Security Pop Quiz! q137.mp3

News

Packet Storm Security

Security Affairs Looking Glass Cyber securingtomorrow.mcafee.com Quick Heal Threat Post Naked Security ESET CIS
  • Top 10 Malware April 2019 Mon, 20 May 2019 14:10:26 +0000

    The malware variants comprising the Top 10 Malware list for April 2019, is consistent with the previous month’s list. In April, there was simply a shift in the proportion of activity that each malware accounts for. It should be noted that the proportion of Top 10 Malware to Total Malware activity rose above 60% for […]

    The post Top 10 Malware April 2019 appeared first on CIS.

Malware Patrol SecList
  • IT threat evolution Q1 2019. Statistics
    In Q1 2019, Kaspersky Lab solutions blocked attempts to launch one or more types of malware designed to steal money from bank accounts on the computers of 243,604 users and detected attacks using miners on the computers of 1,197,066 users.
MySonicWall

Critical Infrastructure

Case Studies

Tools

Exploits

Last 20 Website Defacements - Zone-h

Press Play to hear the answer!

Advisories

  • Ubuntu Security Notice USN-3957-2 Fri, 24 May 2019 04:58:19 GMT
    Ubuntu Security Notice 3957-2 - USN-3957-1 fixed multiple vulnerabilities in MySQL. This update addresses some of them in MariaDB 5.5. Ubuntu 14.04 LTS has been updated to MariaDB 5.5.64. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
  • Red Hat Security Advisory 2019-1268-01 Thu, 23 May 2019 16:56:50 GMT
    Red Hat Security Advisory 2019-1268-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include wrong permissions in systemd admin-sock due to a missing SocketMode parameter.
  • Red Hat Security Advisory 2019-1269-01 Thu, 23 May 2019 16:56:40 GMT
    Red Hat Security Advisory 2019-1269-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
  • Red Hat Security Advisory 2019-1264-01 Thu, 23 May 2019 16:55:46 GMT
    Red Hat Security Advisory 2019-1264-01 - The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. Issues addressed include wrong permissions in systemd admin-sock due to a missing SocketMode parameter.
  • Red Hat Security Advisory 2019-1267-01 Thu, 23 May 2019 16:55:38 GMT
    Red Hat Security Advisory 2019-1267-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
  • Red Hat Security Advisory 2019-1265-01 Thu, 23 May 2019 16:55:25 GMT
    Red Hat Security Advisory 2019-1265-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
  • Bitbucket Path Traversal / Remote Code Execution Thu, 23 May 2019 16:33:36 GMT
    Bitbucket Data Center had a path traversal vulnerability in the Data Center migration tool. A remote attacker with authenticated user with admin permissions can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Bitbucket Data Center. Bitbucket Server versions without a Data Center license are not vulnerable to this vulnerability. Versions of Bitbucket Server starting with 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.13.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) are affected by this vulnerability.
  • Slackware Security Advisory - curl Updates Thu, 23 May 2019 16:31:30 GMT
    Slackware Security Advisory - New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
  • Debian Security Advisory 4449-1 Thu, 23 May 2019 16:31:23 GMT
    Debian Linux Security Advisory 4449-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
  • Ubuntu Security Notice USN-3977-2 Thu, 23 May 2019 16:30:58 GMT
    Ubuntu Security Notice 3977-2 - USN-3977-1 provided mitigations for Microarchitectural Data Sampling vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for Intel Cherry Trail and Bay Trail processor families. Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
  • Debian Security Advisory 4448-1 Wed, 22 May 2019 23:44:44 GMT
    Debian Linux Security Advisory 4448-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
  • Ubuntu Security Notice USN-3993-2 Wed, 22 May 2019 23:23:23 GMT
    Ubuntu Security Notice 3993-2 - USN-3993-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
  • Ubuntu Security Notice USN-3992-1 Wed, 22 May 2019 14:40:07 GMT
    Ubuntu Security Notice 3992-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
  • Ubuntu Security Notice USN-3993-1 Wed, 22 May 2019 14:39:56 GMT
    Ubuntu Security Notice 3993-1 - Wenchao Li discovered that curl incorrectly handled memory in the curl_url_set function. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
  • Slackware Security Advisory - mozilla-firefox Updates Wed, 22 May 2019 14:39:49 GMT
    Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
  • Ubuntu Security Notice USN-3566-2 Wed, 22 May 2019 14:39:42 GMT
    Ubuntu Security Notice 3566-2 - USN-3566-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or possibly cause a crash, resulting in a denial of service. Various other issues were also addressed.
  • Red Hat Security Advisory 2019-1260-01 Wed, 22 May 2019 14:39:35 GMT
    Red Hat Security Advisory 2019-1260-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an information leakage vulnerability.
  • Red Hat Security Advisory 2019-1259-01 Wed, 22 May 2019 14:39:27 GMT
    Red Hat Security Advisory 2019-1259-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that address security vulnerabilities is now available. The updated version is .NET Core Runtime 2.1.11 and SDK 2.1.507. Issues addressed include a denial of service vulnerability.
  • JSC DFG Incorrect Decision On Behavior Tue, 21 May 2019 23:44:11 GMT
    JSC DFG's doesGC() is incorrect about the HasIndexedProperty operation's behavior on StringObjects.
  • Revive Adserver Weak PRNG Cryptography Tue, 21 May 2019 23:28:05 GMT
    Revive Adserver versions prior to 4.2.1 make use of a cryptographically weak pseudo-random number generator.
  • WebKitGTK+ / WPE WebKit Code Execution Tue, 21 May 2019 23:07:14 GMT
    WebKitGTK+ and WPE WebKit suffer from multiple memory corruption vulnerabilities and various other issues that can lead to code execution. Multiple versions are affected.
  • Ubuntu Security Notice USN-3991-1 Tue, 21 May 2019 23:06:42 GMT
    Ubuntu Security Notice 3991-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting attacks, or execute arbitrary code. Various other issues were also addressed.
  • Red Hat Security Advisory 2019-1258-01 Tue, 21 May 2019 23:06:15 GMT
    Red Hat Security Advisory 2019-1258-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.
  • Ubuntu Security Notice USN-3989-1 Tue, 21 May 2019 23:06:08 GMT
    Ubuntu Security Notice 3989-1 - It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code.
  • Ubuntu Security Notice USN-3990-1 Tue, 21 May 2019 23:05:56 GMT
    Ubuntu Security Notice 3990-1 - It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. Various other issues were also addressed.