 1.5 - Denial of Service (PoC)

Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)

Microsoft DirectX SDK - 'Xact.exe' Remote Code Execution

IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting

12.8.2018

Bugtraq

 

Malware

 

Phishing

OFFICE FILE

12th August 2018

INTERNATIONAL MONETARY FUND
AGENCY

Calculation Letter

10th August 2018

P800 (PAYE) taxrevenue
calculations 2016/17 � what to
do.

Vulnerebility

 

SANS News

Peeking into msg files - revisited

Threatpost

DEF CON 2018: Telltale URLs Leak PII to Dozens of Third Parties

Black Hat 2018: Widespread Critical Flaws Found in Smart-City Gear

Black Hat 2018: Google Bug Hunter Urges Apple to Change its iOS Security Culture

Exploint

 

10.8.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/102893

VMware vCenter Server CVE-2015-1047 Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76932

VMware vCenter Server CVE-2015-2342 Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76930

OpenSLP 'SLPDProcessMessage()' Function Double Free Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/76635

Linux Kernel 'tcp_input.c' Remote Denial of Service Vulnerability
2018-08-10
http://www.securityfocus.com/bid/104976

FasterXML Jackson-databind CVE-2018-7489 Incomplete Fix Remote Code Execution Vulnerability
2018-08-10
http://www.securityfocus.com/bid/103203

Multiple Medtronic Isulin Pumps Authentication Bypass and Information Disclosure Vulnerabilities
2018-08-09
http://www.securityfocus.com/bid/105044

SANS News

Hunting SSL/TLS clients using JA3

Threatpost

 

Exploint

Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)

reSIProcate 1.10.2 - Heap Overflow

Zimbra 8.6.0_GA_1153 - Cross-Site Scripting

iSmartViewPro 1.5 - 'Password' Buffer Overflow

MyBB Like Plugin 3.0.0 - Cross-Site Scripting

MyBB Thank You/Like Plugin 3.0.0 - Cross-Site Scripting

9.8.2018

Bugtraq

[SECURITY] [DSA 4267-1] kamailio security update 2018-08-08
Salvatore Bonaccorso (carnil debian org)

[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2 2018-08-08
Joachim De Zutter (dezutterjoachim gmail com)

CA20180802-01: Security Notice for CA API Developer Portal 2018-08-08
Kotas, Kevin J (Kevin Kotas ca com)

[CVE-2018-14429] man-cgi < 1.16 Local File Include 2018-08-08
eL_Bart0 (eL_Bart0 protonmail ch)

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 2018-08-08
Michael Catanzaro (mcatanzaro igalia com)

Malware

Trojan.Nibatad

MSH.Dropper

Phishing

 

Vulnerebility

Multiple Medtronic Isulin Pumps Authentication Bypass and Information Disclosure Vulnerabilities
2018-08-09
http://www.securityfocus.com/bid/105044

Multiple HP Inkjet Printers Multiple Stack Buffer Overflow Vulnerabilities
2018-08-08
http://www.securityfocus.com/bid/105010

Apache CouchDB CVE-2018-11769 Remote Code Execution Vulnerability
2018-08-08
http://www.securityfocus.com/bid/105046

SANS News

 

Threatpost

TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)

TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)

osTicket 1.10.1 - Arbitrary File Upload

Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read

reSIProcate 1.10.2 - Heap Overflow

Black Hat 2018: Google’s Tabriz Talks Complex Security Landscapes

Podcast: Black Hat USA 2018 Preview

Black Hat 2018: Mixed Signal Microcontrollers Open to Side-Channel Attacks

Exploint

osTicket 1.10.1 - Arbitrary File Upload

LG-Ericsson iPECS NMS 30M - Directory Traversal

iSmartViewPro 1.5 - 'Account' Buffer Overflow

iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow

TP-Link Wireless N Router WR840N - Denial of Service (PoC)

