Databáze Hot News 2018 November - 2018 January February March April May June July August September October November December

30.11.2018

Bugtraq

 

Malware

 Trojan.Click3.27430

AndroidOS_FraudBot.OPS

TrojanSpy.Win32.TRICKBOT.AL

Worm.Win32.BLADABINDI.AA

BKDR_BINLODR.ZNFJ-A

COINMINER.WIN32.MALXMR.TIAOODAM

TrojanSpy.Win32.TRICKBOT.AK

TSPY_TRICKBOT.THOIBEAI

Backdoor.Win32.REMCOS.TICOGBZ
TROJANSPY.WIN32.GOLROTED.THAOOEAH

Backdoor.Linux.SETAG.RPA

Phishing

CyberMonday@amazon.co.uk actio

29th November 2018

Your Cyber Monday Amazon
coupon. Save up to 50%!
¨¨

Account alert

28th November 2018

Avoid mailbox deactivation
 

Vulnerebility

IBM Case Manager CVE-2018-1884 Arbitrary File Overwrite Vulnerability
2018-11-30
http://www.securityfocus.com/bid/105946

Joomla Event Booking Extension 'com_eventbooking' Arbitrary File Download Vulnerability
2018-11-29
http://www.securityfocus.com/bid/106042

Linux Kernel 'cdrom_ioctl_select_disc()' Local Information Disclosure Vulnerability
2018-11-29
http://www.securityfocus.com/bid/106041

Schneider Electric Software Update CVE-2018-7799 DLL Loading Local Code Execution Vulnerability
2018-11-28
http://www.securityfocus.com/bid/105951

SANS News

CoinMiners searching for hosts

Russian language malspam pushing Shade (Troldesh) ransomware

Threatpost

Dell Warns of Attempted Breach on Network

Microsoft Warns of Two Apps That Expose Private Keys

Exploint

Mac OS X - libxpc MITM Privilege Escalation (Metasploit)

Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)

TeamCity Agent - XML-RPC Command Execution (Metasploit)

PHP imap_open - Remote Code Execution (Metasploit)

Unitrends Enterprise Backup - bpserverd Privilege Escalation (Metasploit)

WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the 'ForInContext' Object

WebKit JIT - 'ByteCodeParser::handleIntrinsicCall' Type Confusion

WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion

29.11.2018

Bugtraq

 

Malware

 

Phishing

Account alert

28th November 2018

Avoid mailbox deactivation

Vulnerebility

Schneider Electric Software Update CVE-2018-7799 DLL Loading Local Code Execution Vulnerability
2018-11-28
http://www.securityfocus.com/bid/105951

Samba CVE-2018-16851 Remote Denial of Service Vulnerability
2018-11-27
http://www.securityfocus.com/bid/106027

SANS News

More obfuscated shell scripts: Fake MacOS Flash update

Threatpost

Widespread Malvertising Campaign Hijacks 300 Million Sessions

Cheetah Mobile Blames SDKs for Rampant Ad Fraud in Its Android Apps

Cisco Re-Issues Patch For High-Severity WebEx Flaw

Exploint

Netgear Devices - Unauthenticated Remote Command Execution (Metasploit)

28.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Samba CVE-2018-16841 Remote Denial of Service Vulnerability
2018-11-27
http://www.securityfocus.com/bid/106023

Samba CVE-2018-14629 Remote Denial of Service Vulnerability
2018-11-27
http://www.securityfocus.com/bid/106022

Multiple Pivotal Cloud Foundry Products CVE-2018-15759 Access Bypass Vulnerability
2018-11-27
http://www.securityfocus.com/bid/106019

Kiwi Syslog Server and Kiwi CatTools Local Privilege Escalation Vulnerability
2018-11-26
http://www.securityfocus.com/bid/105974

TIBCO Statistica Server CVE-2018-18807 Cross Site Scripting Vulnerability
2018-11-26
http://www.securityfocus.com/bid/106021

Linux Kernel CVE-2018-16862 Local Security Bypass Vulnerability
2018-11-24
http://www.securityfocus.com/bid/106009

SANS News

Obfuscated bash script targeting QNap boxes

Threatpost

 

Exploint

Xorg X11 Server - SUID privilege escalation (Metasploit)

