in Articles, English articles, News
New Android Malware : Infected Million of Google Play Store Users
Android users who have mistakenly downloaded and installed malware on their devices straight from Google Play Store has reached 2 Million. The users have fallen victim to malware hidden in over 40 fake companion guide apps for popular mobile games, such as Pokémon Go and FIFA Mobile, on the official Google Play Store, according to security researchers from Check Point. Affected Applications : Check...
Read More
in Security Advisories & Alerts
Linksys Smart Wi-Fi Vulnerabilities
Description: Cyber security researchers from IOActive said in an advisory that after reverse engineering, the router firmware they identified total of 10 security vulnerabilities, ranging from low-to-high risk issues, six of which can be exploited remotely by unauthenticated attackers. Impact: Because of these vulnerabilities, it allows unauthenticated attackers to create a Denial-of-Service (DoS) condition on the router. Attackers can also bypass the authentication protecting the...
Read More
in Security Advisories & Alerts
Drupal Security Issue SA-CONTRIB-2017-38
Description: The Drupal security team has discovered a critical vulnerability in a third-party module named References. Although this module is no longer maintained, it is currently used within over 120,000 installations. Impact: The Drupal security team did not disclose the technical details about the vulnerability in order to avoid the exploitation of the flaw in the wild. Mitigation: As per drupal.org official page information, if...
Read More
in Security Advisories & Alerts
Cisco Adaptive Security Appliance (ASA) Software CVE-2017-6607 Denial of Service Vulnerability
Description: The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by triggering a DNS request from the Cisco ASA Software and replying with a crafted response. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information. Only traffic directed to...
Read More
in Security Advisories & Alerts
Cisco Adaptive Security Appliance (ASA) Software CVE-2017-6608 Denial of Service Vulnerability
Description: The vulnerability is due to improper parsing of crafted SSL or TLS packets. An attacker could exploit this vulnerability by sending a crafted packet to the affected system. Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be...
Read More
in Security Advisories & Alerts
Cisco ASA Software CVE-2017-6610 Denial of Service Vulnerability
Description: The vulnerability is due to insufficient validation of the IKEv1 XAUTH parameters passed during an IKEv1 negotiation. An attacker could exploit this vulnerability by sending crafted parameters. Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability only affects systems configured in routed firewall mode and in single or multiple context mode. This vulnerability can be triggered by...
Read More
in Security Advisories & Alerts
Cisco ASA Software CVE-2017-6609 Denial of Service Vulnerability
Description: The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to the affected system. Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4...
Read More
in Security Advisories & Alerts
Cisco Unified Communications Manager CVE-2017-3808 Denial of Service Vulnerability
Description: The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. Related CVE: CVE-2017-3808 Impact: A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified...
Read More
in Security Advisories & Alerts
Cisco Firepower System Software CVE-2016-6368 Denial of Service Vulnerability
Description: The vulnerability is due to improper input validation of the fields in the PGM protocol packet. An attacker could exploit this vulnerability by sending a crafted PGM packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. Related CVE: CVE-2016-6368...
Read More