8.8.2018

Bugtraq

[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2 2018-08-08
Joachim De Zutter (dezutterjoachim gmail com)

CA20180802-01: Security Notice for CA API Developer Portal 2018-08-08
Kotas, Kevin J (Kevin Kotas ca com)

[CVE-2018-14429] man-cgi < 1.16 Local File Include 2018-08-08
eL_Bart0 (eL_Bart0 protonmail ch)

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 2018-08-08
Michael Catanzaro (mcatanzaro igalia com)

New VMSA-2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability 2018-08-07
VMware Security Response Center (security vmware com)

RE: [FD] Executable installers are vulnerable^WEVIL (case 56):arbitrary code execution WITH escalation of privilege via rufus*.exe 2018-08-06
Andrius Duksta (duk danskebank lt)

Malware

 

Phishing

 

Vulnerebility

Multiple HP Inkjet Printers Multiple Stack Buffer Overflow Vulnerabilities
2018-08-08
http://www.securityfocus.com/bid/105010

Linux Kernel 'tcp_input.c' Remote Denial of Service Vulnerability
2018-08-07
http://www.securityfocus.com/bid/104976

Mozilla Firefox and Firefox ESR Multiple Unspecified Memory Corruption Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104556

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104561

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104560

Mozilla Firefox and Firefox ESR CVE-2018-12361 Integer Overflow Vulnerability
2018-08-07
http://www.securityfocus.com/bid/104558

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104555

SANS News

What Do I Need To Know about "SegmentSmack"

Threatpost

Patrick Wardle on Breaking and Bypassing MacOS Firewalls

Threatlist: Manufacturing, a Top Target for Espionage

Fresh Approach to WiFi Cracking Uses Packet-Sniffing

Cybersecurity Certifications: Why They Matter and How to Know Which Ones To Pursue

Exploint

OpenEMR < 5.0.1 - Remote Code Execution

iSmartViewPro 1.5 - 'Account' Buffer Overflow

iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow

7.8.2018

Bugtraq

RE: [FD] Executable installers are vulnerable^WEVIL (case 56):arbitrary code execution WITH escalation of privilege via rufus*.exe 2018-08-06
Andrius Duksta (duk danskebank lt)

FreeBSD Security Advisory FreeBSD-SA-18:08.tcp 2018-08-06
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 4266-1] linux security update 2018-08-06
Salvatore Bonaccorso (carnil debian org)

Malware

 

Phishing

 

Vulnerebility

Mozilla Firefox and Firefox ESR Multiple Unspecified Memory Corruption Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104556

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104561

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104560

Mozilla Firefox and Firefox ESR CVE-2018-12361 Integer Overflow Vulnerability
2018-08-07
http://www.securityfocus.com/bid/104558

Mozilla Firefox and Firefox ESR Multiple Security Vulnerabilities
2018-08-07
http://www.securityfocus.com/bid/104555

PHP Multiple Heap Buffer Overflow Vulnerabilities
2018-08-06
http://www.securityfocus.com/bid/104871

Microsoft Edge CVE-2018-0871 Information Disclosure Vulnerability
2018-08-06
http://www.securityfocus.com/bid/104339

Linux Kernel 'tcp_input.c' Remote Denial of Service Vulnerability
2018-08-06
http://www.securityfocus.com/bid/104976

Multiple Dell EMC Products CVE-2018-1244 Remote Command Injection Vulnerability
2018-08-06
http://www.securityfocus.com/bid/104964

Apache OpenWhisk CVE-2018-11757 Serverless Function Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104913

Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104915

SANS News

 

Threatpost

Microsoft Adds Direct Trust for Let’s Encrypt

Threatlist: Financial Services Firms Lag in Patching Habits

Exploint

QNap QVR Client 5.0.3.23100 - Denial of Service (PoC)

OpenEMR < 5.0.1 - Remote Code Execution

Open-AudIT Community 2.2.6 - Cross-Site Scripting

Monstra 3.0.4 - Cross-Site Scripting

onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)