Arm Whois 3.11 - Buffer Overflow (ASLR)

ELBA5 5.8.0 - Remote Code Execution

Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal

27.11.2018

Bugtraq

 

Malware

Linux.BtcMine.174,

Android.Banker.2876 

Phishing

 

Vulnerebility

IBM Case Manager CVE-2018-1884 Arbitrary File Overwrite Vulnerability
2018-11-30
http://www.securityfocus.com/bid/105946

Kiwi Syslog Server and Kiwi CatTools Local Privilege Escalation Vulnerability
2018-11-26
http://www.securityfocus.com/bid/105974

Xen HLE Constructs Denial of Service Vulnerability
2018-11-23
http://www.securityfocus.com/bid/105954

SANS News

ViperMonkey: VBA maldoc deobfuscation

Threatpost

 

Exploint

Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal

No-Cms 1.0 - 'order_by' SQL Injection

No-Cms 1.0 - 'order_by' SQL Injection

Ticketly 1.0 - 'kind_id' SQL Injection

Wordpress Plugins Easy Testimonials 3.2 - Cross-Site Scripting

Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials

MariaDB Client 10.1.26 - Denial of Service (PoC)

26.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Xen HLE Constructs Denial of Service Vulnerability
2018-11-23
http://www.securityfocus.com/bid/105954

Grafana CVE-2018-19039 Information Disclosure Vulnerability
2018-11-23
http://www.securityfocus.com/bid/105994

Libsndfile 'sndfile.c' Denial of Service Vulnerability
2018-11-22
http://www.securityfocus.com/bid/105996

VMware Workstation and Fusion CVE-2018-6983 Local Integer Overflow Vulnerability
2018-11-22
http://www.securityfocus.com/bid/105986

SANS News

Video: Dissecting a CVE-2017-18822 Exploit

Threatpost

Old Printer Vulnerabilities Die Hard

ThreatList: One-Third of Firms Say Their Container Security Lags

Exploint

 

23.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Xen HLE Constructs Denial of Service Vulnerability
2018-11-23
http://www.securityfocus.com/bid/105954

Grafana CVE-2018-19039 Information Disclosure Vulnerability
2018-11-23
http://www.securityfocus.com/bid/105994

Libsndfile 'sndfile.c' Denial of Service Vulnerability
2018-11-22
http://www.securityfocus.com/bid/105996

VMware Workstation and Fusion CVE-2018-6983 Local Integer Overflow Vulnerability
2018-11-22
http://www.securityfocus.com/bid/105986

SANS News

Moby the Shark

Threatpost

As Black Friday Looms, IoT Gadgets Take the Risk Spotlight

Zero-Trust Frameworks: Securing the Digital Transformation

Emotet’s Thanksgiving Campaign Delivers New Recipes for Compromise

Exploint

 

22.11.2018

Bugtraq

 

Malware

 

Phishing

Amazon Order

21st November 2018

AMAZON ORDER CONFIRMATION

Vulnerebility

OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability
2018-11-21
http://www.securityfocus.com/bid/105758

OpenSSL CVE-2018-5407 Side Channel Attack Information Disclosure Vulnerability
2018-11-21
http://www.securityfocus.com/bid/105897

VMware vSphere Data Protection CVE-2018-11076 OS Command Injection Vulnerability
2018-11-20
http://www.securityfocus.com/bid/105972

SANS News

Divided Payload in Multiple Pasties

Threatpost

FCC Addresses Robocalling – But Questions Remain

Emotet’s Thanksgiving Campaign Delivers New Recipes for Compromise

Exploint

WebOfisi E-Ticaret V4 - 'urun' SQL Injection

WordPress CherryFramework Themes 3.1.4 - Backup File Download

21.11.2018

Bugtraq

 

Malware

 

Phishing

Amazon Order

21st November 2018

AMAZON ORDER CONFIRMATION

service@intl.paypal.com

20th November 2018

Reminder: Your account will be
limited until you provide some
additional information!

