Varanoid.com

telnetd rulez: Cisco Ironport WSA Telnetd Remote Code Execution Vulnerability, (Wed, Oct 22nd) 0

telnetd rulez: Cisco Ironport WSA Telnetd Remote Code Execution Vulnerability, (Wed, Oct 22nd)

We received the following vulnerability advisory for a remote code execution vuln identified and reported in Ciscos Ironport WSA Telnetd. Vendor: Cisco Product web page: http://www.cisco.com Affected version: Cisco Ironport WSA – AsyncOS 8.0.5 for Web build 075 Date: 22/05/2014 Credits: Glafkos Charalambous CVE: CVE-2011-4862 CVSS Score: 7.6 Impact: Unauthenticated Remote Code Execution with elevated privileges Description: The Cisco Ironport WSA virtual appliances are vulnerable to an old FreeBSD telnetd encryption Key ID buffer overflow which allows remote attackers to execute arbitrary code (CVE-2011-4862)

TA14-295A: Crypto Ransomware 0

TA14-295A: Crypto Ransomware

Original release date: October 22, 2014 Systems Affected Microsoft Windows Overview Ransomware is a type of malicious software (malware) that infects a computer and restricts access to it until a ransom is paid to unlock it. This Alert is the result of Canadian Cyber Incident Response Centre (CCIRC) analysis in coordination with the United States Department of Homeland Security (DHS) to provide further information about crypto ransomware, specifically to: Present its main characteristics, explain the prevalence of ransomware, and the proliferation of crypto ransomware variants; and Provide prevention and mitigation information

Microsoft Releases Advisory for Unpatched Windows Vulnerability 0

Microsoft Releases Advisory for Unpatched Windows Vulnerability

Original release date: October 22, 2014 Microsoft has released a security advisory to provide recommended mitigations for an unpatched vulnerability, ( CVE-2014-6352 ) which affects all Microsoft Windows releases except Windows Server 2003. This vulnerability could allow an attacker to take control of an affected system if a user opens a specially crafted Microsoft Office file