Varanoid.com

LOVE-LETTER-FOR-YOU.txt.vbs 0

LOVE-LETTER-FOR-YOU.txt.vbs

Valentine’s day is just around the corner and it would not be fair to let the occasion pass us by without reflecting on the colorful, charming, amorous, sometimes exotic world of malware.

Image kohlscash.png 0

Fraudsters Tap Kohl’s Cash for Cold Cash

Scam artists have been using hacked accounts from retailer Kohl’s.com to order high-priced, bulky merchandise that is then shipped to the victim’s home. While the crooks don’t get the stolen merchandise, the unauthorized purchases rack up valuable credits called “Kohl’s cash” that the thieves quickly redeem at Kohl’s locations for items that can be resold for cash or returned for gift cards .

VU#327976: Cisco Adaptive Security Appliance (ASA) IKEv1 and IKEv2 contains a buffer overflow vulnerability 0

VU#327976: Cisco Adaptive Security Appliance (ASA) IKEv1 and IKEv2 contains a buffer overflow vulnerability

Vulnerability Note VU#327976 Cisco Adaptive Security Appliance (ASA) IKEv1 and IKEv2 contains a buffer overflow vulnerability Original Release date: 11 Feb 2016 | Last revised: 11 Feb 2016 Overview Cisco Adaptive Security Appliance (ASA) Internet Key Exchange versions 1 and 2 (IKEv1 and IKEv2) contains a buffer overflow vulnerability that may be leveraged to gain remote code execution. Description CWE-119 : Improper Restriction of Operations within the Bound of a Memory Buffer – CVE-2016-1287 According to the advisory by Exodus Intelligence : The algorithm for re-assembling IKE payloads fragmented with the Cisco fragmentation protocol contains a bounds-checking flaw that allows a heap buffer to be overflowed with attacker-controlled data. A sequence of payloads with carefully chosen parameters causes a buffer of insufficient size to be allocated in the heap which is then overflowed when fragment payloads are copied into the buffer