Microsoft

20th November 2018

Microsoft service provider
 

Vulnerebility

IBM Case Manager CVE-2018-1884 Arbitrary File Overwrite Vulnerability
2018-11-30
http://www.securityfocus.com/bid/105946

OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability
2018-11-21
http://www.securityfocus.com/bid/105758

OpenSSL CVE-2018-5407 Side Channel Attack Information Disclosure Vulnerability
2018-11-21
http://www.securityfocus.com/bid/105897

VMware vSphere Data Protection CVE-2018-11076 OS Command Injection Vulnerability
2018-11-20
http://www.securityfocus.com/bid/105972

SANS News

Critical Vulnerability in Flash Player

Threatpost

Gmail Glitch Enables Anonymous Messages in Phishing Attacks

APT29 Re-Emerges After 2 Years with Widespread Espionage Campaign

Exploint

Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation

macOS 10.13 - 'workq_kernreturn' Denial of Service (PoC)

ImageMagick - Memory Leak

Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)

WebOfisi E-Ticaret V4 - 'urun' SQL Injection

WordPress CherryFramework Themes 3.1.4 - Backup File Download

Ticketly 1.0 - 'name' SQL Injection

20.11.2018

Bugtraq

 

Malware

 

Phishing

Microsoft

20th November 2018

Microsoft service provider

Vulnerebility

IBM Case Manager CVE-2018-1884 Arbitrary File Overwrite Vulnerability
2018-11-30
http://www.securityfocus.com/bid/105946

Oracle Java SE/Java SE Embedded CVE-2018-3139 Remote Security Vulnerability
2018-11-19
http://www.securityfocus.com/bid/105602

Oracle Java SE/Java SE Embedded CVE-2018-3136 Remote Security Vulnerability
2018-11-19
http://www.securityfocus.com/bid/105601

Oracle Java SE/Java SE Embedded CVE-2018-13785 Remote Security Vulnerability
2018-11-19
http://www.securityfocus.com/bid/105599

Oracle Java SE/Java SE Embedded/JRockit CVE-2018-3214 Remote Security Vulnerability
2018-11-19
http://www.securityfocus.com/bid/105615

SANS News

Quering DShield from Cortex

Threatpost

Cryptojacking Attack Targets Make-A-Wish Foundation Website

Ford Eyes Use of Customers’ Personal Data to Boost Profits

Olympic Destroyer Wiper Changes Up Infection Routine

VisionDirect Blindsided by Magecart in Data Breach

Exploint

MacOS 10.13 - 'workq_kernreturn' Denial of Service (PoC)

Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)

19.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Oracle Java SE/Java SE Embedded CVE-2018-3139 Remote Security Vulnerability
2018-11-19
http://www.securityfocus.com/bid/105602

Oracle Java SE/Java SE Embedded CVE-2018-3136 Remote Security Vulnerability
2018-11-19
http://www.securityfocus.com/bid/105601

Oracle Java SE/Java SE Embedded CVE-2018-13785 Remote Security Vulnerability
2018-11-19
http://www.securityfocus.com/bid/105599

Oracle Java SE/Java SE Embedded/JRockit CVE-2018-3214 Remote Security Vulnerability
2018-11-19
http://www.securityfocus.com/bid/105615

Oracle Java SE/Java SE Embedded/JRockit CVE-2018-3180 Remote Security Vulnerability
2018-11-19
http://www.securityfocus.com/bid/105617

Oracle Java SE/Java SE Embedded/JRockit CVE-2018-3149 Remote Security Vulnerability
2018-11-19
http://www.securityfocus.com/bid/105608

Oracle Java SE/Java SE Embedded CVE-2018-3169 Remote Security Vulnerability
2018-11-19
http://www.securityfocus.com/bid/105587

Oracle Java SE/Java SE Embedded/JRockit CVE-2018-3183 Remote Security Vulnerability
2018-11-19
http://www.securityfocus.com/bid/105622

SANS News

Multipurpose PCAP Analysis Tool

Threatpost

Emoji Attack Can Kill Skype for Business Chat

Exploint

Microsoft Edge Chakra - OP_Memset Type Confusion

XMPlay 3.8.3 - '.m3u' Denial of Service (PoC)

HTML Video Player 1.2.5 - Buffer-Overflow (SEH)

18.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Quickly Investigating Websites with Lookyloo