LAMS < 3.1 - Cross-Site Scripting

Subrion CMS 4.2.1 - Cross-Site Scripting

6.8.2018

Bugtraq

[SECURITY] [DSA 4262-1] symfony security update 2018-08-03
Moritz Muehlenhoff (jmm debian org)

[SECURITY] [DSA 4265-1] xml-security-c security update 2018-08-05
Moritz Muehlenhoff (jmm debian org)

[slackware-security] lftp (SSA:2018-214-01) 2018-08-02
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4260-1] libmspack security update 2018-08-02
Salvatore Bonaccorso (carnil debian org)

Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9 2018-08-02
Stefan Kanthak (stefan kanthak nexgo de)

Malware

 

Phishing

Amazon

5th August 2018

Amazon account verification

Service PayPal

4th August 2018

Account Alert

PayPal lnc.

3rd August 2018

We noticed some significant
changes to your account
activities. on August 3, 2018,
1:50 am [ Tickets ID: YYCSA

Vulnerebility

PHP Multiple Heap Buffer Overflow Vulnerabilities
2018-08-06
http://www.securityfocus.com/bid/104871

Microsoft Edge CVE-2018-0871 Information Disclosure Vulnerability
2018-08-06
http://www.securityfocus.com/bid/104339

Multiple Dell EMC Products CVE-2018-1244 Remote Command Injection Vulnerability
2018-08-06
http://www.securityfocus.com/bid/104964

Apache OpenWhisk CVE-2018-11757 Serverless Function Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104913

Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104915

SuSE openSUSE Build Service CVE-2018-12466 Security Bypass Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104958

SANS Ne

Numeric obfuscation: another example

Threatpost

Top iPhone Supplier Battles WannaCry Infection

Exploint

 

5.8.2018

Bugtraq

[slackware-security] lftp (SSA:2018-214-01) 2018-08-02
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4260-1] libmspack security update 2018-08-02
Salvatore Bonaccorso (carnil debian org)

Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9 2018-08-02
Stefan Kanthak (stefan kanthak nexgo de)

[slackware-security] blueman (SSA:2018-213-01) 2018-08-02
Slackware Security Team (security slackware com)

Malware

Win32/Spy.Buhtrap.L

Phishing

PayPal lnc.

3rd August 2018

We noticed some significant
changes to your account
activities. on August 3, 2018,
1:50 am [ Tickets ID: YYCSA

Vulnerebility

Apache OpenWhisk CVE-2018-11757 Serverless Function Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104913

Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104915

SuSE openSUSE Build Service CVE-2018-12466 Security Bypass Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104958

Apache Tomcat CVE-2018-8034 Security Bypass Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104895

Microsoft Visual Studio CVE-2018-8172 Remote Code Execution Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104616

Symfony CVE-2018-14773 Security Bypass Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104943

Cisco Identity Services Engine CVE-2018-0413 Cross Site Request Forgery Vulnerability
2018-08-01
http://www.securityfocus.com/bid/104950

Cisco Unified Communications Manager CVE-2018-0411 Cross Site Scripting Vulnerability
2018-08-01
http://www.securityfocus.com/bid/104949

SANS News

My Honeypot is Trendy, My Honeypot is Unpopular

Dealing with numeric obfuscation in malicious scripts

Threatpost

Salesforce.com Warns Marketing Customers of Data Leakage SNAFU

Consumer DNA Testing Takes a Step Towards Privacy, Transparency

Threatlist: SMB Security Challenges Grow with the Cloud

ThreatList: Spam’s Revival is Tied to Adobe Flash’s Demise

Exploint

 

3.8.2018

Bugtraq

[slackware-security] lftp (SSA:2018-214-01) 2018-08-02
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4260-1] libmspack security update 2018-08-02
Salvatore Bonaccorso (carnil debian org)

Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9 2018-08-02
Stefan Kanthak (stefan kanthak nexgo de)

