Tagged: enterprise

LOVE-LETTER-FOR-YOU.txt.vbs 0

LOVE-LETTER-FOR-YOU.txt.vbs

Valentine’s day is just around the corner and it would not be fair to let the occasion pass us by without reflecting on the colorful, charming, amorous, sometimes exotic world of malware.

Apache Commons Collections Under Attack 0

Apache Commons Collections Under Attack

Two months ago, a Java zero day vulnerability (CVE-2015-4852) that targeted Apache commons collections library was disclosed. This vulnerability is caused by an error when Java applications, which use Apache commons collections library, deserialize o…

"Fractalizing" Security 0

"Fractalizing" Security

Most people are familiar with fractals, if not by name but by appearance. Wikipedia defines a fractal as “…a natural phenomenon or a mathematical set that exhibits a repeating pattern that displays at every scale.” Perhaps the…

VU#916896: Oracle Outside In 8.5.2 contains multiple stack buffer overflows 0

VU#916896: Oracle Outside In 8.5.2 contains multiple stack buffer overflows

Vulnerability Note VU#916896 Oracle Outside In 8.5.2 contains multiple stack buffer overflows Original Release date: 20 Jan 2016 | Last revised: 20 Jan 2016 Overview Oracle Outside In versions 8.5.2 and earlier contain stack buffer overflow vulnerabilities in the parsers for WK4, Doc, and Paradox DB files, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

SB15-355: Vulnerability Summary for the Week of December 14, 2015 0

SB15-355: Vulnerability Summary for the Week of December 14, 2015

Original release date: December 21, 2015 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD , which contains historical vulnerability information.

New CryptoWall Variant In The Wild 0

New CryptoWall Variant In The Wild

CryptoWall, one of the most notorious and successful families of ransomware, continues to rear its head in various campaigns. The CyberThreat Alliance recently released a detailed report on CryptoWall Version 3, exploring how the ranso…

A Crash Course In DLL Hijacking 0

A Crash Course In DLL Hijacking

Overview This week, we heard a lot about a DLL hijacking vulnerability from the security community. It began with a 0-day DLL hijacking in Microsoft Office which was discovered by an independent security researcher named Parvez Anwar.