Threatpost

Lock-Screen Bypass Bug Quietly Patched in Handsets

Gmail Glitch Offers Stealthy Trick for Phishing Attacks

Critical WordPress Flaw Grants Admin Access to Any Registered Site User

Exploint

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 - Cross-Site Scripting

Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection

Linux - Broken uid/gid Mapping for Nested User Namespaces

Easy Outlook Express Recovery 2.0 - Denial of Service (PoC)

Mumsoft Easy Software 2.0 - Denial of Service (PoC)

16.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Linux Kernel CVE-2018-18955 Local Privilege Escalation Vulnerability
2018-11-16
http://www.securityfocus.com/bid/105941

Siemens Multiple Products CVE-2018-4858 Access Bypass Vulnerability
2018-11-15
http://www.securityfocus.com/bid/105933

OpenSSL CVE-2018-5407 Side Channel Attack Information Disclosure Vulnerability
2018-11-14
http://www.securityfocus.com/bid/105897

SANS News

Basic Obfuscation With Permissive Languages

Threatpost

Bitcoin Giveaway Scam Balloons, with Google the Latest Victim

Ahead of Black Friday, Rash of Malware Families Takes Aim at Holiday Shoppers

Connected Wristwatch Allows Hackers to Stalk, Spy On Children

tRat Emerges as New Pet for APT Group TA505

Exploint

DomainMOD 4.11.01 - Cross-Site Scripting

Helpdezk 1.1.1 - Arbitrary File Upload

Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection

WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting

PHP Mass Mail 1.0 - Arbitrary File Upload

2-Plan Team 1.0.4 - Arbitrary File Upload

15.11.2018

Bugtraq

 

Malware

 

Phishing

TV Licensing

14th November 2018

Update your billing
information; 14 November,
2018.

Vulnerebility

Siemens Multiple Products CVE-2018-4858 Access Bypass Vulnerability
2018-11-15
http://www.securityfocus.com/bid/105933

OpenSSL CVE-2018-5407 Side Channel Attack Information Disclosure Vulnerability
2018-11-14
http://www.securityfocus.com/bid/105897

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-11-14
http://www.securityfocus.com/bid/103144

Asterisk Open Source Remote Buffer Overflow Vulnerability
2018-11-14
http://www.securityfocus.com/bid/105934

Amazon PayFort payfort-php-SDK Multiple Cross Site Scripting Vulnerabilities
2018-11-14
http://www.securityfocus.com/bid/105930

Siemens SIMATIC Panels Multiple Security Vulnerabilities
2018-11-14
http://www.securityfocus.com/bid/105922

SANS News

Emotet infection with IcedID banking Trojan

Threatpost

Pwn2Own Trifecta: Galaxy S9, iPhone X and Xiaomi Mi6 Fall to Hackers

Unpatched Android OS Flaw Allows Adversaries to Track User Location

Bitcoin Giveaway Scam Balloons, with Google the Latest Victim

Siemens Patches Firewall Flaw That Put Operations at Risk

Pwn2Own Trifecta: Galaxy S9, iPhone X and Xiaomi Mi6 Fall to Hackers

Exploint

Notepad3 1.0.2.350 - Denial of Service (PoC)

PHP 5.2.3 imap (Debian Based) - 'imap_open' Disable Functions Bypass

Atlassian Jira - Authenticated Upload Code Execution (Metasploit)

SwitchVPN for macOS 2.1012.03 - Privilege Escalation

Bosch Video Management System 8.0 - Configuration Client Denial of Service (PoC)

14.11.2018

Bugtraq

 

Malware

Ransom.Kraken

Phishing

 

Vulnerebility

OpenSSL CVE-2018-5407 Side Channel Attack Information Disclosure Vulnerability
2018-11-14
http://www.securityfocus.com/bid/105897

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-11-14
http://www.securityfocus.com/bid/103144

Dell EMC RecoverPoint Information Disclosure and Denial of Service Vulnerabilities
2018-11-14
http://www.securityfocus.com/bid/105916

Dell OpenManage Network Manager CVE-2018-15768 Remote Privilege Escalation Vulnerability
2018-11-14
http://www.securityfocus.com/bid/105914

Dell OpenManage Network Manager CVE-2018-15767 Authorization Bypass Vulnerability
2018-11-14
http://www.securityfocus.com/bid/105912

SANS News

Day in the life of a researcher: Finding a wave of Trickbot malspam

Threatpost

Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2

Exploint

Atlassian Jira - Authenticated Upload Code Execution (Metasploit)