[slackware-security] blueman (SSA:2018-213-01) 2018-08-02
Slackware Security Team (security slackware com)

CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe 2018-08-01
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4259-1] ruby2.3 security update 2018-07-31
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

 

Vulnerebility

Apache OpenWhisk CVE-2018-11757 Serverless Function Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104913

Apache OpenWhisk CVE-2018-11756 Remote Code Execution Vulnerability
2018-08-03
http://www.securityfocus.com/bid/104915

Apache Tomcat CVE-2018-8034 Security Bypass Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104895

Microsoft Visual Studio CVE-2018-8172 Remote Code Execution Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104616

Symfony CVE-2018-14773 Security Bypass Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104943

Cisco Identity Services Engine CVE-2018-0413 Cross Site Request Forgery Vulnerability
2018-08-01
http://www.securityfocus.com/bid/104950

SANS News

 

Threatpost

Huge Cryptomining Attack on ISP-Grade Routers Spreads Globally

Phishing Campaign Steals Money From Industrial Companies

ThreatList: Spam’s Revival is Tied to Adobe Flash’s Demise

DOJ Nabs Three FIN7 Cybercrime Suspects in Europe

Exploint

 

2.8.2018

Bugtraq

[slackware-security] blueman (SSA:2018-213-01) 2018-08-02
Slackware Security Team (security slackware com)

CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe 2018-08-01
Stefan Kanthak (stefan kanthak nexgo de)

[SECURITY] [DSA 4259-1] ruby2.3 security update 2018-07-31
Moritz Muehlenhoff (jmm debian org)

[slackware-security] seamonkey (SSA:2018-212-02) 2018-07-31
Slackware Security Team (security slackware com)

Malware

 

Phishing

 

Vulnerebility

Microsoft Visual Studio CVE-2018-8172 Remote Code Execution Vulnerability
2018-08-02
http://www.securityfocus.com/bid/104616

Intel Puma CVE-2017-5693 Denial of Service Vulnerability
2018-07-31
http://www.securityfocus.com/bid/104941

Davolink DVW-3200N CVE-2018-10618 Information Disclosure Vulnerability
2018-07-31
http://www.securityfocus.com/bid/104940

SANS News

DHL-themed malspam reveals embedded malware in animated gif

Threatpost

Steam Bans Developer After Outcry Over Cryptomining, Scam Items

Bevy of Android Apps Harbor Hidden Malicious Windows Executables

DOJ Nabs Three FIN7 Cybercrime Suspects in Europe

Exploint

ipPulse 1.92 - 'Licence Key' Denial of Service (PoC)

Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service (PoC)

Linux/ARM - Reverse (::1:4444/TCP) Shell +IPv6 Shellcode (116 Bytes)

1.8.2018

Bugtraq

[SECURITY] [DSA 4259-1] ruby2.3 security update 2018-07-31
Moritz Muehlenhoff (jmm debian org)

[slackware-security] seamonkey (SSA:2018-212-02) 2018-07-31
Slackware Security Team (security slackware com)

[slackware-security] file (SSA:2018-212-01) 2018-07-31
Slackware Security Team (security slackware com)

[SECURITY] [DSA 4258-1] ffmpeg security update 2018-07-29
Moritz Muehlenhoff (jmm debian org)

Malware

 

Phishing

United Airline

31st July 2018

Your account is locked

Sir. Peter James

31st July 2018

Re: Dear beloved Joshua Bruce,
secret information I am
waiting for your response

Vulnerebility

 

SANS News

Exploiting the Power of Curl

Threatpost

Connected Car Apps Open Privacy Hole For Used Car Owners

HP Offers Up to $10,000 Rewards for Printer Bugs

Facebook Removes 17 Profiles Involved in Political Meddling

ThreatList: Business Email Compromises Way Up for Q2

Complex Malvertising Scheme Impacts Multiple Levels of Web Economy

Podcast: Why Bitcoin Miners Target Critical Infrastructure Networks

Exploint