A Hacker (likely Hacktivist) claims to have breached the Department of Justice’s network, and has dumped FBI and DHS employee records to prove it. If you think he used some advanced attack to crack the government’s systems, you’d be wrong
If you’re an IT administrator, you probably know that yesterday was Microsoft Patch Day.
Overview of the February 2016 Microsoft patches and their status. # Affected Contra Indications – KB Known Exploits Microsoft rating (**) ISC rating (*) clients servers MS15-009 Cumulative Security Update for Internet Explorer (Replaces MS16-001 ) Internet Explorer CVE-2016-0041 , CVE-2016-0059 , CVE-2016-0060 , CVE-2016-0061 , CVE-2016-0062 , CVE-2016-0063 , CVE-2016-0064 , CVE-2016-0067 , CVE-2016-0068 , CVE-2016-0069 , CVE-2016-0071 , CVE-2016-0072 ,”> MS15-011 Cumulative Security Update for Microsoft Edge (Replaces KB3124266 ) Microsoft Edge CVE-2016-0060 , CVE-2016-0061 , CVE-2016-0062 , CVE-2016-0077 , CVE-2016-0080 ,”> Critical : Anything that needs little to become interesting”> Less Urt practices for servers such as not using outlook, MSIE, word etc
VU#305096: Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium
Vulnerability Note VU#305096 Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium Original Release date: 04 Feb 2016 | Last revised: 05 Feb 2016 Overview Comodo Chromodo browser, version 188.8.131.521, and possibly earlier, bundles the Ad Sanitizer extension, version 184.108.40.206, which disables same origin policy, allowing for the possibility of cross-domain attacks by malicious or compromised web hosts. Chromodo is based on an outdated release of Chromium with known vulnerabilities
VU#777024: Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities
Vulnerability Note VU#777024 Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities Original Release date: 03 Feb 2016 | Last revised: 03 Feb 2016 Overview Netgear Management System NMS300, version 220.127.116.11 and earlier, is vulnerable to arbitrary file upload, which may be leveraged by unauthenticated users to execute arbitrary code with SYSTEM privileges. A directory traversal vulnerability enables authenticated users to download arbitrary files. Description Netgear Management System NMS300 is a configuration, monitoring, and diagnostics utility for managing SNMP networked devices via a web interface
Vulnerability Note VU#719736 Fisher-Price Smart Toy platform allows some unauthenticated web API commands Original Release date: 02 Feb 2016 | Last revised: 02 Feb 2016 Overview The Fisher-Price Smart Toy does not perform proper authentication of some API commands, and it may also use a vulnerable version of Android. Description The Fisher-Price Smart Toy bear is a new WiFi-connected Internet of Things (IoT) toy