Advanced Comment System 1.0 - SQL Injection

SwitchVPN for macOS 2.1012.03 - Privilege Escalation

EdTv 2 - 'id' SQL Injection

Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)

AMPPS 2.7 - Denial of Service (PoC)

Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password)

Helpdezk 1.1.1 - 'query' SQL Injection

iServiceOnline 1.0 - 'r' SQL Injection

ntpd 4.2.8p10 - Out-of-Bounds Read (PoC)

13.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-11-13
http://www.securityfocus.com/bid/103144

Adobe Flash Player Out-Of-Bounds Read CVE-2018-15978 Information Disclosure Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105909

SAP Disclosure Management CVE-2018-2487 Arbitrary File Overwrite Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105908

Adobe Acrobat and Reader CVE-2018-15979 Information Disclosure Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105907

SAP ABAP CVE-2018-2481 Remote Privilege Escalation Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105906

Adobe Photoshop CC CVE-2018-15980 Information Disclosure Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105905

SAP Basis CVE-2018-2478 Remote Code Execution Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105904

SAP BusinessObjects Business Intelligence Platform CVE-2018-2473 Denial of Service Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105903

SAP NetWeaver Knowledge Management CVE-2018-2477 XML External Entity Injection Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105901

SAP Mobile Secure for Android CVE-2018-2482 Denial of Service Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105900

SAP BusinessObjects Business Intelligence CVE-2018-2483 Security Bypass Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105899

SAP NetWeaver CVE-2018-2476 Open Redirection Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105898

Microsoft Dynamics 365 CVE-2018-8609 Remote Code Execution Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105894

Microsoft Skype for Business and Lync CVE-2018-8546 Denial of Service Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105802

Microsoft .NET Core CVE-2018-8416 Tampering Security Bypass Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105798

Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8589 Local Privilege Escalation Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105796

Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8565 Local Information Disclosure Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105791

Microsoft Windows Kernel 'Win32k.sys' CVE-2018-8562 Local Privilege Escalation Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105790

Microsoft Windows Kernel CVE-2018-8408 Local Information Disclosure Vulnerability
2018-11-13
http://www.securityfocus.com/bid/105789

SANS News

November 2018 Microsoft Patch Tuesday

Using the Neutrino ip-blocklist API to test general badness of an IP

Threatpost

Adobe Fixes Acrobat and Reader Flaw With Publicly-Available PoC

Google’s G Suite, Search and Analytics Taken Down in Hijacking

Unpatched Android OS Flaw Allows Adversaries to Track User Location

Podcast: IoT Firms Face a ‘Tidal Wave’ of Lawsuits, Attorney Explains

Exploint

Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode (58...

Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 - Denial of Service

Evince 3.24.0 - Command Injection

SIPve 0.0.2-R19 - SQL Injection

Webiness Inventory 2.3 - SQL Injection

Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin)

12.11.2018

Bugtraq

 

Malware

 

Phishing

Chase

12th November 2018

Service Update

Vulnerebility

FreeBSD TCP Reassembly CVE-2018-6922 Denial Of Service Vulnerability
2018-11-12
http://www.securityfocus.com/bid/105058

Google Chrome V8 Out of Bounds Memory Access Vulnerability
2018-11-12
http://www.securityfocus.com/bid/105879

SANS News

Community contribution: joining forces or multiply solutions?

Threatpost

New Boom in Facial Recognition Tech Prompts Privacy Alarms

Exploint

Nominas 0.27 - 'username' SQL Injection

D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery

ServerZilla 1.0 - 'email' SQL Injection

TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration...

Paroiciel 11.20 - 'tRecIdListe' SQL Injection

Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal

TufinOS 2.17 Build 1193 - XML External Entity Injection

Data Center Audit 2.6.2 - 'username' SQL Injection

HeidiSQL 9.5.0.5196 - Denial of Service (PoC)

11.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Community contribution: joining forces or multiply solutions?

