the mnemonic blog- security news, opinion, research and advice

Date:04.08.15 Author:mnemonic Threat Intelligence

Summary of observations and vulnerabilities for the week of July 27th, 2015

Last week, we received reports of severe vulnerabilities affecting BIND 9 and Android.

Continue reading
Date:27.07.15 Author:mnemonic Threat Intelligence

Summary of observations and vulnerabilities for the week of July 20th, 2015

Last week, Microsoft patched a critical vulnerability affecting all versions of Windows. Google has released a new version of Chrome, WordPress has been updated, and a new vulnerability enabling unlimited password-guesses in OpenSSH was made public.

Continue reading
Date:21.07.15 Author:mnemonic Threat Intelligence

Advisory – Critical vulnerability affecting all versions of Windows (MS15-078)

Summary

On June 20, rumors began circulating that Microsoft was planning to issue an out-of-band security update to address a critical vulnerability affecting all versions of Windows [1].

This evening, Microsoft issued Security Bulletin MS15-078 [2], detailing a vulnerability in the Microsoft Font Driver. More specifically, CVE-2015-2426 is a vulnerability caused by how the Windows Adobe Type Manager Library handles OpenType fonts. The vulnerability enables remote code execution (RCE) if a user opens a specially crafted document, or visits a webpage containing embedded, malicious OpenType fonts. This bulletin replaces the patch issued on July 14 for MS15-077 [3].

Continue reading
Date:21.07.15 Author:mnemonic Threat Intelligence

Summary of observations and vulnerabilities for the week of July 13th, 2015

Last week, zero-day vulnerabilities were reported for Adobe Flash Player and Java. Microsoft ended support for Windows Server 2003 and Security Essentials for Windows XP, and researchers warned of serious weaknesses affecting the RC4 algorithm.

Continue reading
Date:14.07.15 Author:mnemonic Threat Intelligence

Summary of observations and vulnerabilities for the week of July 6th, 2015

Last week, several zero-day vulnerabilities affecting Adobe Flash Player were reported. KINS Malware Builder was leaked, and OpenSSL patched a high-severity vulnerability.

Continue reading