Author: Perry Varanoid

Malicious spam continues to serve zip archives of javascript files, (Wed, Jul 29th) 0

Malicious spam continues to serve zip archives of javascript files, (Wed, Jul 29th)

Introduction In January 2015, the Asprox botnet switched from sending malware attachments to spamming pornography and diet-related scams [ 1 ]. Since then, weve noticed an increase is a different type of malicious spam (malspam). This malspam haszip attachments containing javascript files (.js), and ituses the same type of subject lines we saw from the Asprox botnet prior to 2015 [ 1 ].

Internet Systems Consortium (ISC) Releases Security Updates for BIND 0

Internet Systems Consortium (ISC) Releases Security Updates for BIND

Original release date: July 28, 2015 ISC has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial of service condition. Updates available include: BIND 9-version 9.9.7-P2 BIND 9-version 9.10.2-P3 Users and administrators are encouraged to review ISC Knowledge Base Article AA-01272 and apply the necessary updates.

‘Stagefright’ Android Vulnerability 0

‘Stagefright’ Android Vulnerability

Original release date: July 28, 2015 Android devices running Android versions 2.2 through 5.1.1_r4 contain vulnerabilities in the Stagefright media playback engine. Exploitation of these vulnerabilities may allow an attacker to access multimedia files or potentially take control of a vulnerable device. Users and administrators are encouraged to review Vulnerability Note VU#924951 for more information

VU#924951: Android Stagefright contains multiple vulnerabilities 0

VU#924951: Android Stagefright contains multiple vulnerabilities

Vulnerability Note VU#924951 Android Stagefright contains multiple vulnerabilities Original Release date: 28 Jul 2015 | Last revised: 28 Jul 2015 Overview Stagefright is the media playback service for Android, introduced in Android 2.2 (Froyo). Stagefright contains multiple vulnerabilities, including several integer overflows, which may allow a remote attacker to execute code on the device. Description According to a Zimperium zLabs blog post , Android’s Stagefright engine contains multiple vulnerabilities, including several integer overflows, allowing a remote attacker to access files or possibly execute code on the device.

Stagefright Vulnerability in Android Phones 0

Stagefright Vulnerability in Android Phones

The Stagefright vulnerability for Android phones is a bad one. It’s exploitable via a text message (details depend on auto downloading of the particular phone), it runs at an elevated privilege (again, the severity depends on the particular phone — on some phones it’s full privilege), and it’s trivial to weaponize. Imagine a worm that infects a phone and then immediately sends a copy of itself to everyone on that phone’s contact list