Video: CyberChef: BASE64/XOR Recipe

Threatpost

Recently-Patched Adobe ColdFusion Flaw Exploited By APT

Lawsuits Aim Billions in Fines at Equifax and Ad-Targeting Companies

ThreatList: Google Play Nine Times Safer Than Third-Party App Stores

Exploint

 

9.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Apache Tomcat CVE-2018-8037 Information Disclosure Vulnerability
2018-11-09
http://www.securityfocus.com/bid/104894

Apache Tomcat CVE-2017-15706 Remote Security Weakness
2018-11-09
http://www.securityfocus.com/bid/103069

Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
2018-11-08
http://www.securityfocus.com/bid/104203

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-11-08
http://www.securityfocus.com/bid/103144

Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
2018-11-08
http://www.securityfocus.com/bid/103170

Apache Tomcat Native Connector CVE-2018-8019 Remote Security Vulnerability
2018-11-08
http://www.securityfocus.com/bid/104936

Apache Tomcat Native Connector CVE-2018-8020 Remote Security Vulnerability
2018-11-08
http://www.securityfocus.com/bid/104934

Apache Tomcat CVE-2018-1336 Denial of Service Vulnerability
2018-11-08
http://www.securityfocus.com/bid/104898

Apache Tomcat CVE-2018-8034 Security Bypass Vulnerability
2018-11-08
http://www.securityfocus.com/bid/104895

SANS News

Playing with T-POT

Threatpost

Pentagon Draws Back the Veil on APT Malware with Sudden Embrace of VirusTotal

Cisco Accidentally Released Dirty Cow Exploit Code in Software

‘DerpTroll’ Faces 10 Years in Prison for DDoSing Gaming Sites as a Teen

DJI Patches Forum Bug That Allowed Drone Account Takeovers

Exploint

Microsoft Windows 10 (Build 17134) - Local Privilege Escalation (UAC Bypass)

OpenSLP 2.0.0 - Multiple Vulnerabilities

8.11.2018

Bugtraq

 

Malware

Trojan.Fastcash

Phishing

 

Vulnerebility

Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
2018-11-08
http://www.securityfocus.com/bid/104203

Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
2018-11-08
http://www.securityfocus.com/bid/103144

Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
2018-11-08
http://www.securityfocus.com/bid/103170

Apache Tomcat Native Connector CVE-2018-8019 Remote Security Vulnerability
2018-11-08
http://www.securityfocus.com/bid/104936

Apache Tomcat Native Connector CVE-2018-8020 Remote Security Vulnerability
2018-11-08
http://www.securityfocus.com/bid/104934

Apache Tomcat CVE-2018-1336 Denial of Service Vulnerability
2018-11-08
http://www.securityfocus.com/bid/104898

Apache Tomcat CVE-2018-8034 Security Bypass Vulnerability
2018-11-08
http://www.securityfocus.com/bid/104895

Microsoft Office CVE-2017-11882 Memory Corruption Vulnerability
2018-11-07
http://www.securityfocus.com/bid/101757

Microsoft Windows Common Controls ActiveX Control CVE-2012-1856 Remote Code Execution Vulnerability
2018-11-07
http://www.securityfocus.com/bid/54948

Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability
2018-11-07
http://www.securityfocus.com/bid/93604

Cisco Content Security Management Appliance CVE-2018-15393 Cross Site Scripting Vulnerability
2018-11-07
http://www.securityfocus.com/bid/105858

Cisco Prime Service Catalog CVE-2018-15451 Cross Site Scripting Vulnerability
2018-11-07
http://www.securityfocus.com/bid/105857

Cisco Meeting Server CVE-2018-15446 Information Disclosure Vulnerability
2018-11-07
http://www.securityfocus.com/bid/105856

Cisco Integrated Management Controller Supervisor CVE-2018-15447 SQL Injection Vulnerability
2018-11-07
http://www.securityfocus.com/bid/105855

Oracle VM VirtualBox Privilege Escalation Vulnerability
2018-11-07
http://www.securityfocus.com/bid/105854

Cisco Stealthwatch Management Console CVE-2018-15394 Authentication Bypass Vulnerability
2018-11-07
http://www.securityfocus.com/bid/105853

SANS News

 

Threatpost

Apple Modernizes Its Hardware Security with T2

Rapidly Growing Router Botnet Takes Advantage of 5-Year-Old Flaw

Exploint

PlayJoom 0.10.1 - 'catid' SQL Injection

7.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Microsoft Office CVE-2017-11882 Memory Corruption Vulnerability
2018-11-07
http://www.securityfocus.com/bid/101757

