by CIRT Team
Facebook has got your number – even if it’s not your number [nakedsecurity]
Do you value your Facebook account? Have you linked your phone number to your Facebook account? You could lose access to it if you aren’t careful, according to James Martindale, who discovered a worrisome Facebook authentication vulnerability. Facebook encourages you to give it your phone number “to help secure your account”, and you can link multiple numbers to your account. That means that you –...
Read More
by CIRT Team
Experts warn of an increased availability of DDoS tools online [securityaffairs]
As cyber crime reaches new levels with new malware & viruses being realized online on a daily basis it also becomes apparent that the increase in DDoS tools that require no apparent skills to use them, just providing the IP address it is possible to launch the attack. These tools are becoming more and more available on the Internet.
by CIRT Team
Email Address Submit Threat Spotlight: Is Fireball Adware or Malware? [cylance]
Recently, Fireball malware has garnered a lot of attention by claiming to have spread to 250 million computers. Upon execution, Fireball installs a browser hijacker as well as any number of adware programs. Several different sources have linked different indicators of compromise (IOCs) and varied payloads, but a few details remain the same. In this blog, we will be detailing the Fireball threat and many...
Read More
by CIRT Team
“Bad Taste” Vulnerability Affects Linux Systems via Malicious Windows MSI Files [bleepingcomputer]
Because Windows executables haven’t wreaked enough damage on Windows computers, now you can use malformed MSI files to run malicious code on Linux systems. This scenario is possible because of a vulnerability discovered by German IT expert Nils Dagsson Moskopp, which he named “Bad Taste.” The vulnerability affects GNOME Files, formerly known as Nautilus, the default file manager/explorer for Linux distros using the GNOME desktop.
by CIRT Team
Linux Users Urged to Update as a New Threat Exploits SambaCry [trendmicro]
A seven-year old vulnerability in Samba—an open-source implementation of the SMB protocol used by Windows for file and printer sharing—was patched last May but continues to be exploited. According to a security advisory released by the company, the vulnerability allows a malicious actor to upload a shared library to a writable share, causing the server to load and execute it. If leveraged successfully, an attacker...
Read More
by CIRT Team
QEMU CVE-2017-9524 Denial of Service Vulnerability
Description: The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function. Impact: Attackers can exploit this issue to crash the QEMU instance, resulting in a...
Read More
by CIRT Team
Git CVE-2017-8386 Security Bypass Vulnerability
Description: git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a – (dash) character. Impact: Remote attackers can exploit this issue to bypass certain security restrictions and perform unauthorized...
Read More
by CIRT Team
OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
Description: There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private...
Read More
by CIRT Team
CVE-2017-6746: Cisco Web Security Appliance Command Injection and Privilege Escalation Vulnerability
Description: A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input on the web interface. An attacker could exploit this vulnerability by authenticating to the affected device and performing...
Read More
by CIRT Team
Reyptson Spams Your Friends by Stealing Thunderbird Contacts [bleepingcomputer]
Over the weekend, Emsisoft security researcher xXToffeeXx discovered a new ransomware called Reyptson that is targeting Spanish victims. Since then, we have seen increased activity in the ransomware’s development. Today security researcher MalwareHunterTeam took a deeper look and noticed that Reyptson conducts its own spam distribution campaign directly from a victim’s configured Thunderbird email account.