Microsoft Windows Common Controls ActiveX Control CVE-2012-1856 Remote Code Execution Vulnerability
2018-11-07
http://www.securityfocus.com/bid/54948

Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability
2018-11-07
http://www.securityfocus.com/bid/93604

Multiple Roche Point of Care Handheld Medical Services Multiple Security Vulnerabilities
2018-11-06
http://www.securityfocus.com/bid/105843

Self-Encrypting Drives CVE-2018-12038 Local Security Bypass Vulnerability
2018-11-06
http://www.securityfocus.com/bid/105841

Self-Encrypting Drives CVE-2018-12037 Local Security Bypass Vulnerability
2018-11-06
http://www.securityfocus.com/bid/105840

Google Android Framework Component Multiple Privilege Escalation Vulnerabilities
2018-11-05
http://www.securityfocus.com/bid/105848

Google Android 'Framework' Component Multiple Security Vulnerabilities
2018-11-05
http://www.securityfocus.com/bid/105847

Google Android System CVE-2018-9457 Remote Privilege Escalation Vulnerability
2018-11-05
http://www.securityfocus.com/bid/105845

Google Android Media Framework CVE-2018-9347 Denial of Service Vulnerability
2018-11-05
http://www.securityfocus.com/bid/105844

Qualcomm Closed-Source Components Multiple Unspecified Vulnerabilities
2018-11-05
http://www.securityfocus.com/bid/105838

Circontrol CirCarLife ICSA-18-305-03 Multiple Security Vulnerabilities
2018-11-01
http://www.securityfocus.com/bid/105816

Microsoft Edge Unspecfied Remote Code Execution Vulnerability
2018-11-01
http://www.securityfocus.com/bid/105815

Texas Instruments Bluetooth Low Energy Chips CVE-2018-7080 Remote Code Execution Vulnerability
2018-11-01
http://www.securityfocus.com/bid/105814

Texas Instruments BLE-Stack CVE-2018-16986 Remote Code Execution Vulnerability
2018-11-01
http://www.securityfocus.com/bid/105812

SANS News

Tunneling scanners (or really anything) over SSH

Threatpost

HSBC Data Breach Hits Online Banking Customers

ThreatList: Despite Fraud Awareness, Password Reuse Persists for Half of U.S. Consumers

Samsung, Crucial’s Flawed Storage Drive Encryption Leaves Data Exposed

U.S. Elections True Test for Facebook’s Disinformation Crackdown

HSBC Data Breach Hits Online Banking Customers

ThreatList: Despite Fraud Awareness, Password Reuse Persists for Half of U.S. Consumers

Samsung, Crucial’s Flawed Storage Drive Encryption Leaves Data Exposed

Exploint

LibreHealth 2.0.0 - Arbitrary File Actions

OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection

OOP CMS BLOG 1.0 - 'search' SQL Injection

Grocery crud 1.6.1 - 'search_field' SQL Injection

VSAXESS V2.6.2.70 build20171226_053 - 'organization' Denial of Service (PoC)

eToolz 3.4.8.0 - Denial of Service (PoC)

Blue Server 1.1 - Denial of Service (PoC)

6.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

Malicious Powershell Script Dissection

Threatpost

Apache Struts Warns Users of Two-Year-Old Vulnerability

Newsmaker Interview: Tom Kellermann on Hacking the Midterm Elections

Passwords: Here to Stay, Despite Smart Alternatives?

PortSmash Side-Channel Attack Siphons Data From Intel, Other CPUs

Exploint

FaceTime - 'VCPDecompressionDecodeFrame' Memory Corruption

FaceTime - 'readSPSandGetDecoderParams' Stack Corruption

FaceTime - RTP Video Processing Heap Corruption

Voovi Social Networking Script 1.0 - 'user' SQL Injection

Royal TS/X - Information Disclosure

LiquidVPN 1.36 / 1.37 - Privilege Escalation

Morris Worm - fingerd Stack Buffer Overflow (Metasploit)

blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit)

Morris Worm - sendmail Debug Mode Shell Escape (Metasploit)

5.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

Circontrol CirCarLife ICSA-18-305-03 Multiple Security Vulnerabilities
2018-11-01
http://www.securityfocus.com/bid/105816

Microsoft Edge Unspecfied Remote Code Execution Vulnerability
2018-11-01
http://www.securityfocus.com/bid/105815

Texas Instruments Bluetooth Low Energy Chips CVE-2018-7080 Remote Code Execution Vulnerability
2018-11-01
http://www.securityfocus.com/bid/105814

Texas Instruments BLE-Stack CVE-2018-16986 Remote Code Execution Vulnerability
2018-11-01
http://www.securityfocus.com/bid/105812

Fr. Sauter AG CASE Suite CVE-2018-17912 XML External Entity Information Disclosure Vulnerability
2018-11-01
http://www.securityfocus.com/bid/105804

SANS News

Beyond good ol' LaunchAgent - part 1

Threatpost

PortSmash Side-Channel Attack Siphons Data From Intel, Other CPUs

Newsmaker Interview: Tom Kellermann on Hacking the Midterm Elections

Passwords: Here to Stay, Despite Smart Alternatives?

Exploint

Microsoft Internet Explorer 11 - Null Pointer Difference

Poppy Web Interface Generator 0.8 - Arbitrary File Upload

Virgin Media Hub 3.0 Router - Denial of Service (PoC)

WebVet 0.1a - 'id' SQL Injection

Advantech WebAccess SCADA 8.3.2 - Remote Code Execution

SiAdmin 1.1 - 'id' SQL Injection

Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel

Softros LAN Messenger 9.2 - Denial of Service (PoC)

Voovi Social Networking Script 1.0 - 'user' SQL Injection

Royal TS/X - Information Disclosure

PHP Proxy 3.0.3 - Local File Inclusion

4.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

TriJklcj2HIUCheDES decryption failed?

Dissecting a CVE-2017-11882 Exploit

Threatpost

 

Exploint

 

2.11.2018

Bugtraq

 

Malware

 

Phishing

 

Vulnerebility

 

SANS News

 

Threatpost

PoC Exploit Compromises Microsoft Live Accounts via Subdomain Hijacking

GDPR’s First 150 Days Impact on the U.S.

Yi IoT Home Camera Riddled with Code-Execution Vulnerabilities

Cisco Security Appliance Zero-Day Found Actively Exploited in the Wild

ThreatList: Fewer Big DDoS Attacks in Q3, Overall Rate Holds Steady

Exploint

Arm Whois 3.11 - Denial of Service (PoC)

WebDrive 18.00.5057 - Denial of Service (PoC)

Artha The Open Thesaurus 1.0.3.0 - Denial of Service (PoC)

qdPM 9.1 - 'filter_by' SQL Injection

Gate Pass Management System 2.1 - 'login' SQL Injection

Jelastic 5.4 - 'host' SQL Injection

Fantastic Blog CMS 1.0 - 'id' SQL Injection

Anviz AIM CrossChex Standard 4.3 - CSV Injection

1.11.2018

Bugtraq

 

Malware

 

Phishing

pstreet1

31st October 2018

Your AOL experience - 2 minute
survey!

Chase Notification

30th October 2018

Someone tried to access your
online banking

Vulnerebility

OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability
2018-10-31
http://www.securityfocus.com/bid/105758

Mozilla Thunderbird MFSA2018-28 Multiple Security Vulnerabilities
2018-10-31
http://www.securityfocus.com/bid/105769

PEPPERL+FUCHS CT50-Ex CVE-2016-9345 Local Privilege Escalation Vulnerability
2018-10-31
http://www.securityfocus.com/bid/105767

Dell EMC Integrated Data Protection Appliance Default Password Security Bypass Vulnerability
2018-10-31
http://www.securityfocus.com/bid/105764

SANS News

Windows Defender's Sandbox

Threatpost

Two Zero-Day Bugs Open Millions of Wireless Access Points to Attack

Apple Fixes Multiple macOS, iOS Bugs Including a Quirky FaceTime Vulnerability

Kraken Ransomware Upgrades Distribution with RaaS Model

Exploint

Arm Whois 3.11 - Denial of Service (PoC)

Arm Whois 3.11 - Denial of Service (PoC)

WebDrive 18.00.5057 - Denial of Service (PoC)

Artha The Open Thesaurus 1.0.3.0 - Denial of Service (PoC)